Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious redirection 21


  • This topic is locked This topic is locked
9 replies to this topic

#1 rd985

rd985

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 30 June 2018 - 08:58 AM

I had a problem and now I’m not sure if I still do.

 

When using Firefox, I had been getting multiple occurrences of a firewall intrusion detection alert from Norton Security – “Web Site attack: malicious redirection 21”.  The source was ancestery.com (note the typo in the name) 104.237.196.115.  The ancestery.com link was ancestery.com/js followed by lots of miscellaneous characters.  I also had a warning once or twice of a large amount of outgoing data. 

 

I was prompted to use Norton Power Eraser.  I did that, and was told no issues were found.  I did a full scan using Norton, and no issues were found.  I uninstalled Firefox from the Add/Remove Programs control item (or whatever it’s called in Win 8.1).  It called what it did a refresh. Afterwards, I still had the firewall alert problem. 

 

I added to the host file the website name ancestery.com and the IP address 127.0.0.1.  That eliminated the firewall alert.  Because this blocks the hostname and not the IP, I went the further step and created a rule in the Norton Security Firewall to block incoming and outgoing traffic to the IP address associated with the hostile website.  I put this rule at the bottom of all the firewall rules.  I subsequently noticed that Firefox started up much faster. 

 

Believing that what I did was a temporary fix, I found and followed the beepingcomputer.com guide to remove redirect viruses.  I followed all the steps.  The only step I could not do was the deep scan in Zemana as that option was not provided.  I used the regular scan instead.  In all cases, I found no threats.  AdwCleaner found and removed in PUP.Optional.Legacy some search providers related to ask.com and AOL.

 

I rebooted the PC, removed the firewall block, rebooted the PC, and commented out the hosts entry.  I then invoked Firefox.  Firefox upgraded itself.  Then when I started Firefox, I experienced the malicious redirection warning with a different IP address, 200.63.47.3.

 

I then went through all the steps in the guide another time.  No threats were found.  The malicious warning still appeared. 

 

The next day, I booted up the PC and invoked Firefox.  Now I do not experience the problem.  I still have Mallwarebytes, Emsisoft, Zemana AntiMalware, and Norton Security on my machine.  None of them are issuing alerts or reporting problems.  My computer is slow; it takes longer to startup applications.s

Do I still have an infection?  How do I know?

 

Thanks!

=========================================

==================== FRST LOG ===========

=========================================

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by daniel (administrator) on OFFICE-PC (27-06-2018 20:39:27)
Running from C:\Users\daniel\Desktop\Virus Removal Tools
Loaded Profiles: daniel (Available Profiles: daniel & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\nortonsecurity.exe
(Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\nortonsecurity.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Array Networks\MotionPro VPN Client\MotionProHttpd.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\conathst.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-24] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1437624 2017-12-29] (Array Networks)
HKLM\...\Run: [LaunchMhttpd] => C:\Program Files\Array Networks\MotionPro VPN Client\MPInit.exe [1516984 2017-12-29] (Array Networks)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8809720 2018-06-26] (Emsisoft Ltd)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LaunchMhttpd] => C:\Program Files\Array Networks\MotionPro VPN Client\MPInit.exe [1516984 2017-12-29] (Array Networks)
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2018-03-13]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{657C60F7-7CA4-457A-A231-66658BC60C31}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE3C3216-F224-4A68-9DC8-5A8BCDEB7631}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.14.2.13&locale=en_US&guid=C14BFC53-54A9-4CB6-8028-ECD9D6E0769C&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-15] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-06-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-08] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 57ekzevs.default-1530063131099
FF ProfilePath: C:\Users\daniel\AppData\Roaming\Mozilla\Firefox\Profiles\57ekzevs.default-1530063131099 [2018-06-27]
FF Extension: (IBM Security Rapport) - C:\Users\daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-02-04]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-06-26] [Legacy] [not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\motionpro_trust_system_rootca.js [2017-12-29]
 
Chrome: 
=======
CHR Profile: C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default [2018-06-27]
CHR Extension: (Slides) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Prophet) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\alikckkmddkoooodkchoheabgakpopmg [2017-06-08]
CHR Extension: (Docs) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (IBM Security Rapport) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-19]
CHR Extension: (YouTube) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-22]
CHR Extension: (Adobe Acrobat) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-01]
CHR Extension: (Sheets) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-06]
CHR Extension: (Norton Identity Safe) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-06-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-06]
CHR Extension: (Crystal) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2018-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9388936 2018-06-26] (Emsisoft Ltd)
R2 AdobeActiveFileMonitor11.0; c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Brother XP spl Service; C:\WINDOWS\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [53288 2017-04-12] (Mozy, Inc.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.2.13\NortonSecurity.exe [328648 2018-05-30] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5253624 2018-05-23] (IBM Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1401272 2017-12-29] (Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2392504 2017-12-29] (Array Networks)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-05-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-05-23] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
S3 ATP; C:\WINDOWS\system32\DRIVERS\atpdrvr_7_x64.sys [19456 2017-12-29] (Array Networks)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\BASHDefs\20180626.007\BHDrvx64.sys [1879632 2018-04-30] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\ccSetx64.sys [187520 2018-05-29] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-03-24] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [142952 2018-06-26] (Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37064 2018-06-26] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-04-01] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-06-26] (Malwarebytes)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\IPSDefs\20180627.061\IDSvia64.sys [1298000 2018-05-24] (Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-27] (Malwarebytes)
R1 mozyFilter; C:\WINDOWS\System32\DRIVERS\mozyFilter.sys [68904 2017-12-18] (Mozy, Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [496744 2018-05-23] (IBM Corp.)
R1 RapportCerberus_1919106; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1919106.sys [1645288 2018-06-15] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [712488 2018-05-23] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [340904 2018-05-23] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [605160 2018-05-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [751976 2018-05-23] (IBM Corp.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SRTSP64.SYS [838224 2018-05-29] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\SRTSPX64.SYS [49232 2018-05-29] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SYMEFASI64.SYS [1942096 2018-05-29] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SymELAM.sys [24584 2018-05-29] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\Ironx64.SYS [307792 2018-05-29] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SYMNETS.SYS [566912 2018-05-29] (Symantec Corporation)
R1 vpntdi; C:\WINDOWS\System32\drivers\vpntdi64.sys [65360 2017-12-29] (Array Networks)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-05-23] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-05-23] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-05-23] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\wpCtrlDrv.sys [1015592 2018-05-29] (Symantec Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-26] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170523.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170523.003\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-27 20:39 - 2018-06-27 20:39 - 000000000 ____D C:\FRST
2018-06-27 20:33 - 2018-06-27 20:33 - 000000000 ___SH C:\DkHyperbootSync
2018-06-26 21:49 - 2018-06-26 21:51 - 000002148 _____ C:\Users\daniel\Desktop\Rkill.txt
2018-06-26 21:23 - 2018-06-26 20:42 - 000037064 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2018-06-26 21:18 - 2018-06-26 21:22 - 000000000 ____D C:\AdwCleaner
2018-06-26 21:03 - 2018-06-27 20:40 - 000090798 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-26 21:03 - 2018-06-27 20:40 - 000058943 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-26 21:03 - 2018-06-26 21:03 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-26 21:03 - 2018-06-26 21:03 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-26 21:03 - 2018-06-26 21:03 - 000001166 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\Users\daniel\AppData\Local\Zemana
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-06-26 20:42 - 2018-06-26 21:01 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-26 20:30 - 2018-06-27 19:59 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-26 20:30 - 2018-06-26 20:30 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-26 20:29 - 2018-06-26 20:29 - 000000910 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-06-26 20:29 - 2018-06-26 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-06-26 20:28 - 2018-06-27 19:59 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-06-26 20:16 - 2018-06-26 20:29 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-26 20:16 - 2018-06-26 20:16 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-26 19:30 - 2018-06-27 20:39 - 000000000 ____D C:\Users\daniel\Desktop\Virus Removal Tools
