Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access MBAM or FRST. HJT log included. Please help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Nemesis23

Nemesis23

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 20 October 2017 - 06:36 AM

My computer is lagging. I can't open Malwarebytes. I tried to use the MBAR and FRST but I couldn't open either after downloading them.

 

Odd processes running, 6 firefox.exe processes at one point, etc...

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:16:23 AM, on 10/20/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\Betty\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Norton Identity Safety - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.0.41\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.0.41\coIEPlg.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: hevbomnapg.lnk = ?
O4 - Startup: qumcino.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10995 bytes
 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 20 October 2017 - 07:22 AM

Hi Nemesis23 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Nemesis23

Nemesis23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 21 October 2017 - 07:40 AM

Hey Aura!

 

Thank you for the prompt reply. I've tried to use the FRST program with no success. Every time that I try to "run as administrator", two dialog boxes pop up briefly but disappear

before I can read them or click on anything.

 

Something is blocking my spyware. I can't run Malwarebytes. Recently, I activated Norton Security. I thought that it might be a problem.

However, I can't get any of the spyware programs to work even with Norton Security turned off...



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 21 October 2017 - 09:24 AM

Are you able to boot in Safe Mode?

https://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#windows7

Do so, and then run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Nemesis23

Nemesis23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 23 October 2017 - 04:15 AM

Yes, I was able to boot in Safe mode. Scan performed, results saved and posted...

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/23/17
Scan Time: 4:55 AM
Log File: f7902425-b7cf-11e7-9dc5-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3073
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Betty-PC\Betty

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333082
Threats Detected: 9
Threats Quarantined: 9
Time Elapsed: 7 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2593048256-3016365677-804844629-1001_Classes\yhusi\SHELL\OPEN\COMMAND, Quarantined, [1381], [386623],1.0.3073
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2593048256-3016365677-804844629-1001_Classes\qhed\SHELL\OPEN\COMMAND, Quarantined, [1381], [440423],1.0.3073

Registry Value: 3
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2593048256-3016365677-804844629-1001_Classes\yhusi\SHELL\OPEN\COMMAND|, Quarantined, [1381], [386623],1.0.3073
Rootkit.Fileless.MTGen, HKU\S-1-5-21-2593048256-3016365677-804844629-1001_Classes\qhed\SHELL\OPEN\COMMAND|, Quarantined, [1381], [440423],1.0.3073
Trojan.BHO.Generic, HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}, Quarantined, [8584], [407906],1.0.3073

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
Rootkit.Fileless.MTGen, C:\USERS\BETTY\START MENU\PROGRAMS\STARTUP\QUMCINO.LNK, Quarantined, [1381], [-1],0.0.0
Rootkit.Fileless.MTGen, C:\Users\Betty\AppData\Local\Inviqvir\AWKUCUH.LUXSUSAN, Quarantined, [1381], [-1],0.0.0
Rootkit.Fileless.MTGen, C:\USERS\BETTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QUMCINO.LNK, Quarantined, [1381], [-1],0.0.0
Trojan.Kovter, C:\USERS\BETTY\DOWNLOADS\FIREFOX-PATCH.JS, Quarantined, [47], [444098],1.0.3073

Physical Sector: 0
(No malicious items detected)


(end)



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 23 October 2017 - 07:45 AM

Awesome :) Now, if you boot back normally and try to run a scan with FRST, does it works?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Nemesis23

Nemesis23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 24 October 2017 - 03:30 AM

Yes, it worked! Here is the content from FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2017 01
Ran by Betty (administrator) on BETTY-PC (24-10-2017 04:17:18)
Running from C:\Users\Betty\Desktop
Loaded Profiles: Betty (Available Profiles: Betty)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\n360.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\n360.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hevbomnapg.lnk [2017-10-11]
ShortcutTarget: hevbomnapg.lnk -> C:\Users\Betty\AppData\Local\R Wa\lfutnyzme.eqfo ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0C1C3898-399C-4048-A090-0154F39E1EF4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://search.coupons.com/
SearchScopes: HKLM -> DefaultScope {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {1981EE13-A52E-47A9-BBDB-0259AB055523} URL =
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {B88CC86E-B4F4-4330-840A-E9D68481CAB9} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {FAE2BB50-CCE7-4B76-B2E0-0E8A4F8FBF47} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.4-1311
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)

