Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please analyze my hijack this log


  • This topic is locked This topic is locked
8 replies to this topic

#1 nonnox15

nonnox15

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:04:36 AM

Posted 16 September 2017 - 07:22 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:01:46 PM, on 9/16/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18792)

FIREFOX: 55.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\WORDsearch 10\ZipScript.exe
C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Dallas\Downloads\HijackThis(8).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?

fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?

LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print

\ewps_tb.dll
O2 - BHO: Norton Identity Safety - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton

AntiVirus\Engine32\22.10.1.10\coIEPlg.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java

\jre1.8.0_144\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre1.8.0_144\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web

Print\ewps_tb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus

\Engine32\22.10.1.10\coIEPlg.dll
O4 - HKLM\..\Run: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop

\CenturyLinkTouchPointAgent.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [ZipScript] C:\Program Files (x86)\WORDsearch 10\ZipScript.exe
O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT

"EPLTarget\P0000000000000000" /M "WF-3520 Series" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT

"EPLTarget\P0000000000000000" /M "WF-3520 Series" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: desktop (2).ini
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software

\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: http://*.webcompanion.com
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:

\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files (x86)\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows

\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file

missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software

\bin\btwdins.exe
O23 - Service: Dell Data Vault Service API (DDVCollectorSvcApi) - Dell Inc. - C:\Program Files\Dell\DellDataVault

\DDVCollectorSvcApi.exe
O23 - Service: Dell Data Vault Collector (DDVDataCollector) - Dell Inc. - C:\Program Files\Dell\DellDataVault

\DDVDataCollector.exe
O23 - Service: Dell Data Vault Processor (DDVRulesProcessor) - Dell Inc. - C:\Program Files\Dell\DellDataVault

\DDVRulesProcessor.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file

missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON

\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files

\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR

\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file

missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin

\Device Interaction Service\GarminService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:

\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService

\2.3.4.7\LavasoftTcpService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware

\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files

(x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine

\22.10.1.10\NAV.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:

\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM

\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

(file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

(file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared

\stllssvr.exe
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell

\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE

(SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR

\SurSvc.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey

\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey

\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files

\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file

missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat

\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion

\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program

Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13903 bytes
Also why when I select "fix selected items" the ites that indicate "file missing" are not deleted.

I run Malwarebytes antimalware, super anti-spyware, and I have Nortons which I run a full scan daily and a disk optimization every few day and I also run CCleaner onoce a week.    Still my computer is slow. 

Any recommendations would be appreciated.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 17 September 2017 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
<<<>>>

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the FRST and Addition.txt logs for my review.

Wait for further instructions.
==============================

#3 nonnox15

nonnox15
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:04:36 AM

Posted 17 September 2017 - 09:17 PM

Here are the saved scans from Farbar.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01
Ran by Dallas (administrator) on DALLAS-PC (17-09-2017 21:56:01)
Running from C:\Users\Dallas\Desktop
Loaded Profiles: Dallas (Available Profiles: Dallas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

========================================================

C:\FRST\FRST64.exe => Win32/Suweezy? - moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\nav.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\nav.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Program Files (x86)\WORDsearch 10\ZipScript.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\conathst.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Farbar) C:\Users\Dallas\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48616 2015-07-21] (CenturyLink Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-23] (SUPERAntiSpyware)
HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\Run: [ZipScript] => C:\Program Files (x86)\WORDsearch 10\ZipScript.exe [3047256 2013-07-30] ()
HKU\S-1-5-21-998115690-2290619701-3606063832-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-03-26] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-08-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Dallas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini [2015-03-06] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2017-03-25] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2017-03-25] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2017-03-25] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2017-03-25] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2017-03-25] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2017-02-03] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2017-02-03] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2017-02-03] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2017-02-03] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [425744 2017-02-03] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{D0252A7B-E2F8-4B89-8F25-B3EE50BEDFF3}: [DhcpNameServer] 192.168.0.1 205.171.2.226

Internet Explorer:
==================
HKU\S-1-5-21-998115690-2290619701-3606063832-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-998115690-2290619701-3606063832-1000 -> {9D0AA7E3-AE06-427D-B5EF-9535BB611DD2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-19] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-19] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-998115690-2290619701-3606063832-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)