2018-06-24 21:27 - 2018-06-24 21:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-06-24 19:15 - 2018-03-11 19:40 - 000000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bup2
2018-06-24 18:34 - 2018-06-26 21:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-24 18:34 - 2018-06-26 21:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-24 18:34 - 2018-06-26 21:45 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-24 18:34 - 2018-06-26 21:32 - 000000000 ____D C:\Users\daniel\Desktop\Old Firefox Data
2018-06-24 18:34 - 2018-06-24 18:34 - 000000938 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-24 18:32 - 2018-06-24 18:32 - 000313560 _____ (Mozilla) C:\Users\daniel\Downloads\Firefox Installer.exe
2018-06-24 18:26 - 2018-06-24 18:26 - 000209616 _____ C:\Users\daniel\Desktop\bookmarks.html
2018-06-24 18:11 - 2018-06-24 18:11 - 000000114 _____ C:\WINDOWS\ntbtlog.txt
2018-06-23 10:35 - 2018-06-23 10:35 - 000003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-06-23 10:35 - 2018-06-23 10:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-06-15 22:02 - 2018-05-25 01:10 - 025742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-15 22:02 - 2018-05-25 00:38 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-15 22:02 - 2018-05-25 00:34 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-15 22:02 - 2018-05-24 23:53 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-15 22:02 - 2018-05-24 23:38 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-15 22:02 - 2018-05-23 01:39 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-15 22:02 - 2018-05-15 01:47 - 002334624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-15 22:02 - 2018-05-15 01:33 - 001308352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-15 22:02 - 2018-05-15 00:57 - 002324752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-15 22:02 - 2018-05-12 17:11 - 000532664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-15 22:02 - 2018-05-12 16:51 - 002014040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-15 22:02 - 2018-05-12 16:51 - 000923480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-15 22:02 - 2018-05-05 15:05 - 001543800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-15 22:02 - 2018-05-05 14:15 - 001178136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-15 22:02 - 2018-05-05 12:38 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-06-15 22:02 - 2018-05-05 12:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-06-15 22:02 - 2018-04-07 12:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-06-15 22:02 - 2018-04-07 12:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-06-15 22:02 - 2018-04-07 11:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-15 22:02 - 2018-04-07 11:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-15 22:02 - 2018-03-28 21:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-06-15 22:02 - 2018-03-28 20:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-06-15 22:01 - 2018-05-25 00:44 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-15 22:01 - 2018-05-25 00:32 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-15 22:01 - 2018-05-25 00:16 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-15 22:01 - 2018-05-25 00:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-15 22:01 - 2018-05-25 00:03 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-06-15 22:01 - 2018-05-24 23:56 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-15 22:01 - 2018-05-24 23:55 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-15 22:01 - 2018-05-24 23:55 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-15 22:01 - 2018-05-24 23:53 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-15 22:01 - 2018-05-24 23:44 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-06-15 22:01 - 2018-05-24 23:42 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-15 22:01 - 2018-05-24 23:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-15 22:01 - 2018-05-24 23:39 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-15 22:01 - 2018-05-24 23:38 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-15 22:01 - 2018-05-24 23:38 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-15 22:01 - 2018-05-24 23:29 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-15 22:01 - 2018-05-24 23:19 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-15 22:01 - 2018-05-24 23:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-15 22:01 - 2018-05-24 23:15 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-15 22:01 - 2018-05-24 23:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-15 22:01 - 2018-05-23 01:56 - 007406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-15 22:01 - 2018-05-23 01:45 - 000027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-15 22:01 - 2018-05-23 00:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-15 22:01 - 2018-05-15 01:47 - 000244304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-15 22:01 - 2018-05-15 00:17 - 000032640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-15 22:01 - 2018-05-15 00:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2018-06-15 22:01 - 2018-05-14 23:05 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-15 22:01 - 2018-05-14 22:57 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-15 22:01 - 2018-05-14 22:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-15 22:01 - 2018-05-12 17:06 - 000567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-15 22:01 - 2018-05-12 15:08 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-06-15 22:01 - 2018-05-10 23:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-06-15 22:01 - 2018-04-07 12:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-06-15 22:01 - 2018-04-07 12:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-15 22:01 - 2018-04-05 13:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2018-06-15 22:01 - 2018-04-05 13:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2018-06-15 22:01 - 2018-03-28 21:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-06-15 22:01 - 2018-03-28 21:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-06-15 22:01 - 2018-03-28 21:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-06-15 22:01 - 2018-03-28 20:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-05-28 08:41 - 2018-05-28 08:41 - 000000000 ____D C:\Users\daniel\AppData\Roaming\hpqlog
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-27 20:09 - 2017-05-22 17:42 - 000000000 ____D C:\Users\daniel\AppData\Local\Packages
2018-06-27 20:09 - 2016-11-18 21:04 - 000000000 ____D C:\Users\daniel\AppData\LocalLow\Mozilla
2018-06-27 20:05 - 2013-06-22 10:34 - 000398336 ___SH C:\Users\daniel\Downloads\Thumbs.db
2018-06-27 20:03 - 2017-05-22 17:50 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3958809370-4289238950-2513130531-1001
2018-06-27 20:00 - 2017-05-23 14:20 - 000000000 ___RD C:\Users\daniel\Google Drive
2018-06-27 19:59 - 2017-12-07 20:46 - 000000000 ___RD C:\Users\daniel\OneDrive
2018-06-27 19:58 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-27 19:57 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-06-27 19:53 - 2017-05-22 17:44 - 000003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B179402B-5D9D-4DA4-AA9F-C2FF0ED7B841}
2018-06-27 19:51 - 2017-04-12 12:06 - 000008912 _____ C:\WINDOWS\mozy.blk
2018-06-27 19:51 - 2017-04-12 12:06 - 000004594 _____ C:\WINDOWS\mozy.flt
2018-06-26 22:07 - 2017-05-22 23:50 - 000000000 ____D C:\Users\daniel
2018-06-26 21:03 - 2013-04-28 12:20 - 000492544 ___SH C:\Users\daniel\Desktop\Thumbs.db
2018-06-26 19:39 - 2017-06-01 11:27 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 19:39 - 2017-06-01 11:27 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-24 18:30 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-24 18:29 - 2018-04-15 20:49 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordaniel.job
2018-06-24 18:29 - 2017-05-23 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-24 18:17 - 2017-10-02 12:13 - 000000000 ____D C:\Users\daniel\AppData\Local\NPE
2018-06-23 16:34 - 2017-05-23 09:45 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-23 10:35 - 2018-04-26 21:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-06-23 10:35 - 2018-02-27 23:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-06-23 10:35 - 2017-05-23 09:13 - 000099920 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2018-06-23 10:35 - 2017-05-23 09:13 - 000010396 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2018-06-23 10:35 - 2017-05-23 09:13 - 000002271 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-06-23 10:35 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-06-23 10:18 - 2018-04-15 20:49 - 000003172 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordaniel
2018-06-23 10:17 - 2017-07-27 16:56 - 000003176 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3958809370-4289238950-2513130531-1001
2018-06-23 10:16 - 2017-05-23 13:28 - 000002348 _____ C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-17 22:04 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2018-06-15 22:48 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-15 22:46 - 2013-03-28 14:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-15 22:30 - 2017-10-19 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-06-15 22:29 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-15 22:24 - 2017-05-22 20:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-15 22:20 - 2017-10-11 13:54 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-15 22:19 - 2017-05-22 20:01 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-15 22:19 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-09 16:11 - 2017-05-23 13:42 - 000000000 ____D C:\Program Files (x86)\Quicken
2018-06-05 15:19 - 2018-03-19 15:46 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 15:19 - 2018-03-19 15:46 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-03 16:37 - 2015-02-22 19:28 - 000000000 ____D C:\Users\daniel\Downloads\tmp
2018-06-03 13:03 - 2017-05-26 09:38 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-03 13:02 - 2013-04-13 09:41 - 000141914 ____N C:\WINDOWS\Minidump\060318-89296-01.dmp
2018-06-01 18:51 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-01 18:49 - 2017-09-21 10:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-06-01 18:49 - 2017-05-23 14:18 - 000002018 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-06-01 18:49 - 2017-05-23 14:18 - 000002016 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-06-01 18:49 - 2017-05-23 14:18 - 000002006 _____ C:\Users\Public\Desktop\Google Docs.lnk
 