FireFox:
========
FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\uptkzbdz.default-1474624696208 [2017-10-24]
FF Extension: (CouponViewer Add-On) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\uptkzbdz.default-1474624696208\Extensions\couponviewer@befrugal.com [2017-04-24]
FF Extension: (uBlock Origin) - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\uptkzbdz.default-1474624696208\Extensions\uBlock0@raymondhill.net.xpi [2017-10-22]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-12] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413104 2015-03-04] (Coupons.com Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\N360.exe [326144 2017-10-04] (Symantec Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171018.001\BHDrvx64.sys [1872024 2017-10-16] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160B000.029\ccSetx64.sys [187520 2017-10-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-10-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158360 2017-10-19] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171023.001\IDSvia64.sys [1056920 2017-10-17] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-24] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-24] (Malwarebytes)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\160B000.029\SRTSP64.SYS [812704 2017-10-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\160B000.029\SRTSPX64.SYS [49304 2017-10-03] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\160B000.029\SYMEFASI64.SYS [1868416 2017-10-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\160B000.029\Ironx64.SYS [301288 2017-10-03] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\160B000.029\SYMNETS.SYS [566912 2017-10-03] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160810.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160810.009\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-24 04:17 - 2017-10-24 04:17 - 000019737 _____ C:\Users\Betty\Desktop\FRST.txt
2017-10-24 04:16 - 2017-10-24 04:17 - 000000000 ____D C:\FRST
2017-10-24 04:16 - 2017-10-24 04:16 - 000000000 ____D C:\Users\Betty\Desktop\FRST-OlderVersion
2017-10-24 01:41 - 2017-10-24 03:43 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-24 01:41 - 2017-10-24 03:43 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-24 01:41 - 2017-10-24 03:43 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-24 01:41 - 2017-10-24 01:41 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-23 18:56 - 2017-10-23 18:56 - 000000000 ____D C:\Users\Betty\AppData\Local\{08160163-6A40-4D42-B4DF-A037A4C8E87F}
2017-10-23 14:57 - 2017-10-23 14:57 - 000041123 _____ C:\Users\Betty\Downloads\10_12_2017.pdf
2017-10-23 05:05 - 2017-10-23 05:05 - 000002347 _____ C:\Users\Betty\Desktop\Scan.txt
2017-10-23 04:52 - 2017-10-23 05:06 - 000145910 _____ C:\Windows\ntbtlog.txt
2017-10-23 04:17 - 2017-10-23 04:18 - 000000000 ____D C:\Users\Betty\AppData\Local\{61CF97CA-7D9A-494B-9676-DAE3985612C5}
2017-10-22 07:29 - 2017-10-22 07:29 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-10-22 07:04 - 2016-03-09 15:00 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-10-22 07:04 - 2016-03-09 15:00 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-10-22 07:04 - 2016-03-09 14:40 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-10-22 07:04 - 2016-03-09 14:40 - 000316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-10-22 06:31 - 2017-10-22 06:31 - 000000000 ____D C:\Users\Betty\AppData\Local\{8F045B83-2109-408A-9336-449E9DFE6602}
2017-10-21 07:14 - 2017-10-21 08:08 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForBetty.job
2017-10-21 07:14 - 2017-10-21 07:14 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBetty
2017-10-21 04:23 - 2017-10-21 04:23 - 000000000 ____D C:\Users\Betty\AppData\Local\{CF62C034-B5C9-4FE5-9BD5-B1DC3668AC17}
2017-10-20 07:18 - 2017-10-20 07:18 - 000010997 _____ C:\Users\Betty\Desktop\hijackthis 01.txt
2017-10-20 07:12 - 2017-10-20 07:13 - 000388608 _____ (Trend Micro Inc.) C:\Users\Betty\Downloads\HijackThis.exe
2017-10-20 07:10 - 2017-10-24 04:16 - 002403328 _____ (Farbar) C:\Users\Betty\Desktop\FRST64.exe
2017-10-20 07:09 - 2017-10-20 07:09 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Betty\Downloads\mbar-1.09.3.1001(2).exe
2017-10-20 06:57 - 2017-10-20 06:57 - 000000681 _____ C:\Users\Betty\Desktop\Betty - Shortcut.lnk
2017-10-20 06:38 - 2017-10-20 06:38 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Betty\Downloads\mbar-1.09.3.1001(1).exe
2017-10-20 06:35 - 2017-10-20 06:35 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Betty\Downloads\rkill.com
2017-10-20 06:31 - 2017-10-20 06:38 - 000002114 _____ C:\Users\Betty\Desktop\Rkill.txt
2017-10-20 06:30 - 2017-10-20 06:30 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Betty\Downloads\rkill.exe
2017-10-20 02:16 - 2017-10-20 02:17 - 000000000 ____D C:\Users\Betty\AppData\Local\{60CC95FD-414E-4CF1-B877-C64B73E2D147}
2017-10-19 06:44 - 2017-10-19 06:44 - 000000000 ____D C:\Users\Betty\AppData\Local\{655B4A92-22D6-4D97-B5F9-4BCCEB685A8E}
2017-10-18 15:18 - 2017-10-18 15:18 - 000000000 ____D C:\Users\Betty\AppData\Local\{A048684C-2EA3-45B7-B4C3-B9B267B31756}
2017-10-18 04:04 - 2017-10-18 04:04 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Betty\Downloads\mbar-1.09.3.1001.exe
2017-10-18 03:56 - 2017-10-18 03:56 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-18 03:56 - 2017-10-18 03:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-18 03:56 - 2017-10-18 03:56 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-18 03:56 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-18 03:55 - 2017-10-18 03:55 - 071535032 _____ (Malwarebytes ) C:\Users\Betty\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-18 03:17 - 2017-10-18 03:17 - 000000000 ____D C:\Users\Betty\AppData\Local\{B49B760D-19A9-4A7F-A009-81E91D0D976D}
2017-10-17 13:02 - 2017-10-17 13:02 - 000000000 ____D C:\Users\Betty\AppData\Local\{999311B0-86A3-4007-B875-6400A9948A3B}
2017-10-17 04:42 - 2017-10-17 04:42 - 004157805 _____ C:\Users\Betty\Downloads\42682_highroad_coupon.pdf
2017-10-17 00:22 - 2017-10-17 00:23 - 000000000 ____D C:\Users\Betty\AppData\Local\{43FB2B0D-11ED-4395-B81B-59FCED183959}
2017-10-16 04:40 - 2017-10-16 04:40 - 000000000 ____D C:\Users\Betty\AppData\Local\{1A24DD2F-BD11-4062-90C5-17AAA3F673DD}
