Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

smartpackagetracker popups

This is a discussion on smartpackagetracker popups within the Resolved HJT Threads forums, part of the Tech Support Forum category. Without deliberately installing anything, malware (smartpackagetracker) now causes popups several times a day. Example screenshot attached. Please help. ********************** DDS


 
 
Thread Tools Search this Thread
Old 02-02-2019, 03:01 PM   #1
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Without deliberately installing anything, malware (smartpackagetracker) now causes popups several times a day.
Example screenshot attached.
Please help.
**********************
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.17134.1 BrowserJavaVersion: 11.201.2
Run by Kenneth Rivalsi at 17:51:17 on 2019-02-02
Microsoft Windows 10 Home 10.0.17134.0.1252.1.1033.18.7990.3923 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\system32\Hpservice.exe
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
C:\WINDOWS\system32\DbxSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\svchost.exe -k SPOCJS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\NortonSecurity.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\mqsvc.exe
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\Program Files\rempl\sedsvc.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\NortonSecurity.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Kenneth Rivalsi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\splwow64.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\prevhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://search.norton.com/?prt=NIS&chn=1550&geo=US&ver=22.11.2.7&locale=en_US&guid=C2839700-452A-11E0-874C-EB4BB1146502&doi=2018-02-01&o=APN11915
uSearch Bar = Preserve
uProxyOverride = <-loopback>;*.local
BHO: Norton Password Manager: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.16.3.21\coIEPlg.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.16.3.21\coIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.16.3.21\coIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - <orphaned>
uRun: [googletalk] C:\Users\Kenneth Rivalsi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [OneDrive] "C:\Users\Kenneth Rivalsi\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
uRun: [GoogleChromeAutoLaunch_1CCAC9EBABA8234BAB75526DDDC69B7B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\Users\KENNET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{d49ed8a4-1478-4426-9e3d-52970edcd979} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{efa0cdec-f76a-4709-b1d4-4b5f82b2f6f1} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Password Manager: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\coIEPlg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\coIEPlg.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2016-7-1 82664]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2018-4-11 177192]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2018-12-12 58168]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2011-3-3 56336]
R0 SgrmAgent;System Guard Runtime Monitor Agent;C:\WINDOWS\System32\drivers\SgrmAgent.sys [2018-4-11 63896]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymEFASI64.sys [2019-1-19 1969328]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2018-4-11 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2018-7-11 72768]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2018-4-11 18472]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2018-4-11 209816]
R1 afunix;afunix;C:\WINDOWS\System32\drivers\afunix.sys [2018-4-11 39424]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-11 254464]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-4-11 60320]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20190129.006\BHDrvx64.sys [2019-1-31 1925104]
R1 ccSet_NGC;NGC Settings Manager;C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccsetx64.sys [2019-1-19 189152]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2018-4-11 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-4-11 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20190201.062\IDSvia64.sys [2019-2-1 1424904]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NGCx64\1610030.015\IRONx64.sys [2019-1-19 308416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [2019-1-19 567024]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2016-10-6 89600]
R2 AGMService;Adobe Genuine Monitor Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2018-5-11 2917864]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-8-2 2709480]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-12-16 255472]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-8-23 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R2 CDPUserSvc_3fa73c4;Connected Devices Platform User Service_3fa73c4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-8-15 414720]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-18 3058392]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2018-4-11 51288]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2019-1-22 51024]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2018-4-11 51288]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IntelHaxm;Intel HAXM Service;C:\WINDOWS\System32\drivers\IntelHaxm.sys [2017-4-13 180904]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NortonSecurity;Norton Security;C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\NortonSecurity.exe [2019-1-19 328648]
R2 nsWscSvc;Norton WSC Service;C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\nsWscSvc.exe [2019-1-19 915712]
R2 OneSyncSvc_3fa73c4;Sync Host_3fa73c4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-4-30 337776]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-8-15 760888]
R2 sedsvc;Windows Remediation Service;C:\Program Files\rempl\sedsvc.exe [2019-1-11 325432]
R2 SgrmBroker;System Guard Runtime Monitor Broker;C:\WINDOWS\System32\SgrmBroker.exe [2018-4-11 163336]