==================== Files in the root of some directories =======
 
2016-12-01 13:51 - 2016-11-30 12:02 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2017-05-28 17:38 - 2017-05-28 17:38 - 000007625 _____ () C:\Users\daniel\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-23 18:38
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by daniel (27-06-2018 20:41:20)
Running from C:\Users\daniel\Desktop\Virus Removal Tools
Windows 8.1 (Update) (X64) (2017-05-23 04:37:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3958809370-4289238950-2513130531-500 - Administrator - Disabled) => C:\Users\Administrator
daniel (S-1-5-21-3958809370-4289238950-2513130531-1001 - Administrator - Enabled) => C:\Users\daniel
Guest (S-1-5-21-3958809370-4289238950-2513130531-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3958809370-4289238950-2513130531-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Norton Security (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-f8d071b8-358e-455c-85cc-f8c2a86123cc) (Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DDF578ED-2300-5C4B-CF4A-E2AE7E6457A6}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-0d5f7d0b-b3db-4025-8511-502154f5e812) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J825DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-96856aa9-f9a3-43f8-8bc4-76c4f99f17e3) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-9922bb0d-ae94-47b5-a62b-e6b63e1413d0) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-44b1b3ef-77c5-4e36-9d8d-920701c26605) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2018.1 - Emsisoft Ltd.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Farm Frenzy (HKLM-x32\...\WTA-591eea2a-45b2-44b8-9020-25dd23907d71) (Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (HKLM-x32\...\WTA-d1b05145-afef-4ec6-bbd8-ad573d982692) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-b1a9c1a3-92a7-4de6-9cb8-70825a5b79d8) (Version: 2.2.0.95 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (HKLM-x32\...\WTA-107041c2-fb82-4861-9630-4fb56d6ab23f) (Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-c0043e6c-8f02-4e3d-8d19-a06ed8ae928c) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-c695466d-08e6-4674-8404-82e7e15547a4) (Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-90f70172-e6b0-4116-b212-b6c0c828b120) (Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (HKLM-x32\...\{D26C94D9-E7F6-67F0-FA9E-CA98C6BEE32C}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-4672099e-6c11-469e-adad-a2d0929c762c) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-1831cf63-e90e-4588-afeb-11a6b1b63685) (Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\JoinMe) (Version: 3.6.1.5386 - LogMeIn, Inc.)
Luxor Evolved (HKLM-x32\...\WTA-8ac6e43b-cc36-44e7-9094-5b030413d715) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-bf337c9e-91db-422b-bbbf-55d3549e994e) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-e3a3fc0f-fa2b-410d-9cc1-f7c3ffea3e8c) (Version: 2.2.0.98 - WildTangent) Hidden
MotionPro (HKLM\...\MotionPro VPN Client) (Version: 9.4.0.0 - Array Networks)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
MozyHome (HKLM\...\{0E7B1B4B-1589-CF5A-170C-5556B51DC1C8}) (Version: 2.36.5.646 - Mozy, Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-27c07801-7302-4e8d-8f09-dd2dd1b9866c) (Version: 2.2.0.98 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NGC) (Version: 22.14.2.13 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-4798266e-0c71-40a3-9c08-f254ff172852) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-5a0f230c-cacf-4d08-af46-3f06adeadc7e) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-76332420-f00a-44f9-b9c9-0fdf795db67d) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-50878abd-dd06-4047-a1c1-58ea13a866d6) (Version: 2.2.0.98 - WildTangent) Hidden
PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.9.34 - Quicken)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1919.126 - Trusteer) Hidden
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-22d4acd2-7a01-4039-bdec-79e551e2bccf) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-a9a55679-8f71-413e-92b1-64bd377602a7) (Version: 3.0.2.32 - WildTangent) Hidden
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Tales of Lagoona (HKLM-x32\...\WTA-507a241b-f457-49e9-9e23-8400cf3c5882) (Version: 2.2.0.110 - WildTangent) Hidden
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1919.126 - Trusteer)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
XMind 8 Update 1 (v3.7.1) (HKLM-x32\...\XMind_is1) (Version: 3.7.1.201612151837 - XMind Ltd.)
Youda Jewel Shop (HKLM-x32\...\WTA-762cef5b-7507-472c-a6af-aef7b95fc0be) (Version: 3.0.2.32 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zuma's Revenge (HKLM-x32\...\WTA-73a00aa9-fe83-4da5-b7d7-1fb216c8fc6d) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\daniel\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-26] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-10-15] (Cyberlink)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-10-15] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers2-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers3-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-11-14] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-26] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers6-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C8DCF82-435E-4F0F-B2B3-D5B4D78BBC8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {0CE0C709-157A-42D3-AECB-72980481362A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {1B7A4A0A-E175-4413-BC1F-6279DC9E3C07} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-05-30] (Symantec Corporation)
Task: {24541BFB-F300-4678-BA6D-A4EFC5670EBC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-15] (Microsoft Corporation)
Task: {24E0747F-2B99-4A68-BE06-9238DF765240} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {2995EE17-F6FA-4ABB-B554-F16C85E8A511} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {3558C8B7-2090-42C7-80DC-0498AEC2DA10} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-15] (Microsoft Corporation)
Task: {3D34ED28-ACD6-4F1C-8007-23E41F181733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {3F485AC4-E06A-420C-9E17-E472172F5B29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-15] (Microsoft Corporation)
Task: {416E6414-23C8-452B-9698-2E1DE72FD188} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5055CF52-6CB9-4AB0-AB03-413E397FCC56} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {75C278D6-F1E6-40D6-93D4-F03D407B6E88} - System32\Tasks\HPCeeScheduleFordaniel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {76E452E8-E1D3-41AF-A1C8-516C756393B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {77317265-3AC6-4893-BCA5-908F4D3C9A27} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-15] (Microsoft Corporation)
Task: {87623FCE-6CBD-4601-AB78-E3A748496ACB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {8BC9F8D1-46EA-4855-B135-9F2D04CB609A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-15] (Microsoft Corporation)
Task: {91436B3A-40EC-4A32-9737-F5E4CDF7F5BC} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {947AF37E-B29F-4502-9C10-6E2154AE98E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A8195C96-926B-4F3D-953F-E4C339BFE430} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-15] (Microsoft Corporation)
Task: {C7F82FBA-2DF1-49FA-99A3-970200D20F17} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
Task: {CAF8CDC3-6BCB-44DC-B335-819BF9B35D4C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.14.2.13\WSCStub.exe [2018-05-30] (Symantec Corporation)
Task: {E17674BB-F242-4CA9-91EE-A3DD496AF603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {EE84B98E-DE74-4BCB-93CA-4250EDA9389B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {FB11E8CF-95C8-4C83-B523-926EE1FAEEF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FE4CD25D-AF8C-425C-9CC5-45B8B1F811B6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordaniel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-06 14:59 - 2005-04-22 00:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2018-06-26 20:16 - 2018-06-26 20:29 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-26 20:16 - 2018-06-26 20:29 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-18 16:19 - 2018-06-01 05:06 - 008934064 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-06-26 21:03 - 2018-06-26 21:03 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-29 02:48 - 2017-12-29 02:48 - 006194616 _____ () C:\Program Files\Array Networks\MotionPro VPN Client\MotionProHttpd.exe
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-06-27 19:59 - 2018-06-27 19:59 - 000113152 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_ctypes.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000080896 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\bz2.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 001585152 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_hashlib.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000128512 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32api.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000137728 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\pywintypes27.dll
2018-06-27 19:59 - 2018-06-27 19:59 - 000548864 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\pythoncom27.dll
2018-06-27 19:59 - 2018-06-27 19:59 - 000689664 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\unicodedata.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000438784 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32com.shell.shell.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 001489408 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\wx._core_.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 001007104 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\wx._gdi_.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 001039872 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\wx._windows_.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 001325056 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\wx._controls_.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000916992 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\wx._misc_.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 001084416 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\pysqlite2._sqlite.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000149504 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32file.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000136192 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32security.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000007680 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\hashobjs_ext.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000020992 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\thumbnails_ext.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000118784 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\usb_ext.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000047616 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_socket.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 002224640 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_ssl.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000014848 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\common.time34.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000023040 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32event.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000034304 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\windows.conditional.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000020480 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\windows.winwrap.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000110080 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\windows.volumes.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000223232 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32gui.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000173568 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_elementtree.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000169472 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\pyexpat.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000048128 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32inet.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000103424 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\wx._html2.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000046080 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_psutil_windows.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000633272 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\windows._cacheinvalidation.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000011776 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32crypt.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000301568 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\PIL._imaging.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000032256 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_multiprocessing.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 005458944 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\cello.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000026112 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\_yappi.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000044032 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32process.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000027648 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32pipe.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000010752 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\select.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000029696 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32pdh.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000038400 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\windows.connectivity.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000073216 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\windows.device_monitor.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000020480 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32profile.pyd
2018-06-27 19:59 - 2018-06-27 19:59 - 000026624 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI62882\win32ts.pyd
2017-12-18 17:41 - 2017-12-18 17:41 - 000070656 _____ () C:\Program Files\MozyHome\zlib1.dll
2018-06-26 19:39 - 2018-06-22 15:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 19:39 - 2018-06-22 15:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2013-03-28 14:12 - 2012-06-07 23:34 - 000627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 000016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-09-06 14:58 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-03-28 14:07 - 2012-07-18 04:50 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-08-15 18:18 - 2017-11-30 19:26 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vpntdi => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vpntdi => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\sharepoint.com -> hxxps://icimsinc-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-06-27 20:22 - 000000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE426F4E-54F0-47F2-B7B6-4BB2B8C8125D}] => (Allow) LPort=1900
FirewallRules: [{C750B8C6-8F42-4977-96E1-8992A1D8E6EE}] => (Allow) LPort=2869
FirewallRules: [{59DCB8D6-98F3-4987-84FD-82C2883A88C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A355E52F-A56E-4214-BEB3-B7B0CD3FD0E6}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7CDFA03C-19D4-4010-8A70-15445AE82E91}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{741BFE57-12CD-4EE7-AA43-F5EF018CB4DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{47F25E0F-1F0A-48C7-A43A-3211E0F7B70F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80F1B4AC-8C8E-41B0-8040-4AB2CD0CDD9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18D72654-6636-4AEE-A9FA-91711FD95EE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AA80A7A-387D-4CD7-98CB-786CF37F2479}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{7FC70969-5693-4467-BA68-3DB29D0E347A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{30AD3F61-8CB9-47D7-8868-3B8B749AC263}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{BBB22E98-D6DD-49A4-9330-5F3BF83F026C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{270A9316-19DF-4E1D-8C46-5EA2B3A6079C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8BD7EE1E-24AD-420D-A1E2-BF2B2E5BBA08}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{41052E81-E92C-4583-9C0A-0B33E68F2CAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67052DFF-C1B1-404F-ABF7-BA9D5DE8C56F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6641AA24-C38A-403A-AF82-9822ED2571E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5DA1B26-081E-4547-9719-DA6C52939BBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C6087B99-DEDD-4677-9DDC-F25814A5C77B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AC987D9B-5361-4FFE-AF97-9CC03EB7EEF3}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{8876525C-DBCD-449E-9F11-1EDA54A6B4A9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{719708A7-99EC-4A99-9707-AE2DD4CFC560}] => (Allow) LPort=54925
FirewallRules: [{AD39D7D1-6A9D-43BD-B3BF-911442CA2A4B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6136AB8B-C20B-4AAF-BC00-A62DCA68FCA6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{58221F31-850F-46BA-A66F-147ABB383883}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5349C18E-3A26-4BEF-B7DB-C78B22D67D83}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54296DDB-68C7-4DB2-8C4B-E9207DAC28C1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5263B784-0BDC-4BBD-B43C-D85139056CB3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{23F5EFD9-7313-4329-8BBA-7F707E5387B7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2B81F8F2-7EC5-4B00-8F23-794EA86883B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DFBF6C3A-F0EA-40C7-B05A-2C6479735FCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4E4886E0-D024-4CEC-8AC5-78EEFD748F33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AB31026E-C939-4E6B-8A2E-64A7CCDA1BEF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9D9E83E3-EFD8-49FC-812C-58DFEA368D39}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{50AFE82F-2503-4C85-B376-96AD98342BE9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1EA50C8-F2B2-4B75-B842-D703B5F7C758}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1EB3FCA8-9499-46AE-BC1B-61BA4FCACD71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-06-2018 10:34:45 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Array Networks VPN Adapter
Description: Array Networks SSL VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Array Networks
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2018 10:22:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3562
 
Error: (06/26/2018 10:22:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3562
 
Error: (06/26/2018 10:22:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/26/2018 10:22:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2343
 
Error: (06/26/2018 10:22:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2343
 
Error: (06/26/2018 10:22:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/26/2018 10:22:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
 
Error: (06/26/2018 10:22:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
 
 
System errors:
=============
Error: (06/26/2018 09:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/26/2018 09:38:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (06/26/2018 09:23:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
The pipe has been ended.
 
Error: (06/26/2018 09:23:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (06/26/2018 09:23:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
The pipe has been ended.
 
Error: (06/26/2018 09:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/26/2018 09:23:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.
 
Error: (06/26/2018 09:22:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
===================================
Date: 2017-05-23 09:00:35.269
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible. 
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
 
CodeIntegrity:
===================================
 
Date: 2018-06-26 21:40:29.706
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-26 21:23:24.629
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-06-26 21:18:49.584
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-26 21:04:37.665
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-06-26 21:02:29.752
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 57%
Total physical RAM: 8130.12 MB
Available physical RAM: 3450.88 MB
Total Virtual: 8530.12 MB
Available Virtual: 3167.71 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:910.93 GB) (Free:775.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.33 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:236.37 GB) NTFS
 
\\?\Volume{9ca50bac-5836-4e0b-87bb-ee432b5eb394}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{6c9a9534-f98c-4e6c-bedd-81d95c10b810}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS
\\?\Volume{69612647-95ed-48f2-bc4f-365eb8f81d38}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 09BD7950)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: D9CE5F7D)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A4B57300)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 05 July 2018 - 09:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/679879 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rd985

rd985
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 07 July 2018 - 03:48 PM

I have not used this computer this my post.  It is running very slowly.

 

--------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by daniel (administrator) on OFFICE-PC (07-07-2018 09:37:53)
Running from C:\Users\daniel\Desktop\Virus Removal Tools
Loaded Profiles: daniel & Administrator (Available Profiles: daniel & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\nortonsecurity.exe
(Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\nortonsecurity.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Array Networks\MotionPro VPN Client\MotionProHttpd.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-24] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1437624 2017-12-29] (Array Networks)
HKLM\...\Run: [LaunchMhttpd] => C:\Program Files\Array Networks\MotionPro VPN Client\MPInit.exe [1516984 2017-12-29] (Array Networks)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8811768 2018-07-07] (Emsisoft Ltd)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LaunchMhttpd] => C:\Program Files\Array Networks\MotionPro VPN Client\MPInit.exe [1516984 2017-12-29] (Array Networks)
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-3958809370-4289238950-2513130531-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2018-03-13]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{657C60F7-7CA4-457A-A231-66658BC60C31}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE3C3216-F224-4A68-9DC8-5A8BCDEB7631}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
URLSearchHook: [S-1-5-21-3958809370-4289238950-2513130531-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.14.2.13&locale=en_US&guid=C14BFC53-54A9-4CB6-8028-ECD9D6E0769C&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-15] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-06-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-08] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-01] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 57ekzevs.default-1530063131099
FF ProfilePath: C:\Users\daniel\AppData\Roaming\Mozilla\Firefox\Profiles\57ekzevs.default-1530063131099 [2018-07-01]
FF Extension: (IBM Security Rapport) - C:\Users\daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-02-04]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-06-26] [Legacy] [not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\motionpro_trust_system_rootca.js [2017-12-29]
 