2017-10-15 04:44 - 2017-10-15 04:44 - 000000000 ____D C:\Users\Betty\AppData\Local\{FAE3E5A5-AD23-4F06-811B-31C15B2C2426}
2017-10-14 05:49 - 2017-10-14 05:49 - 000000000 ____D C:\Users\Betty\AppData\Local\{6211918C-9B8B-40D1-92A6-6A0715CC1107}
2017-10-13 05:05 - 2017-10-13 05:05 - 000000000 ____D C:\Windows\System32\Tasks\Norton 360
2017-10-13 04:59 - 2017-10-13 04:59 - 000000000 ____D C:\Users\Betty\AppData\Local\{4D82377A-057D-4E81-B984-825244FE6942}
2017-10-13 04:57 - 2017-10-13 04:57 - 000003230 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-10-12 03:46 - 2017-10-12 03:46 - 000000000 ____D C:\Users\Betty\AppData\Local\{D0E8AB9B-812C-46AD-8C37-894676D4C113}
2017-10-11 14:34 - 2017-10-11 14:35 - 000000000 ____D C:\Users\Betty\AppData\Local\{ACD815E9-269E-4A10-B7FF-35EAD66100E9}
2017-10-11 04:10 - 2017-10-23 05:04 - 000000000 ____D C:\Users\Betty\AppData\Local\Inviqvir
2017-10-11 04:10 - 2017-10-11 04:10 - 000000000 ____D C:\Users\Betty\AppData\Local\Wybabpa
2017-10-11 04:10 - 2017-10-11 04:10 - 000000000 ____D C:\Users\Betty\AppData\Local\R Wa
2017-10-11 02:32 - 2017-10-11 02:32 - 000000000 ____D C:\Users\Betty\AppData\Local\{AC9B1CE3-BF25-49D9-9AD9-1C00B28FDB7D}
2017-10-10 07:15 - 2017-10-10 07:15 - 000000000 ____D C:\Users\Betty\AppData\Local\{EA13E192-5D2C-44AF-B7CD-231055A2A40F}
2017-10-09 05:00 - 2017-10-09 05:00 - 000000000 ____D C:\Users\Betty\AppData\Local\{35239DEE-4E36-453B-9237-E1B6D2FA3080}
2017-10-08 04:29 - 2017-10-08 04:29 - 000000000 ____D C:\Users\Betty\AppData\Local\{7619F458-F415-4547-ADB0-AD4086725712}
2017-10-07 05:00 - 2017-10-07 05:00 - 000000000 ____D C:\Users\Betty\AppData\Local\{E14845BF-7EA5-4E0D-A249-2AA816FAC83E}
2017-10-06 04:36 - 2017-10-06 04:36 - 000000000 ____D C:\Users\Betty\AppData\Local\{40809720-B098-496E-A34E-4E8FD7423F5A}
2017-10-05 15:21 - 2017-10-05 15:21 - 000000000 ____D C:\Users\Betty\AppData\Local\{ABF689C6-8737-411F-A070-7E54CE9EE816}
2017-10-05 03:19 - 2017-10-05 03:20 - 000000000 ____D C:\Users\Betty\AppData\Local\{19C387A3-BA44-402E-A488-B50E878E7C62}
2017-10-04 14:23 - 2017-10-04 14:25 - 260623688 _____ (Apple Inc.) C:\Users\Betty\Downloads\iTunes64Setup.exe
2017-10-04 14:06 - 2017-10-04 14:06 - 000000000 ____D C:\Users\Betty\AppData\Local\{9A1C941B-DFA8-48E6-83ED-26BA190E9E39}
2017-10-04 00:45 - 2017-10-04 00:45 - 000000000 ____D C:\Users\Betty\AppData\Local\{1FD4FE49-E217-4054-B41B-FF3CE0606542}
2017-10-03 05:26 - 2017-10-03 05:26 - 000000000 ____D C:\Users\Betty\AppData\Local\{FCC04069-ABE5-4FFD-9B36-A7896CE88D06}
2017-10-02 16:45 - 2017-10-02 16:45 - 000000000 ____D C:\Users\Betty\AppData\Local\{7867471C-F568-41A0-BFB9-75D5265BB154}
2017-10-02 04:40 - 2017-10-02 04:40 - 000000000 ____D C:\Users\Betty\AppData\Local\{FF545B87-C37D-4B5A-B90D-F467615B39BC}
2017-10-01 08:49 - 2017-10-01 08:49 - 000000000 ____D C:\Users\Betty\AppData\Local\{7D237E42-D440-4544-A061-4AB2B8D89914}
2017-09-30 17:37 - 2017-09-30 17:37 - 000000000 ____D C:\Users\Betty\AppData\Local\{3DAAC38D-D66B-464E-A967-9C93FC803E6F}
2017-09-30 05:06 - 2017-09-30 05:06 - 000000000 ____D C:\Users\Betty\AppData\Local\{E0885DE2-8B9E-4C98-976E-A30204BFE225}
2017-09-29 06:13 - 2017-09-29 06:13 - 000000000 ____D C:\Users\Betty\AppData\Local\{B9E1703D-5DC2-4D1C-A23C-786DEBA3E99C}
2017-09-29 04:47 - 2017-09-29 04:48 - 000000000 ____D C:\Users\Betty\AppData\Local\{55BA95E2-D0A3-4692-9EAF-48400A8189E0}
2017-09-28 13:10 - 2017-09-28 13:10 - 000000000 ____D C:\Users\Betty\AppData\Local\{57CC8E9A-F4EA-42AC-8DA0-604025C3D292}
2017-09-28 01:09 - 2017-09-28 01:09 - 000000000 ____D C:\Users\Betty\AppData\Local\{E009AC92-C34A-4C4D-B607-BBB4E15DF0AB}
2017-09-27 06:56 - 2017-09-27 06:56 - 000000000 ____D C:\Users\Betty\AppData\Local\{71321509-83DD-4806-AB44-EAE86D1C654E}
2017-09-26 13:57 - 2017-09-26 13:57 - 000000000 ____D C:\Users\Betty\AppData\Local\{87F95673-00C9-41C6-8705-B0CF3BCCDE80}
2017-09-26 01:55 - 2017-09-26 01:56 - 000000000 ____D C:\Users\Betty\AppData\Local\{C61B06A4-623B-43DC-8BD8-27124740F360}
2017-09-25 05:08 - 2017-09-25 05:08 - 000000000 ____D C:\Users\Betty\AppData\Local\{BC7B520B-532F-4CD1-9F65-31521870D4B6}
2017-09-24 06:36 - 2017-09-24 06:36 - 000000000 ____D C:\Users\Betty\AppData\Local\{22B0A314-5858-48C2-879D-6DD542976539}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-24 04:14 - 2016-11-16 00:43 - 000000000 ____D C:\Users\Betty\AppData\LocalLow\Mozilla
2017-10-24 03:54 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-24 03:54 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-24 03:43 - 2010-06-27 20:14 - 000000000 ____D C:\Users\Betty\Tracing
2017-10-24 03:42 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-21 08:20 - 2016-02-25 07:16 - 000741376 ___SH C:\Users\Betty\Downloads\Thumbs.db
2017-10-20 07:19 - 2016-11-23 07:40 - 000000000 ____D C:\Users\Betty\AppData\Local\tkdata
2017-10-20 07:13 - 2010-06-27 17:53 - 000000000 ____D C:\Users\Betty\AppData\Local\VirtualStore
2017-10-18 09:04 - 2015-04-17 07:03 - 000000000 ____D C:\Users\Betty\Downloads\System
2017-10-18 03:56 - 2016-11-01 05:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-16 07:08 - 2012-05-08 10:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-16 07:08 - 2012-05-08 10:36 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-16 07:08 - 2011-11-25 19:10 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-16 07:08 - 2011-05-14 20:18 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-16 07:08 - 2010-04-10 21:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-16 06:19 - 2016-11-15 18:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-16 06:19 - 2012-04-26 15:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-15 05:25 - 2015-07-21 13:15 - 000000000 ____D C:\Program Files\Common Files\AV
2017-10-13 04:58 - 2010-08-19 11:27 - 000000000 ____D C:\Windows\system32\Drivers\N360x64
2017-10-13 04:57 - 2016-08-11 01:15 - 000002325 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-10-13 04:57 - 2015-08-09 04:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2017-10-11 04:22 - 2017-01-05 05:17 - 000000000 ____D C:\Users\Betty\AppData\Local\02122975a6
2017-10-11 04:11 - 2009-07-14 01:08 - 000032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-11 03:30 - 2010-06-27 14:46 - 000000000 ____D C:\Users\Betty\AppData\Local\Hewlett-Packard