FireFox:
========
FF DefaultProfile: qqfaihai.default-1492079863963-1502796660333
FF ProfilePath: C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\qqfaihai.default-1492079863963-1502796660333 [2017-09-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qqfaihai.default-1492079863963-1502796660333 -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\qqfaihai.default-1492079863963-1502796660333 -> hxxps://mg.mail.yahoo.com/d/folders/1
FF Extension: (Search Encrypt) - C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\qqfaihai.default-1492079863963-1502796660333\Extensions\@searchencrypt.xpi [2017-08-20]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\qqfaihai.default-1492079863963-1502796660333\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-08-15]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFAddon [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-998115690-2290619701-3606063832-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dallas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-17] (Citrix Online)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-07-05]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR NewTab: Default ->  Not-active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html", Not-active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default [2017-09-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-05]
CHR Extension: (Yahoo Partner) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2017-08-19]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2017-03-22]
CHR Extension: (Bing) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-03-22]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2017-04-29]
CHR Extension: (Norton Safe) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-04-29]
CHR Extension: (Norton Identity Safe) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-03-22]
CHR Extension: (True Key™ by Intel Security) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2017-07-25]
CHR Extension: (Norton Safe) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-998115690-2290619701-3606063832-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [51712 2007-10-11] (ArcSoft)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [396288 2006-01-17] (Broadcom Corporation.) [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2016-02-05] ()
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2017-03-25] (Lavasoft Limited) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\NAV.exe [326144 2017-08-24] (Symantec Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-03-29] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-29] (Alcatel-Lucent) [File not signed]
R3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [115864 2016-02-05] ()
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2016-02-05] ()
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25232 2017-03-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\BASHDefs\20170908.001\BHDrvx64.sys [1872032 2017-09-07] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\IPSDefs\20170915.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-17] (Malwarebytes)
S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 DellWAL; \??\C:\Program Files\Dell\DellDataVault\DDDriver64Dcsa.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20170418.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20170418.008\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-17 21:56 - 2017-09-17 21:57 - 000026538 _____ C:\Users\Dallas\Desktop\FRST.txt
2017-09-17 21:38 - 2017-09-17 21:46 - 002399744 _____ (Farbar) C:\Users\Dallas\Desktop\FRST64(1).exe
2017-09-17 20:01 - 2017-09-17 20:02 - 009279328 _____ C:\Users\Dallas\Downloads\Tent Revival 2017 PersInvitesSheet ps(1).pdf
2017-09-17 01:55 - 2017-09-17 01:55 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-09-16 22:24 - 2017-09-16 22:24 - 000001634 _____ C:\Users\Dallas\Documents\cc_20170916_222444.reg
2017-09-16 22:24 - 2017-09-16 22:24 - 000000082 _____ C:\Users\Dallas\Documents\cc_20170916_222427.reg
2017-09-16 19:02 - 2017-09-16 19:03 - 000013905 _____ C:\Users\Dallas\Desktop\hijackthis 9-16-2017.txt
2017-09-16 19:00 - 2017-09-16 19:00 - 000388608 _____ (Trend Micro Inc.) C:\Users\Dallas\Downloads\HijackThis(8).exe
2017-09-16 15:24 - 2017-09-16 15:24 - 000267016 _____ C:\Users\Dallas\Downloads\Every%20Generation%20Must%20Fight%20the%20Same%20Battles%20Again%20%26%20Again.pdf
2017-09-15 13:03 - 2017-09-15 13:03 - 000000000 ____D C:\Users\Dallas\AppData\Roaming\PCDr
2017-09-15 07:05 - 2017-09-15 13:02 - 000000000 ____D C:\ProgramData\PCDr
2017-09-15 06:43 - 2017-09-15 06:43 - 000000732 _____ C:\Users\Dallas\Desktop\JRT.txt
2017-09-15 00:30 - 2017-09-15 00:30 - 000001634 _____ C:\Users\Dallas\Documents\cc_20170915_003026.reg
2017-09-15 00:29 - 2017-09-15 00:29 - 000001740 _____ C:\Users\Dallas\Documents\cc_20170915_002853.reg
2017-09-14 21:44 - 2017-09-14 21:45 - 009826968 _____ (Piriform Ltd) C:\Users\Dallas\Downloads\ccsetup534.exe
2017-09-14 21:02 - 2017-09-14 21:02 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-14 21:01 - 2017-09-17 13:55 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-14 21:01 - 2017-09-16 22:41 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-14 21:01 - 2017-09-16 22:41 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-14 21:01 - 2017-09-16 22:41 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-14 21:01 - 2017-09-14 21:01 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-14 21:01 - 2017-09-14 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-14 21:01 - 2017-09-14 21:01 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-14 21:01 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-14 21:00 - 2017-09-14 21:00 - 000000000 ____D C:\ProgramData\MB2Migration
2017-09-13 22:58 - 2017-09-13 22:58 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-09-13 22:57 - 2017-09-13 22:57 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-12 21:12 - 2017-08-19 11:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-12 21:12 - 2017-08-19 11:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-12 21:12 - 2017-08-16 11:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-12 21:12 - 2017-08-16 11:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-12 21:12 - 2017-08-16 10:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-12 21:12 - 2017-08-15 21:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-12 21:12 - 2017-08-15 20:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-12 21:12 - 2017-08-15 11:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-12 21:12 - 2017-08-15 11:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-12 21:12 - 2017-08-15 11:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-12 21:12 - 2017-08-15 11:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-12 21:12 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-12 21:12 - 2017-08-15 10:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-12 21:12 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-12 21:12 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-12 21:12 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-12 21:12 - 2017-08-14 13:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-12 21:12 - 2017-08-14 13:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-12 21:12 - 2017-08-14 13:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-12 21:12 - 2017-08-14 13:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-12 21:12 - 2017-08-14 13:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-12 21:12 - 2017-08-14 13:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-12 21:12 - 2017-08-14 13:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-12 21:12 - 2017-08-14 13:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-12 21:12 - 2017-08-13 17:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-12 21:12 - 2017-08-13 17:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-12 21:12 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-12 21:12 - 2017-08-13 13:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-12 21:12 - 2017-08-13 13:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-12 21:12 - 2017-08-13 13:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-12 21:12 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-12 21:12 - 2017-08-13 13:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-12 21:12 - 2017-08-13 13:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-12 21:12 - 2017-08-13 13:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-12 21:12 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-12 21:12 - 2017-08-13 12:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-12 21:12 - 2017-08-13 12:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-12 21:12 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-12 21:12 - 2017-08-13 12:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-12 21:12 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-12 21:12 - 2017-08-13 12:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-12 21:12 - 2017-08-13 12:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-12 21:12 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-12 21:12 - 2017-08-13 12:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-12 21:12 - 2017-08-13 12:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-12 21:12 - 2017-08-13 12:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-12 21:12 - 2017-08-13 12:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-12 21:12 - 2017-08-13 12:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-12 21:12 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-12 21:12 - 2017-08-13 12:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-12 21:12 - 2017-08-13 12:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-12 21:12 - 2017-08-13 12:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-12 21:12 - 2017-08-13 12:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-12 21:12 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-12 21:12 - 2017-08-13 12:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-12 21:12 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-12 21:12 - 2017-08-13 12:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-12 21:12 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-12 21:12 - 2017-08-13 12:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-12 21:12 - 2017-08-13 12:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-12 21:12 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-12 21:12 - 2017-08-13 12:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-12 21:12 - 2017-08-13 12:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-12 21:12 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-12 21:12 - 2017-08-13 12:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-12 21:12 - 2017-08-13 12:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-12 21:12 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-12 21:12 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-12 21:12 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-12 21:12 - 2017-08-13 12:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-12 21:12 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-12 21:12 - 2017-08-13 12:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-12 21:12 - 2017-08-13 12:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-12 21:12 - 2017-08-13 12:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-12 21:12 - 2017-08-13 11:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-12 21:12 - 2017-08-13 11:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-12 21:12 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-12 21:12 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-12 21:12 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-12 21:12 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-12 21:12 - 2017-08-13 11:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-12 21:12 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-12 21:12 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-12 21:12 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-12 21:12 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-12 21:12 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-12 21:12 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-12 21:12 - 2017-08-11 02:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-12 21:12 - 2017-08-11 02:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-12 21:12 - 2017-08-11 02:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-12 21:12 - 2017-08-11 02:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-12 21:12 - 2017-08-11 02:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-12 21:12 - 2017-08-11 02:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-12 21:12 - 2017-08-11 02:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-12 21:12 - 2017-08-11 02:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-12 21:12 - 2017-08-11 02:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-12 21:12 - 2017-08-11 02:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-12 21:12 - 2017-08-11 02:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-12 21:12 - 2017-08-11 02:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 02:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-12 21:12 - 2017-08-11 02:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-12 21:12 - 2017-08-11 02:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-12 21:12 - 2017-08-11 02:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-12 21:12 - 2017-08-11 02:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-12 21:12 - 2017-08-11 02:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-12 21:12 - 2017-08-11 02:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-12 21:12 - 2017-08-11 02:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-12 21:12 - 2017-08-11 02:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-12 21:12 - 2017-08-11 02:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-12 21:12 - 2017-08-11 02:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-12 21:12 - 2017-08-11 02:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-12 21:12 - 2017-08-11 02:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-12 21:12 - 2017-08-11 01:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-12 21:12 - 2017-08-11 01:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-12 21:12 - 2017-08-11 01:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-12 21:12 - 2017-08-11 01:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-12 21:12 - 2017-08-11 01:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-12 21:12 - 2017-08-11 01:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-12 21:12 - 2017-08-11 01:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-12 21:12 - 2017-08-11 01:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-12 21:12 - 2017-08-11 01:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-12 21:12 - 2017-08-11 01:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-12 21:12 - 2017-08-11 01:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-12 21:12 - 2017-08-11 01:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-12 21:12 - 2017-08-11 01:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-12 21:12 - 2017-08-11 01:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 01:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 01:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-12 21:12 - 2017-08-11 01:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-12 21:12 - 2017-07-07 11:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-12 21:12 - 2017-07-07 11:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-12 11:47 - 2017-09-12 11:47 - 001547643 _____ C:\Users\Dallas\Downloads\Rose_Bible_eCharts_Bible_Reliability_0917.pdf
2017-09-09 15:29 - 2017-09-09 15:29 - 009279328 _____ C:\Users\Dallas\Downloads\Tent Revival 2017 PersInvitesSheet ps.pdf
2017-09-09 13:12 - 2017-09-09 13:12 - 008740073 _____ C:\Users\Dallas\Downloads\Fall Revival 2017 flyer ps.pdf
2017-09-09 13:09 - 2017-09-09 13:09 - 007421650 _____ C:\Users\Dallas\Downloads\Tent Revival 2017 Flyer (1)(1).pdf
2017-09-09 11:32 - 2017-09-09 11:33 - 007421650 _____ C:\Users\Dallas\Downloads\Tent Revival 2017 Flyer (1).pdf
2017-09-09 10:46 - 2017-09-09 10:47 - 009593272 _____ C:\Users\Dallas\Downloads\Fall Revival 2017 PersInvites Sheet ps.pdf
2017-09-09 09:16 - 2017-09-09 09:16 - 000997108 _____ C:\Users\Dallas\Downloads\2017-08 Ben Hamilton Prayer Letter.pdf
2017-09-09 08:57 - 2017-09-09 08:57 - 000012969 _____ C:\Users\Dallas\Documents\The Big Sale.odt
2017-09-06 07:22 - 2017-09-06 07:23 - 000002582 _____ C:\Users\Dallas\Documents\cc_20170906_072243.reg
2017-09-06 07:09 - 2017-09-06 07:10 - 009791816 _____ (Piriform Ltd) C:\Users\Dallas\Downloads\ccsetup533(1).exe
2017-09-05 11:39 - 2017-09-05 11:41 - 015856947 _____ C:\Users\Dallas\Downloads\Rose_Bible_eCharts_End_Times_Prophecy.pdf
2017-09-03 07:43 - 2017-09-03 07:43 - 000000000 ____D C:\Windows\System32\Tasks\Norton AntiVirus
2017-09-03 07:39 - 2017-09-03 07:43 - 032544245 _____ C:\Users\Dallas\Downloads\ElectromagneticTheory_10008886.pdf
2017-09-03 07:35 - 2017-09-03 07:35 - 000003220 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-09-02 20:34 - 2017-09-02 20:34 - 000000000 ____D C:\Users\Dallas\AppData\Roaming\EurekaLog