Chrome: 
=======
CHR Profile: C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default [2018-07-01]
CHR Extension: (Slides) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Prophet) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\alikckkmddkoooodkchoheabgakpopmg [2017-06-08]
CHR Extension: (Docs) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (IBM Security Rapport) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-19]
CHR Extension: (YouTube) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-22]
CHR Extension: (Adobe Acrobat) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-01]
CHR Extension: (Sheets) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-06]
CHR Extension: (Norton Identity Safe) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-06-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-06]
CHR Extension: (Crystal) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2018-07-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9401920 2018-07-07] (Emsisoft Ltd)
R2 AdobeActiveFileMonitor11.0; c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Brother XP spl Service; C:\WINDOWS\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [53288 2017-04-12] (Mozy, Inc.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.2.13\NortonSecurity.exe [328648 2018-05-30] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5253624 2018-05-23] (IBM Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1401272 2017-12-29] (Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2392504 2017-12-29] (Array Networks)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-05-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-05-23] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
S3 ATP; C:\WINDOWS\system32\DRIVERS\atpdrvr_7_x64.sys [19456 2017-12-29] (Array Networks)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\BASHDefs\20180627.005\BHDrvx64.sys [1879632 2018-04-30] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\ccSetx64.sys [187520 2018-05-29] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-03-24] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [142952 2018-06-26] (Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37064 2018-06-26] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-04-01] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-06-26] (Malwarebytes)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\IPSDefs\20180629.061\IDSvia64.sys [1298000 2018-05-24] (Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-07-07] (Malwarebytes)
R1 mozyFilter; C:\WINDOWS\System32\DRIVERS\mozyFilter.sys [68904 2017-12-18] (Mozy, Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [496744 2018-05-23] (IBM Corp.)
R1 RapportCerberus_1919106; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1919106.sys [1645288 2018-06-15] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [712488 2018-05-23] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [340904 2018-05-23] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [605160 2018-05-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [751976 2018-05-23] (IBM Corp.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SRTSP64.SYS [838224 2018-05-29] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\SRTSPX64.SYS [49232 2018-05-29] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SYMEFASI64.SYS [1942096 2018-05-29] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SymELAM.sys [24584 2018-05-29] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\Ironx64.SYS [307792 2018-05-29] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SYMNETS.SYS [566912 2018-05-29] (Symantec Corporation)
R1 vpntdi; C:\WINDOWS\System32\drivers\vpntdi64.sys [65360 2017-12-29] (Array Networks)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-05-23] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-05-23] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-05-23] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\wpCtrlDrv.sys [1015592 2018-05-29] (Symantec Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-26] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170523.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170523.003\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-01 11:00 - 2018-07-01 11:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-07-01 05:28 - 2018-07-01 05:28 - 000000000 ___SH C:\DkHyperbootSync
2018-06-27 20:39 - 2018-07-07 09:37 - 000000000 ____D C:\FRST
2018-06-26 21:49 - 2018-06-26 21:51 - 000002148 _____ C:\Users\daniel\Desktop\Rkill.txt
2018-06-26 21:23 - 2018-06-26 20:42 - 000037064 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2018-06-26 21:18 - 2018-06-26 21:22 - 000000000 ____D C:\AdwCleaner
2018-06-26 21:03 - 2018-07-07 09:39 - 000656122 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-26 21:03 - 2018-07-07 09:39 - 000650251 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-26 21:03 - 2018-06-26 21:03 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-26 21:03 - 2018-06-26 21:03 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-26 21:03 - 2018-06-26 21:03 - 000001166 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\Users\daniel\AppData\Local\Zemana
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-06-26 20:42 - 2018-06-26 21:01 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-26 20:30 - 2018-07-07 09:38 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-26 20:30 - 2018-06-26 20:30 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-26 20:29 - 2018-06-26 20:29 - 000000910 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-06-26 20:29 - 2018-06-26 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-06-26 20:28 - 2018-07-07 09:38 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-06-26 20:16 - 2018-06-26 20:29 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-26 20:16 - 2018-06-26 20:16 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-26 19:30 - 2018-07-07 09:37 - 000000000 ____D C:\Users\daniel\Desktop\Virus Removal Tools
2018-06-24 19:15 - 2018-03-11 19:40 - 000000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bup2
2018-06-24 18:34 - 2018-06-26 21:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-24 18:34 - 2018-06-26 21:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-24 18:34 - 2018-06-26 21:45 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-24 18:34 - 2018-06-26 21:32 - 000000000 ____D C:\Users\daniel\Desktop\Old Firefox Data
2018-06-24 18:34 - 2018-06-24 18:34 - 000000938 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-24 18:32 - 2018-06-24 18:32 - 000313560 _____ (Mozilla) C:\Users\daniel\Downloads\Firefox Installer.exe
2018-06-24 18:26 - 2018-06-24 18:26 - 000209616 _____ C:\Users\daniel\Desktop\bookmarks.html
2018-06-24 18:11 - 2018-06-24 18:11 - 000000114 _____ C:\WINDOWS\ntbtlog.txt
2018-06-23 10:35 - 2018-06-23 10:35 - 000003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-06-23 10:35 - 2018-06-23 10:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-06-15 22:02 - 2018-05-25 01:10 - 025742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-15 22:02 - 2018-05-25 00:38 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-15 22:02 - 2018-05-25 00:34 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-15 22:02 - 2018-05-24 23:53 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-15 22:02 - 2018-05-24 23:38 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-15 22:02 - 2018-05-23 01:39 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-15 22:02 - 2018-05-15 01:47 - 002334624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-15 22:02 - 2018-05-15 01:33 - 001308352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-15 22:02 - 2018-05-15 00:57 - 002324752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-15 22:02 - 2018-05-12 17:11 - 000532664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-15 22:02 - 2018-05-12 16:51 - 002014040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-15 22:02 - 2018-05-12 16:51 - 000923480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-15 22:02 - 2018-05-05 15:05 - 001543800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-15 22:02 - 2018-05-05 14:15 - 001178136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-15 22:02 - 2018-05-05 12:38 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-06-15 22:02 - 2018-05-05 12:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-06-15 22:02 - 2018-04-07 12:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-06-15 22:02 - 2018-04-07 12:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-06-15 22:02 - 2018-04-07 11:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-15 22:02 - 2018-04-07 11:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-15 22:02 - 2018-03-28 21:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-06-15 22:02 - 2018-03-28 20:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-06-15 22:01 - 2018-05-25 00:44 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-15 22:01 - 2018-05-25 00:32 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-15 22:01 - 2018-05-25 00:16 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-15 22:01 - 2018-05-25 00:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-15 22:01 - 2018-05-25 00:03 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-06-15 22:01 - 2018-05-24 23:56 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-15 22:01 - 2018-05-24 23:55 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-15 22:01 - 2018-05-24 23:55 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-15 22:01 - 2018-05-24 23:53 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-15 22:01 - 2018-05-24 23:44 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-06-15 22:01 - 2018-05-24 23:42 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-15 22:01 - 2018-05-24 23:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-15 22:01 - 2018-05-24 23:39 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-15 22:01 - 2018-05-24 23:38 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-15 22:01 - 2018-05-24 23:38 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-15 22:01 - 2018-05-24 23:29 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-15 22:01 - 2018-05-24 23:19 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-15 22:01 - 2018-05-24 23:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-15 22:01 - 2018-05-24 23:15 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-15 22:01 - 2018-05-24 23:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-15 22:01 - 2018-05-23 01:56 - 007406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-15 22:01 - 2018-05-23 01:45 - 000027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-15 22:01 - 2018-05-23 00:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-15 22:01 - 2018-05-15 01:47 - 000244304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-15 22:01 - 2018-05-15 00:17 - 000032640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-15 22:01 - 2018-05-15 00:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2018-06-15 22:01 - 2018-05-14 23:05 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-15 22:01 - 2018-05-14 22:57 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-15 22:01 - 2018-05-14 22:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-15 22:01 - 2018-05-12 17:06 - 000567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-15 22:01 - 2018-05-12 15:08 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-06-15 22:01 - 2018-05-10 23:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-06-15 22:01 - 2018-04-07 12:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-06-15 22:01 - 2018-04-07 12:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-15 22:01 - 2018-04-05 13:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2018-06-15 22:01 - 2018-04-05 13:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2018-06-15 22:01 - 2018-03-28 21:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-06-15 22:01 - 2018-03-28 21:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-06-15 22:01 - 2018-03-28 21:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-06-15 22:01 - 2018-03-28 20:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-07 09:39 - 2017-05-23 14:20 - 000000000 ___RD C:\Users\daniel\Google Drive
2018-07-07 09:37 - 2017-05-22 17:44 - 000003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B179402B-5D9D-4DA4-AA9F-C2FF0ED7B841}
2018-07-07 09:33 - 2017-12-07 20:46 - 000000000 ___RD C:\Users\daniel\OneDrive
2018-07-07 09:33 - 2017-04-12 12:06 - 000008912 _____ C:\WINDOWS\mozy.blk
2018-07-07 09:33 - 2017-04-12 12:06 - 000004594 _____ C:\WINDOWS\mozy.flt
2018-07-07 09:32 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-01 18:20 - 2016-11-18 21:04 - 000000000 ____D C:\Users\daniel\AppData\LocalLow\Mozilla
2018-06-29 20:08 - 2018-04-15 20:49 - 000003172 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordaniel
2018-06-29 20:08 - 2018-04-15 20:49 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordaniel.job
2018-06-27 20:48 - 2017-05-22 17:50 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3958809370-4289238950-2513130531-1001
2018-06-27 20:09 - 2017-05-22 17:42 - 000000000 ____D C:\Users\daniel\AppData\Local\Packages
2018-06-27 20:05 - 2013-06-22 10:34 - 000398336 ___SH C:\Users\daniel\Downloads\Thumbs.db
2018-06-27 19:58 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-27 19:57 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-06-26 22:07 - 2017-05-22 23:50 - 000000000 ____D C:\Users\daniel
2018-06-26 21:03 - 2013-04-28 12:20 - 000492544 ___SH C:\Users\daniel\Desktop\Thumbs.db
2018-06-26 19:39 - 2017-06-01 11:27 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 19:39 - 2017-06-01 11:27 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-24 18:29 - 2017-05-23 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-24 18:17 - 2017-10-02 12:13 - 000000000 ____D C:\Users\daniel\AppData\Local\NPE
2018-06-23 16:34 - 2017-05-23 09:45 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-23 10:35 - 2018-04-26 21:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-06-23 10:35 - 2018-02-27 23:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-06-23 10:35 - 2017-05-23 09:13 - 000099920 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2018-06-23 10:35 - 2017-05-23 09:13 - 000010396 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2018-06-23 10:35 - 2017-05-23 09:13 - 000002271 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-06-23 10:35 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-06-23 10:17 - 2017-07-27 16:56 - 000003176 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3958809370-4289238950-2513130531-1001
2018-06-23 10:16 - 2017-05-23 13:28 - 000002348 _____ C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-17 22:04 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2018-06-15 22:48 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-15 22:46 - 2013-03-28 14:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-15 22:30 - 2017-10-19 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-06-15 22:29 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-15 22:24 - 2017-05-22 20:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-15 22:20 - 2017-10-11 13:54 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-15 22:19 - 2017-05-22 20:01 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-15 22:19 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-09 16:11 - 2017-05-23 13:42 - 000000000 ____D C:\Program Files (x86)\Quicken
 