==================== Files in the root of some directories =======

2011-02-17 17:58 - 2017-09-14 15:06 - 000003992 _____ () C:\Users\Betty\AppData\Roaming\wklnhst.dat
2013-05-20 06:13 - 2013-05-20 06:12 - 000096664 _____ () C:\Users\Betty\AppData\Local\tmp0423030047 - 22.0
2013-05-20 06:13 - 2013-05-20 06:13 - 000078964 _____ () C:\Users\Betty\AppData\Local\tmp0423030047 - 22.JPG
2013-05-20 06:36 - 2013-05-20 06:36 - 000024693 _____ () C:\Users\Betty\AppData\Local\tmp0423030047 - 2222.JPG
2011-05-21 08:06 - 2011-10-06 15:22 - 000001940 _____ () C:\Users\Betty\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Some files in TEMP:
====================
2015-11-14 17:26 - 2015-10-22 02:08 - 000595656 _____ (Hewlett-Packard) C:\Users\Betty\AppData\Local\Temp\HPSFUpdater.exe
2015-11-14 17:28 - 2015-09-28 10:36 - 000144912 _____ (Hewlett-Packard Company) C:\Users\Betty\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-07 02:50

==================== End of FRST.txt ============================



#8 Nemesis23

Nemesis23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 24 October 2017 - 03:32 AM

Here is the content from the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by Betty (24-10-2017 04:18:31)
Running from C:\Users\Betty\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-06-27 18:45:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2593048256-3016365677-804844629-500 - Administrator - Disabled)
Betty (S-1-5-21-2593048256-3016365677-804844629-1001 - Administrator - Enabled) => C:\Users\Betty
Guest (S-1-5-21-2593048256-3016365677-804844629-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2593048256-3016365677-804844629-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
BitPim 1.0.7 (HKLM-x32\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <djpham@bitpim.org>)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer Input Firefox Extension (remove only) (HKU\S-1-5-21-2593048256-3016365677-804844629-1001\...\Consumer Input Firefox Extension) (Version: 2.7.1.53 - Compete Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Mozilla Firefox 56.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.1 (x64 en-US)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.11.0.41 - Symantec Corporation)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
P@H-Protocol (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2216 - CyberLink Corp.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-02] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15F97AFB-0178-4F73-BB72-D6AB94CEB00B} - System32\Tasks\HPCeeScheduleForBetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {28BE9B7E-B5DA-4FAE-B739-A8457B6C48F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {298E94C0-4B27-415E-AB5B-53578E8FEEEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {2ABE4C80-F1CF-4B1C-B9BB-17D7C7F42C7B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {421343AC-A8A9-48EA-9E94-1819AAFFB0C0} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {60FE273E-B846-42CE-806F-A13636D6BC47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {6EDEE819-954D-4F1B-B62E-707F08CC02B4} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {7A98C563-1C70-4F44-BFFD-69F8C155D048} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {7C1C6D15-FE29-4D6F-93E8-A2F9E5F4ADA9} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {7F3506CA-F49E-439D-A2F9-B77AF84573CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {9E27AD78-2286-4C28-8AC6-4F6F52D3D015} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {A0386F61-A9B2-425D-A5C0-826223F7BBAD} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {A105567B-A5CE-4493-84BB-917BC1AE08B7} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {A446EDEC-9C29-440D-B943-C2282977DBF0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {C1EF3ED2-F2CD-4AFD-BFF3-5A5CAC499EFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {C1F0E267-B7BB-4726-9A0A-EAF3AAA1CBAB} - System32\Tasks\{572FA9AA-0D62-4281-99D5-BD204BED6B69} => C:\Windows\system32\pcalua.exe -a "C:\Users\Betty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VEVTJ2U\Firefox%20Setup%203.6.6[1].exe" -d C:\Users\Betty\Desktop
Task: {C50309CB-F692-4CF4-8A2B-7647D859AA22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {CA331848-534F-48C4-8442-BA63D61CED81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {DAE446C0-8BB2-48EB-9A7E-CA39661DB811} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-10-04] (Symantec Corporation)
Task: {E04D1ED8-21C9-429F-98B7-A11C15FCEF1C} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {E1440E76-2D82-4479-9AAB-431976DA5617} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {E41D828A-BC73-4B21-8A74-90E43A187CB4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {ECD5498E-B6C5-4ED7-B0A7-D96783C1947E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\WSCStub.exe [2017-10-04] (Symantec Corporation)
Task: {FA8F31C4-6CB8-442C-9CD4-BEC1D045739F} - System32\Tasks\{82DFB06C-CAC5-4293-99C8-CB8E93918146} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForBetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-18 03:56 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-18 03:56 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2009-09-14 19:17 - 2009-09-14 19:17 - 000610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-09-29 18:25 - 2009-09-29 18:25 - 000061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 000131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 000040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 000005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 000018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 000036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 000028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 000007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 000931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-10-17 02:38 - 000000856 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2593048256-3016365677-804844629-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{629EC29E-0164-4BEA-BF8E-9B897DA68A08}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{76F48721-452D-49C9-A3BA-695C2EBDEEB4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{2DE92203-4EC2-4683-94A1-B762D4411EF3}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{2E5FACCD-20DC-436C-A166-91172CA3849C}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{ECF6CDC0-3C70-4EC6-AC2A-AADDD5B8976A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{52BA5993-55CB-40BC-B092-EBE88B426019}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{83BB6D25-F304-4170-B247-3ABE89C4FAC7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{315BC0F5-E6A3-4BC7-8888-9885ED22C880}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{31548485-269B-4BE6-B8C0-E105A57C7A71}] => (Allow) svchost.exe
FirewallRules: [{5FF873CE-50E0-4E95-89CE-73B4940FD40F}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3AABBE9A-0A42-44DA-AFB6-4060CAE0EAE5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{F64E0692-A056-48D8-8521-BD17A51FB26D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{95AD7966-2135-4DE7-871E-BF61E0E88D53}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{31650781-2BF8-4059-8AED-AE0094276D0A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{1C21AE7C-E16B-47B8-8CA9-2259B03CC70E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{CFC368E5-7559-4701-B865-222C6651772F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{301D1E22-7327-4226-8F4E-C41D619024A3}] => (Allow) LPort=2869
FirewallRules: [{886AFCEC-A887-4423-8592-8C853D9401BD}] => (Allow) LPort=1900
FirewallRules: [{C42C525E-98A0-4BC5-A660-79E43172852C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CE3C6540-1111-4C37-96B0-7BFC2848C84A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81E4BED9-6983-4269-A152-84DC709FFCA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{450067FB-A790-44B5-BFAF-C3E5EA0E3AC2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3FF08558-BE7C-4FB8-8DE8-C63F0725BD71}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{62005501-CDC1-4A72-B8CE-5D2E8AC491B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE401E1A-FC1E-430C-8171-3F370EED13AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C8A1AA6-17A0-44F6-8F31-3C3385F181C4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Restore Points =========================