2017-09-01 14:29 - 2017-09-01 14:32 - 031774581 _____ C:\Users\Dallas\Downloads\AHigherEnglishGrammar_10003175.pdf
2017-08-31 08:05 - 2017-08-31 08:06 - 007799368 _____ C:\Users\Dallas\Downloads\Rose_Bible_eCharts_SGTB_11_Bible_Places.pdf
2017-08-31 06:37 - 2017-08-31 06:37 - 002935993 _____ C:\Users\Dallas\Downloads\MasteryofSpeech_10671170.pdf
2017-08-31 06:37 - 2017-08-31 06:37 - 002935993 _____ C:\Users\Dallas\Downloads\MasteryofSpeech_10671170(1).pdf
2017-08-30 09:53 - 2017-08-30 09:54 - 007996079 _____ C:\Users\Dallas\Downloads\Light_10461490.pdf
2017-08-29 07:19 - 2017-08-29 07:22 - 025379073 _____ C:\Users\Dallas\Downloads\AManualofElectricityMagnetismandMeteorology_10032993.pdf
2017-08-28 07:37 - 2017-08-28 07:41 - 043562004 _____ C:\Users\Dallas\Downloads\Kodakery_10252091.pdf
2017-08-28 07:36 - 2017-08-28 07:36 - 000005862 _____ C:\Users\Dallas\Documents\cc_20170828_073646.reg
2017-08-27 07:46 - 2017-08-27 07:48 - 015539149 _____ C:\Users\Dallas\Downloads\ElectricityMadeSimpleandTreatedNonTechnically_10024422.pdf
2017-08-26 19:52 - 2017-08-26 19:52 - 000256995 _____ C:\Users\Dallas\Downloads\TS-Characteristics-of the-Wise-062911.pdf
2017-08-24 14:29 - 2017-08-24 14:30 - 006570629 _____ C:\Users\Dallas\Downloads\463436213 English.pdf
2017-08-23 15:59 - 2017-08-23 15:59 - 004521716 _____ C:\Users\Dallas\Downloads\Rose_Bible_eCharts_TCJB_12_Jewish_Themes(3).pdf
2017-08-23 15:58 - 2017-08-23 15:58 - 004521716 _____ C:\Users\Dallas\Downloads\Rose_Bible_eCharts_TCJB_12_Jewish_Themes(2).pdf
2017-08-23 15:57 - 2017-08-23 15:57 - 004521716 _____ C:\Users\Dallas\Downloads\Rose_Bible_eCharts_TCJB_12_Jewish_Themes.pdf
2017-08-23 15:57 - 2017-08-23 15:57 - 004521716 _____ C:\Users\Dallas\Downloads\Rose_Bible_eCharts_TCJB_12_Jewish_Themes(1).pdf
2017-08-22 20:26 - 2017-08-22 20:26 - 000039626 _____ C:\Users\Dallas\Documents\Dr Edward Smith 1999 speech.odt
2017-08-22 20:26 - 2017-08-22 20:26 - 000000000 ____D C:\Users\Dallas\Documents\Confederate Statue Issue
2017-08-22 03:46 - 2017-08-22 03:47 - 013075933 _____ C:\Users\Dallas\Downloads\TheHistoricExodus_10053940(1).pdf
2017-08-20 14:53 - 2017-08-20 15:01 - 092134867 _____ C:\Users\Dallas\Downloads\TheJewishEncyclopedia_10018334.pdf
2017-08-19 02:03 - 2017-08-19 02:03 - 000000000 ____D C:\Users\Dallas\AppData\Roaming\Yahoo
2017-08-19 01:59 - 2017-08-19 01:58 - 000110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-08-18 15:32 - 2017-08-18 15:32 - 000536635 _____ C:\Users\Dallas\Downloads\Break Every Chain.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-17 21:56 - 2016-07-18 15:05 - 000000000 ____D C:\FRST
2017-09-17 21:31 - 2015-12-04 01:56 - 000000000 ____D C:\Users\Dallas\AppData\Roaming\SwordSearcher 5
2017-09-17 20:04 - 2015-12-07 12:25 - 000000000 ____D C:\Users\Dallas\Documents\Computer
2017-09-17 19:57 - 2017-03-26 22:00 - 000000000 ____D C:\Users\Dallas\Documents\Efficient Organizer AutoBackup
2017-09-17 19:57 - 2017-03-26 21:26 - 004292608 _____ C:\Users\Dallas\Documents\MyCalendar.ecfw
2017-09-17 19:57 - 2017-01-25 11:47 - 000000000 ____D C:\ProgramData\firebird
2017-09-17 17:54 - 2017-06-30 13:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-17 03:31 - 2017-03-22 06:17 - 000011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-17 03:31 - 2017-03-22 06:17 - 000011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-17 00:34 - 2015-12-04 02:13 - 000000000 ____D C:\Users\Dallas\Documents\SwordSearcher User Modules
2017-09-16 23:11 - 2017-04-22 09:55 - 000000000 ___RD C:\Users\Dallas\iCloudDrive
2017-09-16 22:40 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-16 22:38 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-09-16 22:37 - 2016-02-17 18:14 - 000002082 _____ C:\Users\Dallas\PrintMaster-6-Platinum.prefs
2017-09-16 21:16 - 2017-03-26 18:02 - 000000000 ____D C:\Users\Dallas\Downloads\chrome
2017-09-16 20:15 - 2015-12-07 12:25 - 000000000 ____D C:\Users\Dallas\Documents\Documents on Dallas's PDA
2017-09-16 15:58 - 2016-01-04 11:40 - 000000000 ____D C:\Users\Dallas\AppData\Local\CrashDumps
2017-09-15 22:42 - 2015-12-07 12:29 - 000000000 ____D C:\Users\Dallas\Documents\Funnies
2017-09-15 18:13 - 2016-11-20 09:02 - 000000000 ____D C:\Users\Dallas\AppData\LocalLow\Mozilla
2017-09-15 12:58 - 2017-03-29 06:25 - 000000000 ____D C:\Users\Dallas\AppData\Local\ApplicationHistory
2017-09-15 12:53 - 2015-12-12 19:16 - 000000000 ____D C:\Users\Dallas\AppData\Roaming\Nitro PDF
2017-09-15 12:53 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-09-14 21:51 - 2016-10-02 02:37 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-14 21:01 - 2015-12-04 10:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-14 21:01 - 2015-12-04 10:57 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-09-13 22:57 - 2016-01-11 17:56 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-13 09:10 - 2015-12-04 02:12 - 000000000 ____D C:\Users\Dallas\Documents\Personal
2017-09-13 04:09 - 2009-07-14 01:13 - 000795138 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-13 04:00 - 2009-07-14 00:45 - 001388568 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-13 03:38 - 2015-12-04 09:20 - 000000000 ____D C:\Windows\system32\MRT
2017-09-13 03:27 - 2017-03-25 09:00 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-13 03:06 - 2017-03-22 06:20 - 000787752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-12 22:40 - 2017-08-08 20:39 - 005680640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-09-12 22:40 - 2016-04-28 06:57 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-12 22:40 - 2015-12-07 22:22 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-12 22:40 - 2015-12-07 22:22 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-12 22:40 - 2015-12-07 22:22 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-12 22:40 - 2015-12-07 22:22 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-12 22:40 - 2015-12-07 22:22 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-12 07:38 - 2016-02-16 12:29 - 000000000 ____D C:\Program Files (x86)\PrintMaster Platinum 18
2017-09-11 02:16 - 2017-05-17 09:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-09-10 22:18 - 2015-12-07 12:29 - 000000000 ____D C:\Users\Dallas\Documents\Grace Baptist Temple
2017-09-10 10:16 - 2017-04-10 09:59 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-10 00:39 - 2015-12-04 02:20 - 000000000 ____D C:\Users\Dallas\Documents\Missionary Prayer Letters
2017-09-09 09:39 - 2016-04-21 20:51 - 000003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1461286292
2017-09-09 09:39 - 2016-04-21 20:51 - 000000000 ____D C:\Program Files (x86)\Opera
2017-09-06 17:39 - 2015-12-04 02:12 - 000000000 ____D C:\Users\Dallas\Documents\PrintMaster Projects
2017-09-03 08:09 - 2016-06-23 06:28 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-03 07:35 - 2016-01-03 21:46 - 000000000 ____D C:\Windows\system32\Drivers\NAVx64
2017-09-03 07:34 - 2017-04-16 09:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus Online
2017-09-02 23:01 - 2017-08-11 16:30 - 000000000 ____D C:\Users\Dallas\AppData\Local\WORDsearch 10
2017-09-02 01:28 - 2009-07-14 01:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-31 13:38 - 2015-12-07 12:30 - 000000000 ____D C:\Users\Dallas\Documents\Health
2017-08-31 05:05 - 2017-04-10 09:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 17:00 - 2015-12-16 10:53 - 000000000 ____D C:\Users\Dallas\AppData\Roaming\Audacity
2017-08-29 00:06 - 2015-12-07 12:29 - 000000000 ____D C:\Users\Dallas\Documents\Employment
2017-08-28 17:28 - 2016-10-12 16:15 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-28 17:28 - 2015-12-04 11:03 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-27 02:10 - 2015-12-04 07:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-24 22:39 - 2015-12-07 09:14 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-24 10:47 - 2016-08-31 10:39 - 000000000 ____D C:\Users\Dallas\Documents\Drugs
2017-08-23 10:08 - 2015-12-04 04:19 - 000000000 ____D C:\Users\Dallas\Songs
2017-08-22 21:05 - 2015-12-04 02:12 - 000000000 ____D C:\Users\Dallas\Documents\Political
2017-08-21 20:28 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-19 08:19 - 2016-11-11 12:04 - 000000000 ____D C:\ProgramData\Oracle
2017-08-19 02:00 - 2016-11-11 12:32 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-19 02:00 - 2016-11-11 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-19 01:59 - 2016-11-11 12:53 - 000000000 ____D C:\Program Files\Java
2017-08-19 01:58 - 2016-11-11 12:54 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-08-19 01:56 - 2017-01-23 23:45 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-18 02:14 - 2016-06-17 14:46 - 000000000 ____D C:\Users\Dallas\Documents\Food