==================== Files in the root of some directories =======
 
2016-12-01 13:51 - 2016-11-30 12:02 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2017-05-28 17:38 - 2017-05-28 17:38 - 000007625 _____ () C:\Users\daniel\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-23 18:38
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by daniel (07-07-2018 09:40:48)
Running from C:\Users\daniel\Desktop\Virus Removal Tools
Windows 8.1 (Update) (X64) (2017-05-23 04:37:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3958809370-4289238950-2513130531-500 - Administrator - Disabled) => C:\Users\Administrator
daniel (S-1-5-21-3958809370-4289238950-2513130531-1001 - Administrator - Enabled) => C:\Users\daniel
Guest (S-1-5-21-3958809370-4289238950-2513130531-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3958809370-4289238950-2513130531-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Norton Security (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-f8d071b8-358e-455c-85cc-f8c2a86123cc) (Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DDF578ED-2300-5C4B-CF4A-E2AE7E6457A6}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-0d5f7d0b-b3db-4025-8511-502154f5e812) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J825DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-96856aa9-f9a3-43f8-8bc4-76c4f99f17e3) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-9922bb0d-ae94-47b5-a62b-e6b63e1413d0) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-44b1b3ef-77c5-4e36-9d8d-920701c26605) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2018.1 - Emsisoft Ltd.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Farm Frenzy (HKLM-x32\...\WTA-591eea2a-45b2-44b8-9020-25dd23907d71) (Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (HKLM-x32\...\WTA-d1b05145-afef-4ec6-bbd8-ad573d982692) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-b1a9c1a3-92a7-4de6-9cb8-70825a5b79d8) (Version: 2.2.0.95 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (HKLM-x32\...\WTA-107041c2-fb82-4861-9630-4fb56d6ab23f) (Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-c0043e6c-8f02-4e3d-8d19-a06ed8ae928c) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-c695466d-08e6-4674-8404-82e7e15547a4) (Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-90f70172-e6b0-4116-b212-b6c0c828b120) (Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (HKLM-x32\...\{D26C94D9-E7F6-67F0-FA9E-CA98C6BEE32C}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-4672099e-6c11-469e-adad-a2d0929c762c) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-1831cf63-e90e-4588-afeb-11a6b1b63685) (Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\JoinMe) (Version: 3.6.1.5386 - LogMeIn, Inc.)
Luxor Evolved (HKLM-x32\...\WTA-8ac6e43b-cc36-44e7-9094-5b030413d715) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-bf337c9e-91db-422b-bbbf-55d3549e994e) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3958809370-4289238950-2513130531-500\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-e3a3fc0f-fa2b-410d-9cc1-f7c3ffea3e8c) (Version: 2.2.0.98 - WildTangent) Hidden
MotionPro (HKLM\...\MotionPro VPN Client) (Version: 9.4.0.0 - Array Networks)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
MozyHome (HKLM\...\{0E7B1B4B-1589-CF5A-170C-5556B51DC1C8}) (Version: 2.36.5.646 - Mozy, Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-27c07801-7302-4e8d-8f09-dd2dd1b9866c) (Version: 2.2.0.98 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NGC) (Version: 22.14.2.13 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-4798266e-0c71-40a3-9c08-f254ff172852) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-5a0f230c-cacf-4d08-af46-3f06adeadc7e) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-76332420-f00a-44f9-b9c9-0fdf795db67d) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-50878abd-dd06-4047-a1c1-58ea13a866d6) (Version: 2.2.0.98 - WildTangent) Hidden
PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.9.34 - Quicken)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1919.126 - Trusteer) Hidden
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-22d4acd2-7a01-4039-bdec-79e551e2bccf) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-a9a55679-8f71-413e-92b1-64bd377602a7) (Version: 3.0.2.32 - WildTangent) Hidden
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Tales of Lagoona (HKLM-x32\...\WTA-507a241b-f457-49e9-9e23-8400cf3c5882) (Version: 2.2.0.110 - WildTangent) Hidden
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1919.126 - Trusteer)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
XMind 8 Update 1 (v3.7.1) (HKLM-x32\...\XMind_is1) (Version: 3.7.1.201612151837 - XMind Ltd.)
Youda Jewel Shop (HKLM-x32\...\WTA-762cef5b-7507-472c-a6af-aef7b95fc0be) (Version: 3.0.2.32 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zuma's Revenge (HKLM-x32\...\WTA-73a00aa9-fe83-4da5-b7d7-1fb216c8fc6d) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\daniel\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-26] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-10-15] (Cyberlink)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-10-15] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers2-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers3-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-11-14] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-26] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers6-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C8DCF82-435E-4F0F-B2B3-D5B4D78BBC8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {0CE0C709-157A-42D3-AECB-72980481362A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {24541BFB-F300-4678-BA6D-A4EFC5670EBC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-15] (Microsoft Corporation)
Task: {24E0747F-2B99-4A68-BE06-9238DF765240} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {2995EE17-F6FA-4ABB-B554-F16C85E8A511} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {3558C8B7-2090-42C7-80DC-0498AEC2DA10} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-15] (Microsoft Corporation)
Task: {3D34ED28-ACD6-4F1C-8007-23E41F181733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {3F485AC4-E06A-420C-9E17-E472172F5B29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-15] (Microsoft Corporation)
Task: {416E6414-23C8-452B-9698-2E1DE72FD188} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5055CF52-6CB9-4AB0-AB03-413E397FCC56} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {76E452E8-E1D3-41AF-A1C8-516C756393B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {77317265-3AC6-4893-BCA5-908F4D3C9A27} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-15] (Microsoft Corporation)
Task: {87623FCE-6CBD-4601-AB78-E3A748496ACB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {8BC9F8D1-46EA-4855-B135-9F2D04CB609A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-15] (Microsoft Corporation)
Task: {91436B3A-40EC-4A32-9737-F5E4CDF7F5BC} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {947AF37E-B29F-4502-9C10-6E2154AE98E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A482FC14-4FF2-4230-8A8C-501A13718374} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-05-30] (Symantec Corporation)
Task: {A8195C96-926B-4F3D-953F-E4C339BFE430} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-15] (Microsoft Corporation)
Task: {C7F82FBA-2DF1-49FA-99A3-970200D20F17} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
Task: {CAF8CDC3-6BCB-44DC-B335-819BF9B35D4C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.14.2.13\WSCStub.exe [2018-05-30] (Symantec Corporation)
Task: {E02B3E55-6901-4002-BAAC-A103883B7A91} - System32\Tasks\HPCeeScheduleFordaniel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {E17674BB-F242-4CA9-91EE-A3DD496AF603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {EE84B98E-DE74-4BCB-93CA-4250EDA9389B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {FB11E8CF-95C8-4C83-B523-926EE1FAEEF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FE4CD25D-AF8C-425C-9CC5-45B8B1F811B6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordaniel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-06 14:59 - 2005-04-22 00:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2018-06-26 20:16 - 2018-06-26 20:29 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-26 20:16 - 2018-06-26 20:29 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-18 17:41 - 2017-12-18 17:41 - 000070656 _____ () C:\Program Files\MozyHome\zlib1.dll
2017-08-18 16:19 - 2018-06-01 05:06 - 008934064 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-23 09:24 - 2017-05-23 09:24 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-29 02:48 - 2017-12-29 02:48 - 006194616 _____ () C:\Program Files\Array Networks\MotionPro VPN Client\MotionProHttpd.exe
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2017-09-06 14:58 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-03-28 14:07 - 2012-07-18 04:50 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-03-28 14:12 - 2012-06-07 23:34 - 000627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 000016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vpntdi => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vpntdi => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\sharepoint.com -> hxxps://icimsinc-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-06-27 20:22 - 000000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
HKU\S-1-5-21-3958809370-4289238950-2513130531-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE426F4E-54F0-47F2-B7B6-4BB2B8C8125D}] => (Allow) LPort=1900
FirewallRules: [{C750B8C6-8F42-4977-96E1-8992A1D8E6EE}] => (Allow) LPort=2869
FirewallRules: [{59DCB8D6-98F3-4987-84FD-82C2883A88C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A355E52F-A56E-4214-BEB3-B7B0CD3FD0E6}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7CDFA03C-19D4-4010-8A70-15445AE82E91}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{741BFE57-12CD-4EE7-AA43-F5EF018CB4DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{47F25E0F-1F0A-48C7-A43A-3211E0F7B70F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80F1B4AC-8C8E-41B0-8040-4AB2CD0CDD9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18D72654-6636-4AEE-A9FA-91711FD95EE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AA80A7A-387D-4CD7-98CB-786CF37F2479}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{7FC70969-5693-4467-BA68-3DB29D0E347A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{30AD3F61-8CB9-47D7-8868-3B8B749AC263}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{BBB22E98-D6DD-49A4-9330-5F3BF83F026C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{270A9316-19DF-4E1D-8C46-5EA2B3A6079C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8BD7EE1E-24AD-420D-A1E2-BF2B2E5BBA08}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{41052E81-E92C-4583-9C0A-0B33E68F2CAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67052DFF-C1B1-404F-ABF7-BA9D5DE8C56F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6641AA24-C38A-403A-AF82-9822ED2571E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5DA1B26-081E-4547-9719-DA6C52939BBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C6087B99-DEDD-4677-9DDC-F25814A5C77B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AC987D9B-5361-4FFE-AF97-9CC03EB7EEF3}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{8876525C-DBCD-449E-9F11-1EDA54A6B4A9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{719708A7-99EC-4A99-9707-AE2DD4CFC560}] => (Allow) LPort=54925
FirewallRules: [{AD39D7D1-6A9D-43BD-B3BF-911442CA2A4B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6136AB8B-C20B-4AAF-BC00-A62DCA68FCA6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{58221F31-850F-46BA-A66F-147ABB383883}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5349C18E-3A26-4BEF-B7DB-C78B22D67D83}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54296DDB-68C7-4DB2-8C4B-E9207DAC28C1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5263B784-0BDC-4BBD-B43C-D85139056CB3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{23F5EFD9-7313-4329-8BBA-7F707E5387B7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2B81F8F2-7EC5-4B00-8F23-794EA86883B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DFBF6C3A-F0EA-40C7-B05A-2C6479735FCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4E4886E0-D024-4CEC-8AC5-78EEFD748F33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AB31026E-C939-4E6B-8A2E-64A7CCDA1BEF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{50AFE82F-2503-4C85-B376-96AD98342BE9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1EA50C8-F2B2-4B75-B842-D703B5F7C758}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1EB3FCA8-9499-46AE-BC1B-61BA4FCACD71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C576FE1B-2717-4E59-88FF-D0D1F436061F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Restore Points =========================
 
27-06-2018 20:48:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Array Networks VPN Adapter
Description: Array Networks SSL VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Array Networks
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2018 06:37:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/30/2018 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1047
 
Error: (06/30/2018 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1047
 
Error: (06/30/2018 10:10:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/30/2018 06:37:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/29/2018 08:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/27/2018 09:40:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4812
 
Error: (06/27/2018 09:40:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4812
 
 
System errors:
=============
Error: (07/01/2018 07:47:23 PM) (Source: DCOM) (EventID: 10010) (User: OFFICE-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Error: (06/29/2018 08:02:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.
 