23-11-2016 07:37:25 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
25-03-2017 06:37:14 Installed Samsung Kies3
03-04-2017 08:50:15 Removed Samsung Kies3
22-10-2017 08:09:04 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2017 05:05:34 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/23/2017 05:05:34 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/23/2017 05:05:34 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/23/2017 05:05:34 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/28/2017 01:07:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSupportSolutionsFrameworkService.exe, version: 8.7.27.15, time stamp: 0x595d9791
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc000070a
Fault offset: 0x0000000000060634
Faulting process id: 0xeb4
Faulting application start time: 0x01d3387af909827a
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 70b031c3-a46f-11e7-a0f5-d8d3857eaff9

Error: (09/28/2017 01:06:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSupportSolutionsFrameworkService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c000070a, exception address 0000000077B80634

Error: (09/13/2017 02:53:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSupportSolutionsFrameworkService.exe, version: 8.7.27.15, time stamp: 0x595d9791
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc0000420
Fault offset: 0x00000000000bf262
Faulting process id: 0x610
Faulting application start time: 0x01d32c58bc867d36
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 370bcb96-9850-11e7-85c7-d8d3857eaff9

Error: (09/03/2017 05:24:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSupportSolutionsFrameworkService.exe, version: 8.7.27.15, time stamp: 0x595d9791
Faulting module name: CRYPT32.dll, version: 6.1.7601.18839, time stamp: 0x553e8c21
Exception code: 0xc0000005
Fault offset: 0x00000000000022b6
Faulting process id: 0xa2c
Faulting application start time: 0x01d3249535904599
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
Faulting module path: C:\Windows\system32\CRYPT32.dll
Report Id: adf7e456-9089-11e7-8385-d8d3857eaff9

Error: (09/03/2017 05:24:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSupportSolutionsFrameworkService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEFCCC22B6

Error: (08/29/2017 03:24:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSupportSolutionsFrameworkService.exe, version: 8.7.27.15, time stamp: 0x595d9791
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc000070a
Fault offset: 0x0000000000060634
Faulting process id: 0xc68
Faulting application start time: 0x01d320974d1fa561
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1c856e08-8c8b-11e7-a0e0-d8d3857eaff9


System errors:
=============
Error: (10/24/2017 03:42:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/24/2017 01:41:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/23/2017 06:54:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/23/2017 01:29:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/23/2017 06:18:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/23/2017 05:08:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/23/2017 04:53:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/23/2017 04:53:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/23/2017 04:53:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/23/2017 04:53:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 39%
Total physical RAM: 4061.24 MB
Available physical RAM: 2462.66 MB
Total Virtual: 8120.67 MB
Available Virtual: 5663.54 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:687.75 GB) (Free:613.65 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.78 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 24 October 2017 - 07:32 AM

Awesome! Let's clean the rest.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Nemesis23

Nemesis23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 24 October 2017 - 08:06 AM

Here is the fixlog generated by FRST...

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by Betty (24-10-2017 08:45:19) Run:1
Running from C:\Users\Betty\Desktop
Loaded Profiles: Betty (Available Profiles: Betty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Startup: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hevbomnapg.lnk [2017-10-11]
ShortcutTarget: hevbomnapg.lnk -> C:\Users\Betty\AppData\Local\R Wa\lfutnyzme.eqfo ()

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://search.coupons.com/
SearchScopes: HKLM -> DefaultScope {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1981EE13-A52E-47A9-BBDB-0259AB055523} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {1981EE13-A52E-47A9-BBDB-0259AB055523} URL =
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {B88CC86E-B4F4-4330-840A-E9D68481CAB9} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2593048256-3016365677-804844629-1001 -> {FAE2BB50-CCE7-4B76-B2E0-0E8A4F8FBF47} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-3.4-1311