==================== Files in the root of some directories =======

2015-12-04 01:55 - 2015-03-04 21:40 - 000000006 ___SH () C:\Users\Dallas\AppData\Roaming\desktop (2).ini
2017-02-01 09:30 - 2017-03-24 23:47 - 000000146 _____ () C:\Users\Dallas\AppData\Roaming\gamma_ramp.reg
2017-03-29 09:01 - 2017-03-29 09:01 - 000027136 ___SH () C:\Users\Dallas\AppData\Roaming\Thumbs.db
2016-02-19 17:36 - 2017-03-22 08:36 - 000019064 _____ () C:\Users\Dallas\AppData\Roaming\UserTile.png
2017-03-22 08:59 - 2017-03-22 09:25 - 000000831 _____ () C:\Users\Dallas\AppData\Local\Win7_tmp1.htm

Files to move or delete:
====================
C:\Users\Dallas\PM_Platinum_6.0.6_update.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-25 08:04

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by Dallas (17-09-2017 21:58:18)
Running from C:\Users\Dallas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-03-25 03:44:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-998115690-2290619701-3606063832-500 - Administrator - Disabled)
ASPNET (S-1-5-21-998115690-2290619701-3606063832-1002 - Limited - Enabled)
Dallas (S-1-5-21-998115690-2290619701-3606063832-1000 - Administrator - Enabled) => C:\Users\Dallas
Guest (S-1-5-21-998115690-2290619701-3606063832-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-998115690-2290619701-3606063832-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus Online (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus Online (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Utilities (HKLM\...\{DD81716F-C82C-43C4-8D91-AA4541595544}) (Version: 128.0.0 - Manufacturer)
7-Zip 16.01 (HKLM-x32\...\7-Zip) (Version: 16.01 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader for Palm OS, 3.05 (HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\Adobe Reader for Palm OS) (Version:  - )
American Greetings® Art & More Store (HKLM-x32\...\American Greetings® Art & More Store) (Version:  - )
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{A484D9E8-166E-41B0-8F5E-4C3965D2DE84}) (Version:  - ArcSoft)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Bible Study 6 (HKLM-x32\...\{0AEB557D-0062-43B0-B026-974408D0FE4B}) (Version: 6.0.23.1953 - Olive Tree Bible Software) Hidden
Bible Study 6 (HKLM-x32\...\{685a0c65-261a-4b7b-8eb9-592494272581}) (Version: 6.0.23.1953 - Olive Tree Bible Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
CoolUtils Mail Viewer (HKLM-x32\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell)
Dell System Detect - 1  (HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.65 - NCH Software)
DrawPad Graphics Editor (HKLM-x32\...\DrawPad) (Version: 2.39 - NCH Software)
DriverUpdate (HKLM-x32\...\{44E388BE-45EC-4DE3-B837-E2BEF5F9FA5C}) (Version: 2.5.4 - Slimware Utilities Holdings, Inc.)
Efficient Calendar Free 5.22 (HKLM-x32\...\Efficient Calendar Free_is1) (Version:  - Efficient Software)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Express Animate (HKLM-x32\...\ExpressAnimate) (Version: 2.05 - NCH Software)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6272.0 - IDT)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Driver Update Utility 2.4 (HKLM-x32\...\{1766DD04-5D4D-40BC-953A-D80624BCC063}) (Version: 2.4.0.7 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Iris mini - Software for eye protection (HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\IrisTech Iris mini) (Version: "0.3.0" - "IrisTech")
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KeePass Password Safe 1.33 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.33 - Dominik Reichl)
LibreOffice 5.3.4.2 (HKLM-x32\...\{E8FF8837-CDA1-462A-925B-2DA1FE7E263E}) (Version: 5.3.4.2 - The Document Foundation)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version:  - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.63.3.3 - Marvell)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Streets & Trips 2008 (HKLM-x32\...\{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}) (Version: 15.0.17.1600 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0 (x64 en-US)) (Version: 53.0 - Mozilla)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 en-US)) (Version: 52.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Norton AntiVirus Online (HKLM-x32\...\NAV) (Version: 22.10.1.10 - Symantec Corporation)
Online Bible 13.00.02 (HKLM-x32\...\OnlineBible) (Version:  - )
Online Bible 13.00.02 (HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\OnlineBible) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 36.0.2130.80 (HKLM-x32\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Opera Stable 47.0.2631.80 (HKLM-x32\...\Opera 47.0.2631.80) (Version: 47.0.2631.80 - Opera Software)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.85 - NCH Software)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 3.08 - NCH Software)
Power BibleCD (HKLM-x32\...\BibleCD) (Version:  - )
Power BibleCD 5.9 (HKLM-x32\...\{0E24B3CA-9F2C-4831-8541-B207014DE36F}) (Version: 5.9.0000 - Online Publishing, Inc.)
PrintMaster 6 Platinum (HKLM-x32\...\0832-3492-6567-1002) (Version: 6.0.6.146 - Encore Software Inc.)
PrintMaster Platinum 18 (HKLM-x32\...\{EBD9A954-6C1A-4E9F-A098-C98653035381}) (Version: 18.00.0000 - Broderbund Software)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM-x32\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Sonic Activation Module (HKLM-x32\...\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}) (Version: 1.0 - Sonic Solutions) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
SwordSearcher 7.1.1.2 (HKLM-x32\...\SwordSearcher_5_InnoSetup_is1) (Version: 7.1.1.2 - StudyLamp Software LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VD64Inst (HKLM\...\{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.63 - NCH Software)
Web Companion (HKLM-x32\...\{09a939ff-3400-4b3d-9d33-528cd999425c}) (Version: 2.3.1528.2969 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.1500 -  )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WORDsearch 10 (HKLM-x32\...\{4420F521-D5EC-487D-9AAB-AD30AF903A52}) (Version: 10 - WORDsearch Corp) Hidden