Error: (06/27/2018 08:50:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.
 
Error: (06/26/2018 09:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/26/2018 09:38:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (06/26/2018 09:23:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
The pipe has been ended.
 
Error: (06/26/2018 09:23:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (06/26/2018 09:23:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
The pipe has been ended.
 
 
Windows Defender:
===================================
Date: 2017-05-23 09:00:35.269
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible. 
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
 
CodeIntegrity:
===================================
 
Date: 2018-06-26 21:40:29.706
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-26 21:23:24.629
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-06-26 21:18:49.584
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-26 21:04:37.665
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-06-26 21:02:29.752
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 8130.12 MB
Available physical RAM: 4513.8 MB
Total Virtual: 9426.12 MB
Available Virtual: 5603.42 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:910.93 GB) (Free:770.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.33 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:236.34 GB) NTFS
 
\\?\Volume{9ca50bac-5836-4e0b-87bb-ee432b5eb394}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{6c9a9534-f98c-4e6c-bedd-81d95c10b810}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS
\\?\Volume{69612647-95ed-48f2-bc4f-365eb8f81d38}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 09BD7950)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: D9CE5F7D)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A4B57300)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#4 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:30 PM

Posted 13 July 2018 - 12:07 PM

Hi rd985,

While i'm looking at your log please go through few notes.

  • I am currently in training and analyzing logs takes time.My reply need to be approved by instructor so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.

  • Please do not seek assistance elsewhere without letting me know.

  • Please do not run any malware removal tools unless directed.

  • Make sure to read my instructions fully before attempting a step.

  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you.If you don't reply after 5 days, it'll be closed.

  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses.


Edited by Tenis, 13 July 2018 - 12:40 PM.


#5 rd985

rd985
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 13 July 2018 - 01:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by daniel (administrator) on OFFICE-PC (13-07-2018 14:26:29)
Running from C:\Users\daniel\Desktop\Virus Removal Tools
Loaded Profiles: daniel (Available Profiles: daniel & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\nortonsecurity.exe
(Array Networks) C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\nortonsecurity.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Array Networks\MotionPro VPN Client\MotionProHttpd.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.2.13\conathst.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-24] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [WebVPN] => C:\Program Files\Array Networks\SSL VPN Client\WebVPN.exe [1437624 2017-12-29] (Array Networks)
HKLM\...\Run: [LaunchMhttpd] => C:\Program Files\Array Networks\MotionPro VPN Client\MPInit.exe [1516984 2017-12-29] (Array Networks)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8811768 2018-07-07] (Emsisoft Ltd)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LaunchMhttpd] => C:\Program Files\Array Networks\MotionPro VPN Client\MPInit.exe [1516984 2017-12-29] (Array Networks)
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2018-03-13]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{657C60F7-7CA4-457A-A231-66658BC60C31}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE3C3216-F224-4A68-9DC8-5A8BCDEB7631}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {AD558709-DA62-4A77-8321-1473D19BC9E9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.14.2.13&locale=en_US&guid=C14BFC53-54A9-4CB6-8028-ECD9D6E0769C&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-07] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-07] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-08] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.2.13\coIEPlg.dll [2018-05-29] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-07] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 57ekzevs.default-1530063131099
FF ProfilePath: C:\Users\daniel\AppData\Roaming\Mozilla\Firefox\Profiles\57ekzevs.default-1530063131099 [2018-07-13]
FF Extension: (IBM Security Rapport) - C:\Users\daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-02-04]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-13] [Legacy] [not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\motionpro_trust_system_rootca.js [2017-12-29]
 
Chrome: 
=======
CHR Profile: C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default [2018-07-13]
CHR Extension: (Slides) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Prophet) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\alikckkmddkoooodkchoheabgakpopmg [2017-06-08]
CHR Extension: (Docs) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (IBM Security Rapport) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-19]
CHR Extension: (YouTube) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-22]
CHR Extension: (Adobe Acrobat) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-01]
CHR Extension: (Sheets) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-06]
CHR Extension: (Norton Identity Safe) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-06-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-06]
CHR Extension: (Crystal) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2018-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9401920 2018-07-07] (Emsisoft Ltd)
R2 AdobeActiveFileMonitor11.0; c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Brother XP spl Service; C:\WINDOWS\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-20] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [53288 2017-04-12] (Mozy, Inc.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.2.13\NortonSecurity.exe [328648 2018-05-30] (Symantec Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5253624 2018-05-23] (IBM Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 VPNInstallManager; C:\Program Files\Array Networks\Install Manager\VPNInstallManager.exe [1401272 2017-12-29] (Array Networks)
R2 VPNService; C:\Program Files\Array Networks\SSL VPN Client\VPNService.exe [2392504 2017-12-29] (Array Networks)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-05-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-05-23] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
S3 ATP; C:\WINDOWS\system32\DRIVERS\atpdrvr_7_x64.sys [19456 2017-12-29] (Array Networks)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\BASHDefs\20180702.005\BHDrvx64.sys [1919568 2018-06-22] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\ccSetx64.sys [187520 2018-05-29] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-03-24] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [142952 2018-06-26] (Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37064 2018-06-26] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-04-01] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-06-26] (Malwarebytes)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\IPSDefs\20180710.061\IDSvia64.sys [1298000 2018-05-24] (Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-26] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-27] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-10] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-07-07] (Malwarebytes)
R1 mozyFilter; C:\WINDOWS\System32\DRIVERS\mozyFilter.sys [68904 2017-12-18] (Mozy, Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [496744 2018-05-23] (IBM Corp.)
R1 RapportCerberus_1919106; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1919106.sys [1645288 2018-06-15] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [712488 2018-05-23] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [340904 2018-05-23] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [605160 2018-05-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [751976 2018-05-23] (IBM Corp.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SRTSP64.SYS [838224 2018-05-29] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\SRTSPX64.SYS [49232 2018-05-29] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SYMEFASI64.SYS [1942096 2018-05-29] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SymELAM.sys [24584 2018-05-29] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E020.00D\Ironx64.SYS [307792 2018-05-29] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\SYMNETS.SYS [566912 2018-05-29] (Symantec Corporation)
R1 vpntdi; C:\WINDOWS\System32\drivers\vpntdi64.sys [65360 2017-12-29] (Array Networks)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-05-23] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-05-23] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-05-23] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\Drivers\NGCx64\160E020.00D\wpCtrlDrv.sys [1015592 2018-05-29] (Symantec Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-26] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170523.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170523.003\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-10 22:34 - 2018-07-10 22:34 - 000001120 _____ C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2018-07-10 22:02 - 2018-07-10 22:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-07-10 21:04 - 2018-07-10 21:04 - 000000000 ___SH C:\DkHyperbootSync
2018-07-10 20:56 - 2018-01-23 14:58 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-07 16:51 - 2018-07-07 16:51 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-07 16:51 - 2018-07-07 16:51 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-07 16:51 - 2018-07-07 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-06-27 20:39 - 2018-07-13 14:26 - 000000000 ____D C:\FRST
2018-06-26 21:49 - 2018-06-26 21:51 - 000002148 _____ C:\Users\daniel\Desktop\Rkill.txt
2018-06-26 21:23 - 2018-06-26 20:42 - 000037064 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2018-06-26 21:18 - 2018-06-26 21:22 - 000000000 ____D C:\AdwCleaner
2018-06-26 21:03 - 2018-07-13 14:26 - 000226351 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-26 21:03 - 2018-07-13 14:26 - 000198444 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-26 21:03 - 2018-06-26 21:03 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-26 21:03 - 2018-06-26 21:03 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-26 21:03 - 2018-06-26 21:03 - 000001166 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\Users\daniel\AppData\Local\Zemana
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-06-26 21:03 - 2018-06-26 21:03 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-06-26 20:42 - 2018-06-26 21:01 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-26 20:30 - 2018-07-10 20:33 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-26 20:30 - 2018-07-07 16:46 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-26 20:30 - 2018-06-27 19:59 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-26 20:30 - 2018-06-26 20:30 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-26 20:29 - 2018-06-26 20:29 - 000000910 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-06-26 20:29 - 2018-06-26 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-06-26 20:28 - 2018-07-13 14:21 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-06-26 20:16 - 2018-06-26 20:29 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-26 20:16 - 2018-06-26 20:16 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-26 20:16 - 2018-06-26 20:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-26 19:30 - 2018-07-13 14:26 - 000000000 ____D C:\Users\daniel\Desktop\Virus Removal Tools
2018-06-24 19:15 - 2018-03-11 19:40 - 000000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bup2
2018-06-24 18:34 - 2018-07-13 14:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-24 18:34 - 2018-07-13 14:22 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-24 18:34 - 2018-07-13 14:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-24 18:34 - 2018-06-26 21:32 - 000000000 ____D C:\Users\daniel\Desktop\Old Firefox Data
2018-06-24 18:34 - 2018-06-24 18:34 - 000000938 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-24 18:32 - 2018-06-24 18:32 - 000313560 _____ (Mozilla) C:\Users\daniel\Downloads\Firefox Installer.exe
2018-06-24 18:26 - 2018-06-24 18:26 - 000209616 _____ C:\Users\daniel\Desktop\bookmarks.html
2018-06-24 18:11 - 2018-06-24 18:11 - 000000114 _____ C:\WINDOWS\ntbtlog.txt
2018-06-23 10:35 - 2018-06-23 10:35 - 000003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-06-23 10:35 - 2018-06-23 10:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-06-15 22:02 - 2018-05-25 01:10 - 025742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-15 22:02 - 2018-05-25 00:38 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-15 22:02 - 2018-05-25 00:34 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-15 22:02 - 2018-05-24 23:53 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-15 22:02 - 2018-05-24 23:38 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-15 22:02 - 2018-05-23 01:39 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-15 22:02 - 2018-05-15 01:47 - 002334624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-15 22:02 - 2018-05-15 01:33 - 001308352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-15 22:02 - 2018-05-15 00:57 - 002324752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-15 22:02 - 2018-05-12 17:11 - 000532664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-15 22:02 - 2018-05-12 16:51 - 002014040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-15 22:02 - 2018-05-12 16:51 - 000923480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-15 22:02 - 2018-05-05 15:05 - 001543800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-15 22:02 - 2018-05-05 14:15 - 001178136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-15 22:02 - 2018-05-05 12:38 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-06-15 22:02 - 2018-05-05 12:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-06-15 22:02 - 2018-04-07 12:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-06-15 22:02 - 2018-04-07 12:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-06-15 22:02 - 2018-04-07 11:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-15 22:02 - 2018-04-07 11:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-15 22:02 - 2018-03-28 21:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-06-15 22:02 - 2018-03-28 20:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-06-15 22:01 - 2018-05-25 00:44 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-15 22:01 - 2018-05-25 00:32 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-15 22:01 - 2018-05-25 00:16 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-15 22:01 - 2018-05-25 00:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-15 22:01 - 2018-05-25 00:03 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-06-15 22:01 - 2018-05-24 23:56 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-15 22:01 - 2018-05-24 23:55 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-15 22:01 - 2018-05-24 23:55 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-15 22:01 - 2018-05-24 23:53 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-15 22:01 - 2018-05-24 23:44 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-06-15 22:01 - 2018-05-24 23:42 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-15 22:01 - 2018-05-24 23:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-15 22:01 - 2018-05-24 23:39 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-15 22:01 - 2018-05-24 23:38 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-15 22:01 - 2018-05-24 23:38 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-15 22:01 - 2018-05-24 23:29 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-15 22:01 - 2018-05-24 23:19 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-15 22:01 - 2018-05-24 23:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-15 22:01 - 2018-05-24 23:15 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-15 22:01 - 2018-05-24 23:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-15 22:01 - 2018-05-23 01:56 - 007406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-15 22:01 - 2018-05-23 01:45 - 000027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-15 22:01 - 2018-05-23 00:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-15 22:01 - 2018-05-15 01:47 - 000244304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-15 22:01 - 2018-05-15 00:17 - 000032640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-15 22:01 - 2018-05-15 00:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2018-06-15 22:01 - 2018-05-14 23:05 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-15 22:01 - 2018-05-14 22:57 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-15 22:01 - 2018-05-14 22:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-15 22:01 - 2018-05-12 17:06 - 000567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-15 22:01 - 2018-05-12 15:08 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-06-15 22:01 - 2018-05-10 23:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-06-15 22:01 - 2018-04-07 12:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-06-15 22:01 - 2018-04-07 12:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-15 22:01 - 2018-04-05 13:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2018-06-15 22:01 - 2018-04-05 13:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2018-06-15 22:01 - 2018-03-28 21:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-06-15 22:01 - 2018-03-28 21:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-06-15 22:01 - 2018-03-28 21:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-06-15 22:01 - 2018-03-28 20:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-13 14:25 - 2016-11-18 21:04 - 000000000 ____D C:\Users\daniel\AppData\LocalLow\Mozilla
2018-07-13 14:24 - 2017-05-22 17:50 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3958809370-4289238950-2513130531-1001
2018-07-13 14:24 - 2017-05-22 17:44 - 000003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B179402B-5D9D-4DA4-AA9F-C2FF0ED7B841}
2018-07-13 14:23 - 2017-05-23 14:20 - 000000000 ___RD C:\Users\daniel\Google Drive
2018-07-13 14:22 - 2017-04-12 12:06 - 000008912 _____ C:\WINDOWS\mozy.blk
2018-07-13 14:22 - 2017-04-12 12:06 - 000004594 _____ C:\WINDOWS\mozy.flt
2018-07-13 14:19 - 2017-12-07 20:46 - 000000000 ___RD C:\Users\daniel\OneDrive
2018-07-10 20:57 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-07-10 20:42 - 2017-05-22 17:59 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-10 20:40 - 2017-05-22 17:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-10 20:33 - 2018-04-15 20:49 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordaniel.job
2018-07-10 20:33 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-07 16:59 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-07-07 16:57 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-07 16:51 - 2017-05-23 13:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-07 16:51 - 2017-05-23 13:23 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-07 16:51 - 2017-05-23 13:23 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-07 16:51 - 2017-05-23 13:23 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-07 16:51 - 2017-05-23 13:23 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-07 16:51 - 2017-05-23 13:23 - 000002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-07 16:48 - 2013-03-28 14:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-07 09:32 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-29 20:08 - 2018-04-15 20:49 - 000003172 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordaniel
2018-06-27 20:09 - 2017-05-22 17:42 - 000000000 ____D C:\Users\daniel\AppData\Local\Packages
2018-06-27 20:05 - 2013-06-22 10:34 - 000398336 ___SH C:\Users\daniel\Downloads\Thumbs.db
2018-06-26 22:07 - 2017-05-22 23:50 - 000000000 ____D C:\Users\daniel
2018-06-26 21:03 - 2013-04-28 12:20 - 000492544 ___SH C:\Users\daniel\Desktop\Thumbs.db
2018-06-26 19:39 - 2017-06-01 11:27 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 19:39 - 2017-06-01 11:27 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-24 18:29 - 2017-05-23 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-24 18:17 - 2017-10-02 12:13 - 000000000 ____D C:\Users\daniel\AppData\Local\NPE
2018-06-23 16:34 - 2017-05-23 09:45 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-23 10:35 - 2018-04-26 21:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-06-23 10:35 - 2018-02-27 23:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-06-23 10:35 - 2017-05-23 09:13 - 000099920 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2018-06-23 10:35 - 2017-05-23 09:13 - 000010396 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2018-06-23 10:35 - 2017-05-23 09:13 - 000002271 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-06-23 10:17 - 2017-07-27 16:56 - 000003176 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3958809370-4289238950-2513130531-1001
2018-06-23 10:16 - 2017-05-23 13:28 - 000002348 _____ C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-17 22:04 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2018-06-15 22:30 - 2017-10-19 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-06-15 22:29 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-15 22:24 - 2017-05-22 20:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-15 22:20 - 2017-10-11 13:54 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-15 22:19 - 2017-05-22 20:01 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-15 22:19 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
 