R2 SPOCJS;Jack Sensing Service for USB Audio;C:\WINDOWS\System32\svchost.exe -k SPOCJS [2018-4-11 51288]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2018-12-12 82432]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-3-30 253960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-8 2533400]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-4-11 151960]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R2 WpnUserService_3fa73c4;Windows Push Notifications User Service_3fa73c4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2018-4-11 60320]
R3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 clwvd;HP Webcam Splitter;C:\WINDOWS\System32\drivers\clwvd.sys [2010-6-25 32880]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2018-4-11 153296]
R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\drivers\HECIx64.sys [2010-4-30 56344]
R3 Impcd;Impcd;C:\WINDOWS\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-4-11 38912]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\WINDOWS\System32\drivers\lan9500-x64-n650f.sys [2018-1-18 111312]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2018-4-11 20992]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2018-4-11 604160]
R3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-3-30 52904]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
R3 usbaud;HP USB Media Port Rep Audio;C:\WINDOWS\System32\drivers\usbaud64.sys [2011-11-16 232064]
R3 wdkmd;Intel WiDi KMD;C:\WINDOWS\System32\drivers\WDKMD.sys [2010-4-16 39832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2018-4-11 264192]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [2019-1-19 25744]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/02/08 00:50:00;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-2-8 245232]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-6-27 143144]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2018-4-11 51288]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-4-11 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2018-4-11 1135520]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2018-4-11 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2018-4-11 51288]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
S3 BcastDVRUserService_3fa73c4;GameDVR and Broadcast User Service_3fa73c4;C:\WINDOWS\System32\svchost.exe -k BcastDVRUserService [2018-4-11 51288]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2018-4-11 9728]
S3 bindflt;Windows Bind Filter Driver;C:\WINDOWS\System32\drivers\bindflt.sys [2018-12-12 92688]
S3 BluetoothUserService_3fa73c4;Bluetooth User Support Service_3fa73c4;C:\WINDOWS\System32\svchost.exe -k BthAppGroup [2018-4-11 51288]
S3 BTAGService;Bluetooth Audio Gateway Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 BthAvctpSvc;AVCTP service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2018-4-11 38304]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-4-11 39936]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2018-4-11 123392]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-4-11 321432]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-4-11 1836952]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2018-4-11 51288]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-6-27 143144]
S3 DevicePickerUserSvc_3fa73c4;DevicePicker_3fa73c4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevicesFlowUserSvc_3fa73c4;DevicesFlow_3fa73c4;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2018-4-11 51288]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2017-5-18 131984]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-8-15 90624]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2018-4-11 51288]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2018-4-11 51288]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-4-11 20992]
S3 GoogleChromeElevationService;Google Chrome Elevation Service;C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-13 443872]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2018-4-11 51288]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-4-11 50592]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2018-4-11 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2018-4-11 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2018-4-11 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-4-11 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-4-11 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-4-11 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-4-11 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2018-4-11 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2018-4-11 113152]
S3 iaStorAVC;Intel Chipset SATA RAID Controller;C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-4-11 885144]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2018-4-11 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 InstallService;Microsoft Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2018-4-11 32256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 ItSas35i;ItSas35i;C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-4-11 145816]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-4-11 124312]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-4-11 128408]
S3 LxpSvc;Language Experience Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2018-4-11 51288]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2018-4-11 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2018-4-11 56736]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-4-11 75160]
S3 megasas35i;megasas35i;C:\WINDOWS\System32\drivers\megasas35i.sys [2018-4-11 82328]
S3 MessagingService_3fa73c4;MessagingService_3fa73c4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-4-11 842648]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2018-4-11 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2018-4-11 175104]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-4-11 197632]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 nvdimm;Microsoft NVDIMM device driver;C:\WINDOWS\System32\drivers\nvdimm.sys [2018-4-11 104448]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2018-4-11 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2018-4-11 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 PimIndexMaintenanceSvc_3fa73c4;Contact Data_3fa73c4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2018-4-11 16896]