Task: {C1F0E267-B7BB-4726-9A0A-EAF3AAA1CBAB} - System32\Tasks\{572FA9AA-0D62-4281-99D5-BD204BED6B69} => C:\Windows\system32\pcalua.exe -a "C:\Users\Betty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VEVTJ2U\Firefox%20Setup%203.6.6[1].exe" -d C:\Users\Betty\Desktop
Task: {FA8F31C4-6CB8-442C-9CD4-BEC1D045739F} - System32\Tasks\{82DFB06C-CAC5-4293-99C8-CB8E93918146} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM

C:\Users\Betty\AppData\Local\{08160163-6A40-4D42-B4DF-A037A4C8E87F}
C:\Users\Betty\AppData\Local\{61CF97CA-7D9A-494B-9676-DAE3985612C5}
C:\Users\Betty\AppData\Local\{8F045B83-2109-408A-9336-449E9DFE6602}
C:\Users\Betty\AppData\Local\{CF62C034-B5C9-4FE5-9BD5-B1DC3668AC17}
2017-10-20 02:16 - 2017-10-20 02:17 - 000000000 ____D C:\Users\Betty\AppData\Local\{60CC95FD-414E-4CF1-B877-C64B73E2D147}
2017-10-19 06:44 - 2017-10-19 06:44 - 000000000 ____D C:\Users\Betty\AppData\Local\{655B4A92-22D6-4D97-B5F9-4BCCEB685A8E}
2017-10-18 15:18 - 2017-10-18 15:18 - 000000000 ____D C:\Users\Betty\AppData\Local\{A048684C-2EA3-45B7-B4C3-B9B267B31756}
2017-10-18 03:17 - 2017-10-18 03:17 - 000000000 ____D C:\Users\Betty\AppData\Local\{B49B760D-19A9-4A7F-A009-81E91D0D976D}
2017-10-17 13:02 - 2017-10-17 13:02 - 000000000 ____D C:\Users\Betty\AppData\Local\{999311B0-86A3-4007-B875-6400A9948A3B}
2017-10-17 00:22 - 2017-10-17 00:23 - 000000000 ____D C:\Users\Betty\AppData\Local\{43FB2B0D-11ED-4395-B81B-59FCED183959}
2017-10-16 04:40 - 2017-10-16 04:40 - 000000000 ____D C:\Users\Betty\AppData\Local\{1A24DD2F-BD11-4062-90C5-17AAA3F673DD}
2017-10-15 04:44 - 2017-10-15 04:44 - 000000000 ____D C:\Users\Betty\AppData\Local\{FAE3E5A5-AD23-4F06-811B-31C15B2C2426}
2017-10-14 05:49 - 2017-10-14 05:49 - 000000000 ____D C:\Users\Betty\AppData\Local\{6211918C-9B8B-40D1-92A6-6A0715CC1107}
2017-10-13 04:59 - 2017-10-13 04:59 - 000000000 ____D C:\Users\Betty\AppData\Local\{4D82377A-057D-4E81-B984-825244FE6942}
2017-10-12 03:46 - 2017-10-12 03:46 - 000000000 ____D C:\Users\Betty\AppData\Local\{D0E8AB9B-812C-46AD-8C37-894676D4C113}
2017-10-11 14:34 - 2017-10-11 14:35 - 000000000 ____D C:\Users\Betty\AppData\Local\{ACD815E9-269E-4A10-B7FF-35EAD66100E9}
2017-10-11 02:32 - 2017-10-11 02:32 - 000000000 ____D C:\Users\Betty\AppData\Local\{AC9B1CE3-BF25-49D9-9AD9-1C00B28FDB7D}
2017-10-10 07:15 - 2017-10-10 07:15 - 000000000 ____D C:\Users\Betty\AppData\Local\{EA13E192-5D2C-44AF-B7CD-231055A2A40F}
2017-10-09 05:00 - 2017-10-09 05:00 - 000000000 ____D C:\Users\Betty\AppData\Local\{35239DEE-4E36-453B-9237-E1B6D2FA3080}
2017-10-08 04:29 - 2017-10-08 04:29 - 000000000 ____D C:\Users\Betty\AppData\Local\{7619F458-F415-4547-ADB0-AD4086725712}
2017-10-07 05:00 - 2017-10-07 05:00 - 000000000 ____D C:\Users\Betty\AppData\Local\{E14845BF-7EA5-4E0D-A249-2AA816FAC83E}
2017-10-06 04:36 - 2017-10-06 04:36 - 000000000 ____D C:\Users\Betty\AppData\Local\{40809720-B098-496E-A34E-4E8FD7423F5A}
2017-10-05 15:21 - 2017-10-05 15:21 - 000000000 ____D C:\Users\Betty\AppData\Local\{ABF689C6-8737-411F-A070-7E54CE9EE816}
2017-10-05 03:19 - 2017-10-05 03:20 - 000000000 ____D C:\Users\Betty\AppData\Local\{19C387A3-BA44-402E-A488-B50E878E7C62}
2017-10-04 14:06 - 2017-10-04 14:06 - 000000000 ____D C:\Users\Betty\AppData\Local\{9A1C941B-DFA8-48E6-83ED-26BA190E9E39}
2017-10-04 00:45 - 2017-10-04 00:45 - 000000000 ____D C:\Users\Betty\AppData\Local\{1FD4FE49-E217-4054-B41B-FF3CE0606542}
2017-10-03 05:26 - 2017-10-03 05:26 - 000000000 ____D C:\Users\Betty\AppData\Local\{FCC04069-ABE5-4FFD-9B36-A7896CE88D06}
2017-10-02 16:45 - 2017-10-02 16:45 - 000000000 ____D C:\Users\Betty\AppData\Local\{7867471C-F568-41A0-BFB9-75D5265BB154}
2017-10-02 04:40 - 2017-10-02 04:40 - 000000000 ____D C:\Users\Betty\AppData\Local\{FF545B87-C37D-4B5A-B90D-F467615B39BC}
2017-10-01 08:49 - 2017-10-01 08:49 - 000000000 ____D C:\Users\Betty\AppData\Local\{7D237E42-D440-4544-A061-4AB2B8D89914}
2017-09-30 17:37 - 2017-09-30 17:37 - 000000000 ____D C:\Users\Betty\AppData\Local\{3DAAC38D-D66B-464E-A967-9C93FC803E6F}
2017-09-30 05:06 - 2017-09-30 05:06 - 000000000 ____D C:\Users\Betty\AppData\Local\{E0885DE2-8B9E-4C98-976E-A30204BFE225}
2017-09-29 06:13 - 2017-09-29 06:13 - 000000000 ____D C:\Users\Betty\AppData\Local\{B9E1703D-5DC2-4D1C-A23C-786DEBA3E99C}
2017-09-29 04:47 - 2017-09-29 04:48 - 000000000 ____D C:\Users\Betty\AppData\Local\{55BA95E2-D0A3-4692-9EAF-48400A8189E0}
2017-09-28 13:10 - 2017-09-28 13:10 - 000000000 ____D C:\Users\Betty\AppData\Local\{57CC8E9A-F4EA-42AC-8DA0-604025C3D292}
2017-09-28 01:09 - 2017-09-28 01:09 - 000000000 ____D C:\Users\Betty\AppData\Local\{E009AC92-C34A-4C4D-B607-BBB4E15DF0AB}
2017-09-27 06:56 - 2017-09-27 06:56 - 000000000 ____D C:\Users\Betty\AppData\Local\{71321509-83DD-4806-AB44-EAE86D1C654E}
2017-09-26 13:57 - 2017-09-26 13:57 - 000000000 ____D C:\Users\Betty\AppData\Local\{87F95673-00C9-41C6-8705-B0CF3BCCDE80}
2017-09-26 01:55 - 2017-09-26 01:56 - 000000000 ____D C:\Users\Betty\AppData\Local\{C61B06A4-623B-43DC-8BD8-27124740F360}
2017-09-25 05:08 - 2017-09-25 05:08 - 000000000 ____D C:\Users\Betty\AppData\Local\{BC7B520B-532F-4CD1-9F65-31521870D4B6}
2017-09-24 06:36 - 2017-09-24 06:36 - 000000000 ____D C:\Users\Betty\AppData\Local\{22B0A314-5858-48C2-879D-6DD542976539}
C:\Users\Betty\AppData\Local\R Wa
C:\Users\Betty\AppData\Local\Inviqvir
C:\Users\Betty\AppData\Local\Wybabpa
2013-05-20 06:13 - 2013-05-20 06:12 - 000096664 _____ () C:\Users\Betty\AppData\Local\tmp0423030047 - 22.0
2013-05-20 06:13 - 2013-05-20 06:13 - 000078964 _____ () C:\Users\Betty\AppData\Local\tmp0423030047 - 22.JPG
2013-05-20 06:36 - 2013-05-20 06:36 - 000024693 _____ () C:\Users\Betty\AppData\Local\tmp0423030047 - 2222.JPG
C:\Users\Betty\AppData\Roaming\wklnhst.dat