WORDsearch 10 (HKLM-x32\...\WORDsearch 10) (Version:  - LifeWay)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1-x32: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Easy CD creator 8\Virtual Drive\DC_ShellExt64.dll [2006-09-21] (Sonic Solutions)
ContextMenuHandlers1-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers2: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Easy CD creator 8\Virtual Drive\DC_ShellExt64.dll [2006-09-21] (Sonic Solutions)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov)
ContextMenuHandlers6-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6-x32: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Easy CD creator 8\Virtual Drive\DC_ShellExt64.dll [2006-09-21] (Sonic Solutions)
ContextMenuHandlers6-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {069AC07C-73CA-480E-B608-7064D282C820} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {0F7612AC-AE33-4054-A609-0BC8FFED8A4D} - System32\Tasks\{EC7148D6-9C6E-484F-9C77-BC60A4F3E446} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\MMailWiz4.exe"
Task: {1397B134-A29A-4A17-88B6-75E7B3672F8F} - System32\Tasks\SpeedFixToolSoftware_Popup => C:\Program Files (x86)\Speed Fix Tool Software\Splash.exe
Task: {238BD377-607C-4533-B075-F5C2F712999F} - System32\Tasks\{5478E14F-F5FF-4701-8641-BCFFD575FFED} => C:\Windows\system32\pcalua.exe -a C:\Users\Dallas\Downloads\PalmDesktopWin62.exe -d C:\Users\Dallas\Downloads
Task: {2F974726-867A-459B-A607-A2F3602B4D05} - System32\Tasks\Norton AntiVirus\Norton AntiVirus Online Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {2FCB4BDB-98EA-4E5B-9B4E-B8237ECEF389} - System32\Tasks\SpeedFixToolSoftware_Start => C:\Program Files (x86)\Speed Fix Tool Software\SpeedFixToolSoftware.exe
Task: {38B58374-0076-421D-9BC6-AD67993E836D} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {4A48F8EB-4829-410A-AF54-B038D0786A2F} - System32\Tasks\Opera scheduled Autoupdate 1461286292 => C:\Program Files (x86)\Opera\launcher.exe [2017-09-06] (Opera Software)
Task: {50EC36E4-D393-437E-A3C2-AD4B525D9DF6} - System32\Tasks\{CC6553E6-88DF-4A0A-876C-635EBBA58AE0} => C:\Windows\system32\pcalua.exe -a D:\INSTALL\INSTMSIA.EXE -d D:\INSTALL
Task: {68C76EEB-966D-45A3-9399-D407DDEC6B13} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {6A6BBF9D-EF53-4347-95FC-E3F649DA9E18} - System32\Tasks\Process Explorer-Dallas-PC-Dallas => C:\USERS\DALLAS\APPDATA\LOCAL\TEMP\TEMP1_PROCESSEXPLORER.ZIP\PROCEXP.EXE <==== ATTENTION
Task: {6E33A6E5-13F8-4392-8A7F-1AAEC6038904} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {71A6AEF2-9AB2-483D-BC25-1EED2B1643FC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {818FA996-2A6C-4B74-8ADD-E9CF7022E08D} - System32\Tasks\{5793D23B-4B7A-4FAD-96E4-5AB6C9C42259} => C:\Windows\system32\pcalua.exe -a C:\Users\Dallas\Downloads\setup(2).exe -d C:\Users\Dallas\Downloads
Task: {8C3CEA6B-5C91-4B41-AA87-7D97667A8C83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {8C8B7447-ED1D-4241-B206-98D5D2435C1B} - System32\Tasks\{6C9AD00F-3F2B-41BE-998E-9A2983B1076C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\QuickInstall.exe" -d "C:\Program Files (x86)\palmOne\"
Task: {986D7874-AB96-4DC7-97D1-6164ED431142} - System32\Tasks\{D7C49C27-04A9-43CA-9665-4CBCFBCC86DA} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {99ADF9EA-1850-4D6A-89BD-FFDAAA1A5B54} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {B22D98D6-A48E-4585-BCDC-FCADA350EBBD} - System32\Tasks\{BFAA2B33-6CD9-4BF5-A6EF-A438722D4011} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\QuickInstall.exe" -d "C:\Program Files (x86)\palmOne\"
Task: {B3F9AA52-FBD0-4CC7-9A30-FBFF00D43EA8} - System32\Tasks\{C5876957-111C-4AC1-9A3E-04B3A4489917} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {B6CE9F03-9179-4120-B0B1-42063CE19F74} - System32\Tasks\{750B49EB-8E4E-491D-B731-28C67D45D18C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\Instapp.exe" -d "C:\Program Files (x86)\palmOne\"
Task: {BD54C139-D74E-4BA9-8C0E-2791A803D98B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
Task: {BD7E2208-EE22-4B21-9491-795DE5A62256} - C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => Command(1): %systemroot%\system32\netsh.exe -> interface tcp set heuristic wsh=default
Task: {BD7E2208-EE22-4B21-9491-795DE5A62256} - C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => Command(2): %systemroot%\system32\schtasks.exe -> /delete /tn "\Microsoft\Windows\Tcpip\WSHReset" /f
Task: {BFFC423C-3304-48AF-A948-272C44BB497B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: {C0C5E200-F322-454E-A281-1CDBCED76CEE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus Online\Upgrade.exe [2017-08-24] (Symantec Corporation)
Task: {C1C995AF-7BC6-47A1-891B-06ED6624A8D6} - System32\Tasks\{7D1C93BE-E037-4B63-992A-E5756E5B0998} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {CA23B5B6-B89D-4FF8-8EFD-43F8A2FDAC3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {CBE0574D-819C-437D-9EBB-3CBE537A0189} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {CEDA370B-C103-4972-9978-1DA51812B1B2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {D802E097-289A-4D55-B511-1CAA747EC146} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E10C0107-CFE9-4E17-B1D0-8BE11F895B67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {E8A8568A-2544-45D0-84EF-DDB170B7A112} - System32\Tasks\Norton AntiVirus\Norton AntiVirus Online Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED2C4A79-D923-411A-8569-989C444A99AC} - System32\Tasks\{84416ACF-702C-4358-87AA-5F87A570F218} => C:\Windows\system32\pcalua.exe -a D:\INSTALL\INSTMSIW.EXE -d D:\INSTALL
Task: {F41D2D73-0199-4CC9-93FC-BB4F36310040} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dallas => C:\Program Files\Windows Calendar\WinCal.exe
Task: {FE0C1F35-11D1-4EDC-BBD2-ACB472270ECB} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {FEC97E8D-6232-48FF-887A-FEB584EDC413} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\WSCStub.exe [2017-08-24] (Symantec Corporation)
Task: {FFBB1669-7931-4B35-9680-FC4C03A27ED6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Dallas\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

ShortcutWithArgument: C:\Users\Dallas\Desktop\centurylink.net.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.centurylink.net