S3 PrintWorkflowUserSvc_3fa73c4;PrintWorkflow_3fa73c4;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2018-4-11 51288]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2018-4-11 39840]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2018-7-11 1921944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2018-7-11 945568]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2018-4-11 51288]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2018-4-11 104448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2011-2-8 232992]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2018-4-11 51288]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2018-8-15 128920]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2018-4-11 33176]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2018-4-11 1273344]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2018-4-11 154528]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2018-4-11 51288]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2018-4-11 57752]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-6-13 976384]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2017-5-18 166288]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-6-2 105368]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2018-7-11 48544]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2018-4-11 303616]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2018-4-11 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2018-4-11 152576]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2018-4-11 57856]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2018-4-11 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2018-6-13 29600]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2018-4-11 282008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2018-4-11 98200]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2018-4-11 144288]
S3 UnistoreSvc_3fa73c4;User Data Storage_3fa73c4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2018-4-11 29088]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2018-4-11 67992]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2018-4-11 28064]
S3 UserDataSvc_3fa73c4;User Data Access_3fa73c4;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2018-4-11 51288]
S3 VacSvc;Volumetric Audio Compositor Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2018-11-13 36352]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2018-8-15 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2018-4-11 51288]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2018-4-11 51288]
S3 WaaSMedicSvc;Windows Update Medic Service;C:\WINDOWS\System32\svchost.exe -k wusvcs -p [2018-4-11 51288]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2018-4-11 51288]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2018-4-11 51288]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2018-12-12 83456]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2018-11-13 787456]
S3 WdmCompanionFilter;WdmCompanionFilter;C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [2018-4-11 21408]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-6-3 61992]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe [2018-6-3 4682552]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2018-4-11 51288]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2018-4-11 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-11-13 228864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Kenneth Rivalsi\Downloads\RealTemp_370\WinRing0x64.sys [2008-7-26 14544]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2018-4-11 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2018-4-11 51288]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
S3 WpcMonSvc;Parental Controls;C:\WINDOWS\System32\svchost.exe -k LocalService [2018-4-11 51288]
S3 wpCtrlDrv_NGC;Symantec Webcam Control functional driver;C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [2019-1-19 1011056]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2018-4-11 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2018-7-11 295424]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2018-4-11 46592]
S4 hvcrash;hvcrash;C:\WINDOWS\System32\drivers\hvcrash.sys [2018-4-11 33184]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2018-4-11 51288]
S4 ssh-agent;OpenSSH Authentication Agent;C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-4-12 495616]
S4 SymEvnt;Symantec Eventing Platform;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\SymPlatform\SymEvnt.sys [2018-10-31 678616]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2018-4-11 51288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2019-02-02 12:44:30 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{DB2F1EDA-8BDF-431C-9D9D-ACC43068430C}
2019-02-01 22:04:06 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{7B00B56A-BF9B-4A57-B726-40F8386A44C9}
2019-02-01 03:53:43 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{48D85AA0-4352-4CDE-A03F-E92B4903C7F6}
2019-01-31 15:53:24 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{C8632BF5-8216-42CA-B816-1D9F1D1E57FD}
2019-01-31 03:53:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{A1710E35-1571-421E-BC56-C0CFC48DE8EA}
2019-01-31 01:19:51 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\Corel
2019-01-30 15:53:06 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{9DD22711-FE3D-4307-8C85-D8143D13999E}
2019-01-30 12:59:59 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\NPE
2019-01-30 03:52:49 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{37979D0F-6AD2-486F-8526-CC4FEBD02181}
2019-01-29 13:59:19 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{443520E7-1D7D-4716-8041-DF507332C9D0}
2019-01-29 01:47:17 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{871B61C0-4631-4874-A435-32B1D179D053}
2019-01-28 13:46:57 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{632F33DA-3902-4340-8873-FA8384994BE9}
2019-01-28 01:46:39 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{E5C22127-8DF2-4E29-BB41-66B16EF400AC}
2019-01-27 13:46:34 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{BEB1308B-4C01-4293-80E0-1F5588C5A5D6}
2019-01-27 01:46:15 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{BE134CAC-9173-4AB0-AC55-A4AD02F6A165}
2019-01-27 00:04:12 -------- d-----w- C:\Program Files\Common Files\Protexis