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hevbomnapg.lnk => moved successfully
C:\Users\Betty\AppData\Local\R Wa\lfutnyzme.eqfo => moved successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\Software\Microsoft\Internet Explorer\Main\\Old Start Page => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1981EE13-A52E-47A9-BBDB-0259AB055523} => key removed successfully
HKLM\Software\Classes\CLSID\{1981EE13-A52E-47A9-BBDB-0259AB055523} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} => key removed successfully
HKLM\Software\Classes\CLSID\{EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1981EE13-A52E-47A9-BBDB-0259AB055523} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{1981EE13-A52E-47A9-BBDB-0259AB055523} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} => key not found.
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1981EE13-A52E-47A9-BBDB-0259AB055523} => key removed successfully
HKLM\Software\Classes\CLSID\{1981EE13-A52E-47A9-BBDB-0259AB055523} => key not found.
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => key removed successfully
HKLM\Software\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => key not found.
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B88CC86E-B4F4-4330-840A-E9D68481CAB9} => key removed successfully
HKLM\Software\Classes\CLSID\{B88CC86E-B4F4-4330-840A-E9D68481CAB9} => key not found.
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} => key removed successfully
HKLM\Software\Classes\CLSID\{EC5E3FF4-AC27-4022-BD97-AFCDF3F01455} => key not found.
HKU\S-1-5-21-2593048256-3016365677-804844629-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FAE2BB50-CCE7-4B76-B2E0-0E8A4F8FBF47} => key removed successfully
HKLM\Software\Classes\CLSID\{FAE2BB50-CCE7-4B76-B2E0-0E8A4F8FBF47} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1F0E267-B7BB-4726-9A0A-EAF3AAA1CBAB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1F0E267-B7BB-4726-9A0A-EAF3AAA1CBAB} => key removed successfully
C:\Windows\System32\Tasks\{572FA9AA-0D62-4281-99D5-BD204BED6B69} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{572FA9AA-0D62-4281-99D5-BD204BED6B69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA8F31C4-6CB8-442C-9CD4-BEC1D045739F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA8F31C4-6CB8-442C-9CD4-BEC1D045739F} => key removed successfully
C:\Windows\System32\Tasks\{82DFB06C-CAC5-4293-99C8-CB8E93918146} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{82DFB06C-CAC5-4293-99C8-CB8E93918146} => key removed successfully
C:\Users\Betty\AppData\Local\{08160163-6A40-4D42-B4DF-A037A4C8E87F} => moved successfully
C:\Users\Betty\AppData\Local\{61CF97CA-7D9A-494B-9676-DAE3985612C5} => moved successfully
C:\Users\Betty\AppData\Local\{8F045B83-2109-408A-9336-449E9DFE6602} => moved successfully
C:\Users\Betty\AppData\Local\{CF62C034-B5C9-4FE5-9BD5-B1DC3668AC17} => moved successfully
C:\Users\Betty\AppData\Local\{60CC95FD-414E-4CF1-B877-C64B73E2D147} => moved successfully
C:\Users\Betty\AppData\Local\{655B4A92-22D6-4D97-B5F9-4BCCEB685A8E} => moved successfully
C:\Users\Betty\AppData\Local\{A048684C-2EA3-45B7-B4C3-B9B267B31756} => moved successfully
C:\Users\Betty\AppData\Local\{B49B760D-19A9-4A7F-A009-81E91D0D976D} => moved successfully
C:\Users\Betty\AppData\Local\{999311B0-86A3-4007-B875-6400A9948A3B} => moved successfully
C:\Users\Betty\AppData\Local\{43FB2B0D-11ED-4395-B81B-59FCED183959} => moved successfully
C:\Users\Betty\AppData\Local\{1A24DD2F-BD11-4062-90C5-17AAA3F673DD} => moved successfully
C:\Users\Betty\AppData\Local\{FAE3E5A5-AD23-4F06-811B-31C15B2C2426} => moved successfully
C:\Users\Betty\AppData\Local\{6211918C-9B8B-40D1-92A6-6A0715CC1107} => moved successfully
C:\Users\Betty\AppData\Local\{4D82377A-057D-4E81-B984-825244FE6942} => moved successfully
C:\Users\Betty\AppData\Local\{D0E8AB9B-812C-46AD-8C37-894676D4C113} => moved successfully
C:\Users\Betty\AppData\Local\{ACD815E9-269E-4A10-B7FF-35EAD66100E9} => moved successfully
C:\Users\Betty\AppData\Local\{AC9B1CE3-BF25-49D9-9AD9-1C00B28FDB7D} => moved successfully
C:\Users\Betty\AppData\Local\{EA13E192-5D2C-44AF-B7CD-231055A2A40F} => moved successfully
C:\Users\Betty\AppData\Local\{35239DEE-4E36-453B-9237-E1B6D2FA3080} => moved successfully