==================== Loaded Modules (Whitelisted) ==============

2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-02-05 16:13 - 2016-02-05 16:13 - 000115864 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-02-03 09:56 - 2017-03-25 00:00 - 000025232 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-02-03 09:56 - 2017-03-25 00:00 - 000017048 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-02-03 09:56 - 2017-03-25 00:00 - 000037008 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-09-14 21:01 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-03-07 16:31 - 2016-02-05 16:20 - 000414360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-03-07 16:31 - 2016-02-05 16:26 - 000709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-03-07 16:31 - 2016-02-05 16:23 - 000130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-03-07 16:31 - 2016-02-05 16:24 - 000025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-03-07 16:31 - 2016-02-05 16:24 - 000059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-03-07 16:31 - 2016-02-05 16:24 - 000194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-03-07 16:31 - 2016-02-05 16:25 - 000159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-03-07 16:31 - 2016-02-05 16:25 - 000158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-03-07 16:31 - 2016-02-05 16:25 - 000050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-03-07 16:31 - 2016-02-05 16:23 - 000032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2006-01-17 11:30 - 2006-01-17 11:30 - 000049152 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-07-30 16:13 - 2013-07-30 16:13 - 003047256 _____ () C:\Program Files (x86)\WORDsearch 10\ZipScript.exe
2016-03-07 16:31 - 2016-02-05 16:16 - 000458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-03-07 16:31 - 2016-02-05 16:25 - 000188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2017-07-05 05:33 - 2017-06-27 11:15 - 066355808 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 000326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2006-11-05 14:28 - 2006-11-05 14:28 - 004587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dallas\Desktop\chrome:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Desktop\OpenOffice 4.1.1 (en-US) Installation Files:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Car Search:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Confederate Statue Issue:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Efficient Organizer AutoBackup:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Grandkids:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\WORDsearch:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\WORDsearch Backups:Roxio EMC Stream [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-998115690-2290619701-3606063832-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2017-04-16 09:14 - 000000761 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-998115690-2290619701-3606063832-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dallas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\Windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk => C:\Windows\pss\Lotus Organizer EasyClip.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus QuickStart.lnk => C:\Windows\pss\Lotus QuickStart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk => C:\Windows\pss\Lotus SmartCenter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SuiteStart.lnk => C:\Windows\pss\Lotus SuiteStart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dallas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LTCM Client => "C:\Program Files (x86)\LTCM Client\ltcmClient.exe" /startup
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D54A7A53-4010-4546-A61D-A07F10B75669}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{D9CD3EFD-3720-408F-917A-482F13398EE5}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{BEDB496A-5085-44B2-B2EB-24B7FA883DF8}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{649B44DF-FBA4-4792-8DCC-4BEE40DA6DC4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{ED8DAB4F-1030-4972-BE09-A9E43E71CBE9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AE448EC-FC35-40AE-A63A-F68761335DEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7FF71EE-80E0-496E-BC63-BCC7C95A4D5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{62A5D400-7F9B-4AAB-9788-55EFE33353BB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{724C2A58-C69D-4723-9965-73805A940F09}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{1496A438-4564-4403-A993-28A5B3750195}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB79ECDC-5934-4B1A-A519-730463AFC7D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA8D4859-DCEF-420E-B1A0-19F57FEDA396}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{084BB2AE-632D-4F95-8CF4-4392A86B0FDB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F5C66F3-7529-468C-A8E3-88FB29E80764}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{13342435-054A-43C6-AEFF-16ECB3A15EF9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9C6CC2B6-E33A-4411-9BF8-2A63EBF4EF08}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E96E526C-A47F-47E2-9947-417BF9DE38E8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5D164880-3578-4320-B202-AE8F6C622417}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{58ECE951-F1E1-4AB4-8B41-ED1BED6ABEF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{87F35D4F-A657-4E08-B308-2271641F01D5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AC8C8B80-D49C-45E4-BD06-C392C702055E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{55FCEB09-32F1-4ADE-87D3-A81A7E2A3874}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
FirewallRules: [{0F37E39C-5904-4068-94EF-510FA206A858}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.80\opera.exe

==================== Restore Points =========================

18-07-2017 21:11:28 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
18-07-2017 21:12:41 Installed OpenOffice 4.1.1
20-07-2017 09:07:15 Installed LibreOffice 5.3.4.2
20-07-2017 19:52:18 Removed LibreOffice 5.2.7.2
24-07-2017 23:24:23 Windows Update
28-07-2017 01:49:28 Windows Update
01-08-2017 04:06:53 Windows Update
04-08-2017 05:18:54 Windows Update
07-08-2017 21:07:47 Windows Update
09-08-2017 03:00:49 Windows Update
15-08-2017 03:58:09 Windows Update
22-08-2017 04:37:36 Windows Update
22-08-2017 18:00:24 Windows Update
29-08-2017 05:00:27 Windows Update
05-09-2017 04:48:41 Windows Update
11-09-2017 23:50:34 Windows Update
13-09-2017 03:01:36 Windows Update
16-09-2017 19:39:48 Removed service pack backup files
17-09-2017 03:00:35 Windows Update

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2017 10:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EPCP.exe, version: 1.8.0.0, time stamp: 0x558b7fbb
Faulting module name: E_YERSJJE.DLL, version: 1.2.2.7, time stamp: 0x4ff3f697
Exception code: 0xc0000005
Fault offset: 0x0000000000001870
Faulting process id: 0x73c
Faulting application start time: 0x01d32f5e5636652d
Faulting application path: C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\E_YERSJJE.DLL
Report Id: fc2b1468-9bb6-11e7-be81-001b10002aec

Error: (09/17/2017 04:58:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d26
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x520
Faulting application start time: 0x01d32f9320e7c9a6
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 62477ae9-9b86-11e7-be81-001b10002aec

Error: (09/17/2017 04:58:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (09/16/2017 10:41:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/16/2017 07:39:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {16aa3000-5565-49f5-9f2e-b71a3c123fb0}

Error: (09/16/2017 03:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: native_proxy.exe, version: 1.34.0.3271, time stamp: 0x594abc41
Faulting module name: native_proxy.exe, version: 1.34.0.3271, time stamp: 0x594abc41
Exception code: 0xc0000005
Fault offset: 0x0000000000025195
Faulting process id: 0x1eb4
Faulting application start time: 0x01d32f0248f2d18c
Faulting application path: C:\Program Files\Intel Security\True Key\Application\native_proxy.exe
Faulting module path: C:\Program Files\Intel Security\True Key\Application\native_proxy.exe
Report Id: 543873dc-9b19-11e7-a93d-001b10002aec

Error: (09/16/2017 03:32:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23889, time stamp: 0x598d4d26
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x18b4
Faulting application start time: 0x01d32ebde08b4ed0
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 2ea1edd6-9ab1-11e7-a93d-001b10002aec

Error: (09/16/2017 03:32:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (09/15/2017 11:03:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/15/2017 10:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: native_proxy.exe, version: 1.34.0.3271, time stamp: 0x594abc41
Faulting module name: native_proxy.exe, version: 1.34.0.3271, time stamp: 0x594abc41
Exception code: 0xc0000005
Fault offset: 0x0000000000025195
Faulting process id: 0x1f30
Faulting application start time: 0x01d32e6fe52c1b06
Faulting application path: C:\Program Files\Intel Security\True Key\Application\native_proxy.exe
Faulting module path: C:\Program Files\Intel Security\True Key\Application\native_proxy.exe
Report Id: 90de31db-9a8a-11e7-88d0-001b10002aec


System errors:
=============
Error: (09/17/2017 07:06:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/17/2017 07:00:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/17/2017 05:54:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/17/2017 10:46:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EpsonCustomerParticipation service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/17/2017 06:40:21 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/17/2017 04:08:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/17/2017 01:26:19 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/17/2017 12:59:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (09/16/2017 10:47:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (09/16/2017 10:41:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-09-16 22:41:06.944
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 22:41:06.788
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-15 23:02:42.388
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-15 23:02:42.185
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-15 00:37:56.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-15 00:37:56.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 18:37:17.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-14 18:37:17.705
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-13 06:11:28.810
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-13 06:11:28.608
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 69%
Total physical RAM: 4056.36 MB
Available physical RAM: 1233.49 MB
Total Virtual: 8110.91 MB
Available Virtual: 3875.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:188.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8235A519)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

I am not very knowledgeable of computer language.  So most of this is Greek to me.