2019-01-26 23:52:54 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\Corel PhotoMirage
2019-01-26 23:40:13 -------- d-----w- C:\Program Files (x86)\Pic to Painting
2019-01-26 23:00:10 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\Corel PaintShop Pro
2019-01-26 22:59:25 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2019-01-26 22:55:41 -------- d-----w- C:\Program Files\Corel
2019-01-26 22:51:21 -------- d-----w- C:\Program Files (x86)\Corel
2019-01-26 13:45:47 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{F6B042D4-1BD0-4387-A25C-43C88CB59779}
2019-01-26 01:17:34 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{143DC145-EF4B-44B5-B16C-5BF00D727582}
2019-01-25 13:17:25 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{BF1FDE1B-F8B8-4DB1-AFBA-6404FD65FE64}
2019-01-25 01:10:35 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{F689CC1C-9B73-4FF2-8ADE-76A5137BB5DD}
2019-01-24 13:10:13 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{076721B4-D008-4144-9BA4-532D43682CBF}
2019-01-23 14:02:47 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{7E107F90-4C8F-4BC9-ADDE-F771579CEFAA}
2019-01-23 02:02:23 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{899EC385-3E36-4262-BF77-BAC53A401987}
2019-01-22 14:00:54 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{AC561291-B94F-4E92-84DD-2145787BBBFF}
2019-01-22 13:14:16 51024 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2019-01-22 13:14:16 47800 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2019-01-22 13:14:16 47800 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2019-01-22 13:14:16 47800 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2019-01-22 02:00:38 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{93DD09F3-1CA1-4452-8AD2-8E28F3FD0B1E}
2019-01-21 14:00:17 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{C30691BF-8144-4C62-B66C-BA0351F1A0C1}
2019-01-21 02:00:01 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{380ADDEF-4864-4EAF-9E51-EAACA59B79AF}
2019-01-20 13:59:36 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{93E7171C-560A-44C8-8451-309CD6F21D5C}
2019-01-20 00:43:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{552F86BE-B751-49B3-9496-86C9F0777686}
2019-01-19 12:54:13 -------- d-----w- C:\Program Files (x86)\Common Files\Oracle
2019-01-19 12:50:07 468616 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symtdiv.sys
2019-01-19 12:50:07 1011056 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys
2019-01-19 12:50:06 855256 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\srtsp64.sys
2019-01-19 12:50:06 567024 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys
2019-01-19 12:50:06 49880 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\srtspx64.sys
2019-01-19 12:50:06 308416 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\IRONx64.sys
2019-01-19 12:50:06 25744 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys
2019-01-19 12:50:06 1969328 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymEFASI64.sys
2019-01-19 12:50:06 189152 ----a-w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccsetx64.sys
2019-01-19 12:49:39 -------- d-----w- C:\WINDOWS\System32\drivers\NGCx64\1610030.015
2019-01-19 12:42:50 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{B3349087-0FD0-478F-833E-71AAF27C6B9C}
2019-01-18 22:33:14 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{C375CB9F-9825-4ED0-9FA4-131C5C26C642}
2019-01-18 02:08:09 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{9F98F57B-CD78-4DA0-8851-F025120EC003}
2019-01-17 14:07:01 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{C3DBA6E3-407D-47C2-B3B0-5127E0A7BDEF}
2019-01-17 07:49:36 18650984 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2019-01-16 18:19:30 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{0416AFAC-3F62-4605-86E6-DA7192BE0294}
2019-01-16 03:45:48 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{F16E8C41-A57F-4455-A9C8-2ACE0EA185F0}
2019-01-15 15:45:45 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D5B8C18A-102A-476E-8F35-20D0B632E96C}
2019-01-15 03:45:29 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{28EAD64A-76D8-444B-B184-2BB856192E56}
2019-01-14 22:56:48 -------- d-----w- C:\ProgramData\Protexis64
2019-01-14 15:45:24 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{A263B674-C2E6-448D-9BF4-7C47C13F40ED}
2019-01-14 03:45:08 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{17A3666E-2543-460C-92B1-8460CB3BFC6F}
2019-01-13 15:45:05 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{9E8C03C8-89D0-4D15-AF7A-C9B9B6EDBE12}
2019-01-13 03:44:45 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{1AF0A363-0B8E-40C8-9959-A16BF84DDDE0}
2019-01-12 14:47:45 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{DD95300F-7E0A-4A17-AABF-D0AAA54BA8FF}
2019-01-12 01:51:09 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{6942C30F-5FDC-4166-A6A7-66B16EB40C2C}
2019-01-11 13:51:03 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{A3AD598E-9E6B-42C5-B1FB-D0A6A927D2D2}
2019-01-10 20:16:40 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{37EC8F1A-B9A0-4A73-BCB1-9683B6D8E634}
2019-01-10 20:14:05 6161920 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2019-01-08 13:21:35 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{BA34B9D9-9026-4D2D-9888-F53B78B0017D}
2019-01-07 16:00:34 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{6B55169D-6CE7-4EF1-8777-5C893D6353E1}
2019-01-07 04:00:18 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{58F6D167-C9BE-40B1-8B8E-17526BF6B8EF}
2019-01-06 16:00:15 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D520E386-FCB8-455B-AC37-F1E7442910F2}
2019-01-06 03:59:58 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{3B02DB7F-EB73-4480-9D00-AF6C547B1E39}
2019-01-05 13:48:13 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{D1D55737-8256-4F07-AB95-A4FA1AFA2EE8}
2019-01-05 01:47:55 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{BD3F0196-89F2-4EC1-9C31-A2F70CD5FF67}
2019-01-04 13:47:51 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{74EC8F9E-E99A-428A-86D1-326EC3777978}
2019-01-04 01:47:33 -------- d-----w- C:\Users\Kenneth Rivalsi\AppData\Local\{79B8308F-3F89-4D75-81A2-369CA6B94897}
.