C:\Users\Betty\AppData\Local\{7619F458-F415-4547-ADB0-AD4086725712} => moved successfully
C:\Users\Betty\AppData\Local\{E14845BF-7EA5-4E0D-A249-2AA816FAC83E} => moved successfully
C:\Users\Betty\AppData\Local\{40809720-B098-496E-A34E-4E8FD7423F5A} => moved successfully
C:\Users\Betty\AppData\Local\{ABF689C6-8737-411F-A070-7E54CE9EE816} => moved successfully
C:\Users\Betty\AppData\Local\{19C387A3-BA44-402E-A488-B50E878E7C62} => moved successfully
C:\Users\Betty\AppData\Local\{9A1C941B-DFA8-48E6-83ED-26BA190E9E39} => moved successfully
C:\Users\Betty\AppData\Local\{1FD4FE49-E217-4054-B41B-FF3CE0606542} => moved successfully
C:\Users\Betty\AppData\Local\{FCC04069-ABE5-4FFD-9B36-A7896CE88D06} => moved successfully
C:\Users\Betty\AppData\Local\{7867471C-F568-41A0-BFB9-75D5265BB154} => moved successfully
C:\Users\Betty\AppData\Local\{FF545B87-C37D-4B5A-B90D-F467615B39BC} => moved successfully
C:\Users\Betty\AppData\Local\{7D237E42-D440-4544-A061-4AB2B8D89914} => moved successfully
C:\Users\Betty\AppData\Local\{3DAAC38D-D66B-464E-A967-9C93FC803E6F} => moved successfully
C:\Users\Betty\AppData\Local\{E0885DE2-8B9E-4C98-976E-A30204BFE225} => moved successfully
C:\Users\Betty\AppData\Local\{B9E1703D-5DC2-4D1C-A23C-786DEBA3E99C} => moved successfully
C:\Users\Betty\AppData\Local\{55BA95E2-D0A3-4692-9EAF-48400A8189E0} => moved successfully
C:\Users\Betty\AppData\Local\{57CC8E9A-F4EA-42AC-8DA0-604025C3D292} => moved successfully
C:\Users\Betty\AppData\Local\{E009AC92-C34A-4C4D-B607-BBB4E15DF0AB} => moved successfully
C:\Users\Betty\AppData\Local\{71321509-83DD-4806-AB44-EAE86D1C654E} => moved successfully
C:\Users\Betty\AppData\Local\{87F95673-00C9-41C6-8705-B0CF3BCCDE80} => moved successfully
C:\Users\Betty\AppData\Local\{C61B06A4-623B-43DC-8BD8-27124740F360} => moved successfully
C:\Users\Betty\AppData\Local\{BC7B520B-532F-4CD1-9F65-31521870D4B6} => moved successfully
C:\Users\Betty\AppData\Local\{22B0A314-5858-48C2-879D-6DD542976539} => moved successfully
C:\Users\Betty\AppData\Local\R Wa => moved successfully
C:\Users\Betty\AppData\Local\Inviqvir => moved successfully
C:\Users\Betty\AppData\Local\Wybabpa => moved successfully
C:\Users\Betty\AppData\Local\tmp0423030047 - 22.0 => moved successfully
C:\Users\Betty\AppData\Local\tmp0423030047 - 22.JPG => moved successfully
C:\Users\Betty\AppData\Local\tmp0423030047 - 2222.JPG => moved successfully
C:\Users\Betty\AppData\Roaming\wklnhst.dat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45689485 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 369897230 B
Edge => 0 B
Chrome => 0 B
Firefox => 419665918 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 7010457 B
systemprofile32 => 65353426 B
LocalService => 132244 B
NetworkService => 66228 B
Betty => 91541206 B

RecycleBin => 0 B
EmptyTemp: => 961.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:49:15 ====



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 24 October 2017 - 08:08 AM

Good! How's your system behaving now? Are there any more issues to address?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Nemesis23

Nemesis23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 24 October 2017 - 08:14 AM

It looks like the big problems from the trojans have been resolved. Did you see anything of concern regarding the list of processes running during any of my reports? With only one Firefox window open currently, my CPU usage is around 50%. It's an older computer but that seems high...



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 24 October 2017 - 08:25 AM

I don't see anything wrong with your processes. Do you know which one is using the most CPU?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Nemesis23

Nemesis23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 25 October 2017 - 08:05 AM

Everything looks OK except Firefox. With only one open window currently, I have five "firefox.exe" processes running while using a collective

 

641,000 K of memory. That seems like a lot for a computer with so little running at the moment...



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 28 October 2017 - 02:19 PM

Sorry for the delay. Could be an issue with Firefox. I would try reinstalling it and see if the issue persists for starters.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users