However I noticed this [Files to move or delete:
====================
C:\Users\Dallas\PM_Platinum_6.0.6_update.exe]

This is my Desk top publisher and not sure why it would need to be "moved or deleted".

 

Thank you for you help

I appreciate it.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 18 September 2017 - 07:26 AM



Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
DriverUpdate (HKLM-x32\...\{44E388BE-45EC-4DE3-B837-E2BEF5F9FA5C}) (Version: 2.5.4 - Slimware Utilities Holdings, Inc.)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Extension: (Search Encrypt) - C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\qqfaihai.default-1492079863963-1502796660333\Extensions\@searchencrypt.xpi [2017-08-20]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Bing) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-03-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKU\S-1-5-21-998115690-2290619701-3606063832-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.10.1.10\Exts\Chrome.crx <not found>
S3 DellWAL; \??\C:\Program Files\Dell\DellDataVault\DDDriver64Dcsa.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20170418.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20170418.008\EX64.SYS [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {38B58374-0076-421D-9BC6-AD67993E836D} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {68C76EEB-966D-45A3-9399-D407DDEC6B13} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Dallas\Desktop\chrome:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Desktop\OpenOffice 4.1.1 (en-US) Installation Files:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Car Search:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Confederate Statue Issue:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Efficient Organizer AutoBackup:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Grandkids:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\WORDsearch:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\WORDsearch Backups:Roxio EMC Stream [38]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Please let me know what problem persists with this computer.

===

C:\Users\Dallas\PM_Platinum_6.0.6_update.exe]
This is my Desk top publisher and not sure why it would need to be "moved or deleted".


It's only a suggestion. Normally an .exe file would not be in a User\username folder.

#5 nonnox15

nonnox15
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:04:36 AM

Posted 18 September 2017 - 08:18 AM

I got to this line.

Run FRST and click Fix only once and wait.

Norton's blocked this as a threat and removed it from my computer.

I went back to the link above to download FRST again and got a message that the system had crashed

and that the technicians have been notified.

So I will try this again later after I get back home.

Thank you.

Do you know why Norton's would block this program?

It says it is from an unknown source.



#6 nonnox15

nonnox15
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:04:36 AM

Posted 18 September 2017 - 08:44 AM

Did it.  Here is the list.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by Dallas (18-09-2017 09:19:54) Run:1
Running from C:\Users\Dallas\Desktop\Bleeping Computer
Loaded Profiles: Dallas (Available Profiles: Dallas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Extension: (Search Encrypt) - C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\qqfaihai.default-

1492079863963-1502796660333\Extensions\@searchencrypt.xpi [2017-08-20]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Bing) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fcfenmboojpjinhpgggodefccipikbpd [2017-03-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine

\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKU\S-1-5-21-998115690-2290619701-3606063832-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:

[fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus

\Engine\22.10.1.10\Exts\Chrome.crx <not found>
S3 DellWAL; \??\C:\Program Files\Dell\DellDataVault\DDDriver64Dcsa.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs

\20170418.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs

\20170418.008\EX64.SYS [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {38B58374-0076-421D-9BC6-AD67993E836D} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {68C76EEB-966D-45A3-9399-D407DDEC6B13} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Dallas\Desktop\chrome:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Desktop\OpenOffice 4.1.1 (en-US) Installation Files:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Car Search:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Confederate Statue Issue:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Efficient Organizer AutoBackup:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\Grandkids:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\WORDsearch:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\Dallas\Documents\WORDsearch Backups:Roxio EMC Stream [38]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\qqfaihai.default-1492079863963-1502796660333\Extensions

\@searchencrypt.xpi => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR Extension: (Bing) - C:\Users\Dallas\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fcfenmboojpjinhpgggodefccipikbpd [2017-03-22] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
HKU\S-1-5-21-998115690-2290619701-3606063832-1000\SOFTWARE\Google\Chrome\Extensions

\fcfenmboojpjinhpgggodefccipikbpd => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
HKLM\System\CurrentControlSet\Services\DellWAL => key removed successfully
DellWAL => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed

successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38B58374-0076-421D-9BC6-AD67993E836D}

=> key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38B58374-0076-421D-9BC6-AD67993E836D}

=> key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask => key removed

successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68C76EEB-966D-45A3-9399-D407DDEC6B13}

=> key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68C76EEB-966D-45A3-9399-D407DDEC6B13}

=> key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask => key

removed successfully
C:\Users\Dallas\Desktop\chrome => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dallas\Desktop\OpenOffice 4.1.1 (en-US) Installation Files => ":Roxio EMC Stream" ADS removed

successfully.
C:\Users\Dallas\Documents\Car Search => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dallas\Documents\Confederate Statue Issue => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dallas\Documents\Efficient Organizer AutoBackup => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dallas\Documents\Grandkids => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dallas\Documents\WORDsearch => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Dallas\Documents\WORDsearch Backups => ":Roxio EMC Stream" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12031396 B
Java, Flash, Steam htmlcache => 1365 B
Windows/system/drivers => 30533 B
Edge => 0 B
Chrome => 426893782 B
Firefox => 949133367 B
Opera => 118706176 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66356 B
LocalService => 132244 B
NetworkService => 202170284 B
Dallas => 4934473 B

RecycleBin => 26597250 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-09-2017 09:34:30)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NAVENG => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => key could not remove. Access Denied.

==== End of Fixlog 09:34:30 ====



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 18 September 2017 - 09:23 AM

The Farbar Program is being updated often. Norton may not have had enough info.

How is the computer running now?

#8 nonnox15

nonnox15
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:04:36 AM

Posted 18 September 2017 - 06:11 PM

My computer seems to be running better now.  Not as slow as before.

Thank you so very much for you help.

I greatly appreciate it.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 19 September 2017 - 06:39 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users