==================== Find3M ====================
.
2019-01-30 15:24:29 144368 ------w- C:\WINDOWS\System32\drivers\rikvm_C6F09094.sys
2019-01-19 12:51:24 99192 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2019-01-02 19:41:40 835480 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2019-01-02 19:41:40 179600 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2019-01-01 13:50:14 64000 ----a-w- C:\WINDOWS\System32\iemigplugin.dll
2019-01-01 13:47:36 225792 ----a-w- C:\WINDOWS\System32\windowslivelogin.dll
2019-01-01 13:45:57 285184 ----a-w- C:\WINDOWS\System32\wlidcredprov.dll
2019-01-01 13:45:47 714752 ----a-w- C:\WINDOWS\System32\wlidcli.dll
2019-01-01 13:43:48 1364992 ----a-w- C:\WINDOWS\System32\bcastdvruserservice.dll
2019-01-01 13:20:16 165888 ----a-w- C:\WINDOWS\SysWow64\windowslivelogin.dll
2019-01-01 13:18:05 500736 ----a-w- C:\WINDOWS\SysWow64\wlidcli.dll
2019-01-01 13:17:39 231936 ----a-w- C:\WINDOWS\SysWow64\wlidcredprov.dll
2019-01-01 07:14:47 1063224 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2019-01-01 07:14:47 1029944 ----a-w- C:\WINDOWS\System32\hvax64.exe
2019-01-01 07:14:46 76088 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2019-01-01 07:14:39 566568 ----a-w- C:\WINDOWS\System32\tcblaunch.exe
2019-01-01 07:14:39 1221432 ----a-w- C:\WINDOWS\System32\hvix64.exe
2019-01-01 07:14:37 134968 ----a-w- C:\WINDOWS\System32\hvloader.dll
2019-01-01 07:13:36 709728 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2019-01-01 07:13:36 3292152 ----a-w- C:\WINDOWS\System32\combase.dll
2019-01-01 07:13:30 436024 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2019-01-01 07:13:30 1363536 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2019-01-01 07:13:21 170808 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2019-01-01 07:12:59 7520104 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2019-01-01 07:12:53 9084216 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2019-01-01 07:12:45 2465792 ----a-w- C:\WINDOWS\System32\msxml6.dll
2019-01-01 07:12:39 268304 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2019-01-01 07:12:35 2421288 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2019-01-01 07:12:29 43536 ----a-w- C:\WINDOWS\System32\browser_broker.exe
2019-01-01 07:12:26 713272 ----a-w- C:\WINDOWS\System32\MSVideoDSP.dll
2019-01-01 07:12:20 128824 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2019-01-01 06:55:34 25856512 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2019-01-01 06:50:40 4383744 ----a-w- C:\WINDOWS\System32\EdgeContent.dll
2019-01-01 06:48:10 79360 ----a-w- C:\WINDOWS\System32\Print.Workflow.Source.dll
2019-01-01 06:48:03 81920 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys
2019-01-01 06:48:01 342528 ----a-w- C:\WINDOWS\System32\browserexport.exe
2019-01-01 06:47:38 433152 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2019-01-01 06:47:17 808448 ----a-w- C:\WINDOWS\System32\EdgeManager.dll
2019-01-01 06:46:47 153088 ----a-w- C:\WINDOWS\System32\dssvc.dll
2019-01-01 06:46:13 154112 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2019-01-01 06:46:03 209408 ----a-w- C:\WINDOWS\System32\MicrosoftAccountTokenProvider.dll
2019-01-01 06:45:47 352768 ----a-w- C:\WINDOWS\System32\dhcpcore.dll
2019-01-01 06:45:13 2368512 ----a-w- C:\WINDOWS\System32\WebRuntimeManager.dll
2019-01-01 06:45:03 7573504 ----a-w- C:\WINDOWS\System32\Chakra.dll