==================== Files in the root of some directories =======
 
2016-12-01 13:51 - 2016-11-30 12:02 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2017-05-28 17:38 - 2017-05-28 17:38 - 000007625 _____ () C:\Users\daniel\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-10 21:28
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by daniel (13-07-2018 14:27:26)
Running from C:\Users\daniel\Desktop\Virus Removal Tools
Windows 8.1 (Update) (X64) (2017-05-23 04:37:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3958809370-4289238950-2513130531-500 - Administrator - Disabled) => C:\Users\Administrator
daniel (S-1-5-21-3958809370-4289238950-2513130531-1001 - Administrator - Enabled) => C:\Users\daniel
Guest (S-1-5-21-3958809370-4289238950-2513130531-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3958809370-4289238950-2513130531-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Norton Security (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-f8d071b8-358e-455c-85cc-f8c2a86123cc) (Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DDF578ED-2300-5C4B-CF4A-E2AE7E6457A6}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-0d5f7d0b-b3db-4025-8511-502154f5e812) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J825DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-96856aa9-f9a3-43f8-8bc4-76c4f99f17e3) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-9922bb0d-ae94-47b5-a62b-e6b63e1413d0) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-44b1b3ef-77c5-4e36-9d8d-920701c26605) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2018.1 - Emsisoft Ltd.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Farm Frenzy (HKLM-x32\...\WTA-591eea2a-45b2-44b8-9020-25dd23907d71) (Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (HKLM-x32\...\WTA-d1b05145-afef-4ec6-bbd8-ad573d982692) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-b1a9c1a3-92a7-4de6-9cb8-70825a5b79d8) (Version: 2.2.0.95 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (HKLM-x32\...\WTA-107041c2-fb82-4861-9630-4fb56d6ab23f) (Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-c0043e6c-8f02-4e3d-8d19-a06ed8ae928c) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-c695466d-08e6-4674-8404-82e7e15547a4) (Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-90f70172-e6b0-4116-b212-b6c0c828b120) (Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (HKLM-x32\...\{D26C94D9-E7F6-67F0-FA9E-CA98C6BEE32C}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-4672099e-6c11-469e-adad-a2d0929c762c) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-1831cf63-e90e-4588-afeb-11a6b1b63685) (Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\JoinMe) (Version: 3.6.1.5386 - LogMeIn, Inc.)
Luxor Evolved (HKLM-x32\...\WTA-8ac6e43b-cc36-44e7-9094-5b030413d715) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-bf337c9e-91db-422b-bbbf-55d3549e994e) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-e3a3fc0f-fa2b-410d-9cc1-f7c3ffea3e8c) (Version: 2.2.0.98 - WildTangent) Hidden
MotionPro (HKLM\...\MotionPro VPN Client) (Version: 9.4.0.0 - Array Networks)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
MozyHome (HKLM\...\{0E7B1B4B-1589-CF5A-170C-5556B51DC1C8}) (Version: 2.36.5.646 - Mozy, Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-27c07801-7302-4e8d-8f09-dd2dd1b9866c) (Version: 2.2.0.98 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NGC) (Version: 22.14.2.13 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-4798266e-0c71-40a3-9c08-f254ff172852) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-5a0f230c-cacf-4d08-af46-3f06adeadc7e) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-76332420-f00a-44f9-b9c9-0fdf795db67d) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-50878abd-dd06-4047-a1c1-58ea13a866d6) (Version: 2.2.0.98 - WildTangent) Hidden
PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.9.34 - Quicken)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1919.126 - Trusteer) Hidden
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-22d4acd2-7a01-4039-bdec-79e551e2bccf) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-a9a55679-8f71-413e-92b1-64bd377602a7) (Version: 3.0.2.32 - WildTangent) Hidden
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Tales of Lagoona (HKLM-x32\...\WTA-507a241b-f457-49e9-9e23-8400cf3c5882) (Version: 2.2.0.110 - WildTangent) Hidden
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1919.126 - Trusteer)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
XMind 8 Update 1 (v3.7.1) (HKLM-x32\...\XMind_is1) (Version: 3.7.1.201612151837 - XMind Ltd.)
Youda Jewel Shop (HKLM-x32\...\WTA-762cef5b-7507-472c-a6af-aef7b95fc0be) (Version: 3.0.2.32 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zuma's Revenge (HKLM-x32\...\WTA-73a00aa9-fe83-4da5-b7d7-1fb216c8fc6d) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\daniel\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-26] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-10-15] (Cyberlink)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-10-15] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers2-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers3-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-11-14] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-26] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.14.2.13\buShell.dll [2018-05-29] (Symantec Corporation)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6-x32: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2018-02-22] (Mozy, Inc.)
ContextMenuHandlers6-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.14.2.13\NavShExt.dll [2018-05-30] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C8DCF82-435E-4F0F-B2B3-D5B4D78BBC8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {0CE0C709-157A-42D3-AECB-72980481362A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {2995EE17-F6FA-4ABB-B554-F16C85E8A511} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {3D34ED28-ACD6-4F1C-8007-23E41F181733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {416E6414-23C8-452B-9698-2E1DE72FD188} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {43F10A48-F5A0-43C6-9747-AFD26EF743EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {58ED24F0-F36F-4863-B09A-9D3E800708C6} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-07] (Microsoft Corporation)
Task: {631A4497-4674-425C-9EE1-756294E4EFFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-07] (Microsoft Corporation)
Task: {76E452E8-E1D3-41AF-A1C8-516C756393B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {77317265-3AC6-4893-BCA5-908F4D3C9A27} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-07] (Microsoft Corporation)
Task: {91436B3A-40EC-4A32-9737-F5E4CDF7F5BC} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {947AF37E-B29F-4502-9C10-6E2154AE98E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {94C26799-7DB3-462D-8011-D4B27E10DA64} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-07] (Microsoft Corporation)
Task: {9622C6EA-7ACA-42C5-A81C-7462C19A3DC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {AA4ED189-F21E-45AF-BFC0-C8FEE721D89B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-05-30] (Symantec Corporation)
Task: {C553299E-BB4A-490D-A845-5E17B6D33175} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-07] (Microsoft Corporation)
Task: {C7F82FBA-2DF1-49FA-99A3-970200D20F17} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
Task: {CAF8CDC3-6BCB-44DC-B335-819BF9B35D4C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.14.2.13\WSCStub.exe [2018-05-30] (Symantec Corporation)
Task: {E02B3E55-6901-4002-BAAC-A103883B7A91} - System32\Tasks\HPCeeScheduleFordaniel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {E17674BB-F242-4CA9-91EE-A3DD496AF603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {EE84B98E-DE74-4BCB-93CA-4250EDA9389B} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {FA469ACF-12E9-45D1-B3A2-473D748062E8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {FB11E8CF-95C8-4C83-B523-926EE1FAEEF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FD248650-F695-42B9-AB16-FB58C5F43AA3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-07] (Microsoft Corporation)
Task: {FE4CD25D-AF8C-425C-9CC5-45B8B1F811B6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.14.2.13\SymErr.exe [2018-05-29] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordaniel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-06 14:59 - 2005-04-22 00:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2018-06-26 20:16 - 2018-06-26 20:29 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-18 17:41 - 2017-12-18 17:41 - 000070656 _____ () C:\Program Files\MozyHome\zlib1.dll
2017-08-18 16:19 - 2018-06-01 05:06 - 008934064 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-29 02:48 - 2017-12-29 02:48 - 006194616 _____ () C:\Program Files\Array Networks\MotionPro VPN Client\MotionProHttpd.exe
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-06-26 19:39 - 2018-06-22 15:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 19:39 - 2018-06-22 15:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-07-13 14:19 - 2018-07-13 14:19 - 000113152 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_ctypes.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000080896 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\bz2.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 001585152 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_hashlib.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000128512 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32api.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000137728 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\pywintypes27.dll
2018-07-13 14:19 - 2018-07-13 14:19 - 000548864 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\pythoncom27.dll
2018-07-13 14:19 - 2018-07-13 14:19 - 000689664 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\unicodedata.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000438784 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32com.shell.shell.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 001489408 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\wx._core_.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 001007104 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\wx._gdi_.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 001039872 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\wx._windows_.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 001325056 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\wx._controls_.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000916992 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\wx._misc_.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 001084416 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\pysqlite2._sqlite.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000149504 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32file.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000136192 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32security.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000007680 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\hashobjs_ext.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000020992 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\thumbnails_ext.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000118784 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\usb_ext.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000047616 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_socket.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 002224640 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_ssl.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000014848 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\common.time34.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000023040 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32event.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000034304 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\windows.conditional.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000020480 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\windows.winwrap.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000110080 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\windows.volumes.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000223232 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32gui.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000173568 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_elementtree.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000169472 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\pyexpat.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000048128 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32inet.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000103424 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\wx._html2.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000046080 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_psutil_windows.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000633272 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\windows._cacheinvalidation.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000011776 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32crypt.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000301568 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\PIL._imaging.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000032256 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_multiprocessing.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 005458944 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\cello.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000026112 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\_yappi.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000044032 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32process.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000027648 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32pipe.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000010752 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\select.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000029696 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32pdh.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000038400 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\windows.connectivity.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000073216 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\windows.device_monitor.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000020480 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32profile.pyd
2018-07-13 14:19 - 2018-07-13 14:19 - 000026624 _____ () C:\Users\daniel\AppData\Local\Temp\_MEI35242\win32ts.pyd
2017-09-06 14:58 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-03-28 14:07 - 2012-07-18 04:50 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-03-28 14:12 - 2012-06-07 23:34 - 000627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 000016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vpntdi => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vpntdi => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\...\sharepoint.com -> hxxps://icimsinc-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-06-27 20:22 - 000000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3958809370-4289238950-2513130531-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE426F4E-54F0-47F2-B7B6-4BB2B8C8125D}] => (Allow) LPort=1900
FirewallRules: [{C750B8C6-8F42-4977-96E1-8992A1D8E6EE}] => (Allow) LPort=2869
FirewallRules: [{59DCB8D6-98F3-4987-84FD-82C2883A88C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A355E52F-A56E-4214-BEB3-B7B0CD3FD0E6}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7CDFA03C-19D4-4010-8A70-15445AE82E91}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{741BFE57-12CD-4EE7-AA43-F5EF018CB4DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{47F25E0F-1F0A-48C7-A43A-3211E0F7B70F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80F1B4AC-8C8E-41B0-8040-4AB2CD0CDD9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18D72654-6636-4AEE-A9FA-91711FD95EE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5AA80A7A-387D-4CD7-98CB-786CF37F2479}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{7FC70969-5693-4467-BA68-3DB29D0E347A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{30AD3F61-8CB9-47D7-8868-3B8B749AC263}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{BBB22E98-D6DD-49A4-9330-5F3BF83F026C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{270A9316-19DF-4E1D-8C46-5EA2B3A6079C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8BD7EE1E-24AD-420D-A1E2-BF2B2E5BBA08}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{41052E81-E92C-4583-9C0A-0B33E68F2CAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67052DFF-C1B1-404F-ABF7-BA9D5DE8C56F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6641AA24-C38A-403A-AF82-9822ED2571E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5DA1B26-081E-4547-9719-DA6C52939BBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C6087B99-DEDD-4677-9DDC-F25814A5C77B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AC987D9B-5361-4FFE-AF97-9CC03EB7EEF3}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{8876525C-DBCD-449E-9F11-1EDA54A6B4A9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{719708A7-99EC-4A99-9707-AE2DD4CFC560}] => (Allow) LPort=54925
FirewallRules: [{AD39D7D1-6A9D-43BD-B3BF-911442CA2A4B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6136AB8B-C20B-4AAF-BC00-A62DCA68FCA6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{58221F31-850F-46BA-A66F-147ABB383883}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5349C18E-3A26-4BEF-B7DB-C78B22D67D83}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{54296DDB-68C7-4DB2-8C4B-E9207DAC28C1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5263B784-0BDC-4BBD-B43C-D85139056CB3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{23F5EFD9-7313-4329-8BBA-7F707E5387B7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2B81F8F2-7EC5-4B00-8F23-794EA86883B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DFBF6C3A-F0EA-40C7-B05A-2C6479735FCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4E4886E0-D024-4CEC-8AC5-78EEFD748F33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AB31026E-C939-4E6B-8A2E-64A7CCDA1BEF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{50AFE82F-2503-4C85-B376-96AD98342BE9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1EA50C8-F2B2-4B75-B842-D703B5F7C758}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1EB3FCA8-9499-46AE-BC1B-61BA4FCACD71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{495B9CD5-80F7-4D99-8711-132680D55654}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Restore Points =========================
 
10-07-2018 21:43:04 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Array Networks VPN Adapter
Description: Array Networks SSL VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Array Networks
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/10/2018 08:45:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/07/2018 04:54:17 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (07/07/2018 04:51:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/07/2018 09:51:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15593
 
Error: (07/07/2018 09:51:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15593
 
Error: (07/07/2018 09:51:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/07/2018 09:42:50 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/01/2018 06:37:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (07/13/2018 02:23:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2018 10:10:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (07/01/2018 07:47:23 PM) (Source: DCOM) (EventID: 10010) (User: OFFICE-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Error: (06/29/2018 08:02:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.
 
Error: (06/27/2018 08:50:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Ralink Technology, Corp. - WLAN - Ralink RT5390R 802.11bgn Wi-Fi Adapter.
 
Error: (06/26/2018 09:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/26/2018 09:38:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (06/26/2018 09:23:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
The pipe has been ended.
 
 
Windows Defender:
===================================
Date: 2018-07-10 21:34:33.458
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {3C5FBC64-047C-442D-89A0-8FD6EEA4707A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-10 20:57:57.009
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
Date: 2017-05-23 09:00:35.269
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible. 
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
 
CodeIntegrity:
===================================
 
Date: 2018-07-10 21:28:38.800
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-06-26 21:40:29.706
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-26 21:23:24.629
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-06-26 21:18:49.584
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-26 21:04:37.665
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2018-06-26 21:02:29.752
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8130.12 MB
Available physical RAM: 4167.78 MB
Total Virtual: 8882.12 MB
Available Virtual: 4727.91 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:910.93 GB) (Free:778.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.33 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:236.27 GB) NTFS
 
\\?\Volume{9ca50bac-5836-4e0b-87bb-ee432b5eb394}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{6c9a9534-f98c-4e6c-bedd-81d95c10b810}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS
\\?\Volume{69612647-95ed-48f2-bc4f-365eb8f81d38}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 09BD7950)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: D9CE5F7D)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A4B57300)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


#6 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:30 PM

Posted 14 July 2018 - 09:46 AM

Hi,

 

We don't see any sign of malware on your system.The possible reason why your system is running slow is that you have multiple antivirus program running at same time.

 

Using more than one anti-virus program is not advisableWhy? The primary concern with doing so is due to Windows resource management and significant conflicts that can 

arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scannerit can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anti-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.Currently you have following AV installed.

  • Emsisoft Anti-Malware
  • Norton Security
  • Malwarebytes
  • Zemana Anti-malware

If you have any question then please do ask.

 

Tenis

 

 



#7 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:30 PM

Posted 16 July 2018 - 09:54 AM

Do you still need help? It is been 48 hours i am waiting for your response.



#8 rd985

rd985
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 16 July 2018 - 08:39 PM

Thank you for the follow-up.  I was out of town over the weekend. 

 

I had installed Emsisoft, Malwarebytes, and Zemana per the instructions in the redirect virus removal guide, https://www.bleepingcomputer.com/virus-removal/remove-web-browser-redirect-virus.  

 

If my system is clear than I no longer need help.  Thank you for reviewing my log files.



#9 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:30 PM

Posted 17 July 2018 - 11:00 AM

You're welcome. :)

Before closing this thread. Please read the following guidelines to stay secure.

  • Keep your Operating System and software up to date.
  • Surf the internet safely

1. Avoid websites that provide pirated material.

2. Do not open an email attachment or click on a link from somebody that you do not know.

3. If you have to download a file from internet, scan it before you run it.

  • Use Antivirus Software

It is very important to have an Antivirus on your machine to keep yourself safe from malware, including viruses, worms, trojans.

  • Back-up Your Files

Please keep a back-up of your important files to prevent any data loss caused by future infections.

 

---
Please take the time to read below on how to stay secure.



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:00 PM

Posted 19 July 2018 - 10:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users