2019-01-01 06:44:49 1708544 ----a-w- C:\WINDOWS\System32\MSPhotography.dll
2019-01-01 06:44:46 456192 ----a-w- C:\WINDOWS\System32\Windows.Graphics.Printing.Workflow.dll
2019-01-01 06:44:44 894464 ----a-w- C:\WINDOWS\System32\webplatstorageserver.dll
2019-01-01 06:44:28 662528 ----a-w- C:\WINDOWS\System32\wlidprov.dll
2019-01-01 06:44:03 1549824 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2019-01-01 06:42:36 1371136 ----a-w- C:\WINDOWS\System32\aadtb.dll
2019-01-01 06:42:29 2247680 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2019-01-01 06:42:17 717312 ----a-w- C:\WINDOWS\System32\Windows.Web.dll
2019-01-01 06:42:11 4939776 ----a-w- C:\WINDOWS\System32\wininet.dll
2019-01-01 06:41:40 1159680 ----a-w- C:\WINDOWS\System32\rpcss.dll
2019-01-01 06:41:32 895488 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2019-01-01 06:41:22 505344 ----a-w- C:\WINDOWS\System32\edgeIso.dll
2019-01-01 06:41:04 899072 ----a-w- C:\WINDOWS\System32\kerberos.dll
2019-01-01 06:37:59 2478664 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2019-01-01 06:37:58 880048 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2019-01-01 06:37:56 381240 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2019-01-01 06:37:50 1989040 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2019-01-01 06:37:32 6571584 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2019-01-01 06:37:13 581808 ----a-w- C:\WINDOWS\SysWow64\MSVideoDSP.dll
2019-01-01 06:29:00 22016512 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2019-01-01 06:17:25 153088 ----a-w- C:\WINDOWS\SysWow64\MicrosoftAccountTokenProvider.dll
2019-01-01 06:16:52 1361408 ----a-w- C:\WINDOWS\SysWow64\MSPhotography.dll
2019-01-01 06:16:49 5775872 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2019-01-01 06:16:41 310272 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2019-01-01 06:15:47 331264 ----a-w- C:\WINDOWS\SysWow64\edgeIso.dll
2019-01-01 06:15:37 5307392 ----a-w- C:\WINDOWS\SysWow64\d2d1.dll
2019-01-01 06:15:18 608768 ----a-w- C:\WINDOWS\SysWow64\EdgeManager.dll
2019-01-01 06:15:13 317440 ----a-w- C:\WINDOWS\SysWow64\dhcpcore.dll
2019-01-01 06:14:50 578560 ----a-w- C:\WINDOWS\SysWow64\webplatstorageserver.dll
2019-01-01 06:14:08 4514816 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2019-01-01 06:14:06 330752 ----a-w- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.Workflow.dll
2019-01-01 06:13:26 251904 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2019-01-01 06:13:16 594432 ----a-w- C:\WINDOWS\SysWow64\Windows.Web.dll
2019-01-01 06:12:54 1036288 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2019-01-01 06:12:44 795648 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
2019-01-01 06:12:18 516608 ----a-w- C:\WINDOWS\SysWow64\wlidprov.dll
2019-01-01 06:12:11 778240 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2018-12-19 04:49:12 352768 ----a-w- C:\WINDOWS\SysWow64\msrd3x40.dll
2018-12-14 07:29:22 1130760 ----a-w- C:\WINDOWS\SysWow64\msvproc.dll
2018-12-14 07:25:40 1035256 ----a-w- C:\WINDOWS\System32\ApplyTrustOffline.exe
2018-12-14 07:21:46 1098064 ----a-w- C:\WINDOWS\System32\msvproc.dll
2018-12-14 07:21:44 1457240 ----a-w- C:\WINDOWS\System32\winload.efi
2018-12-14 07:21:43 1140480 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-12-14 07:21:42 982912 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-12-14 07:21:42 1257672 ----a-w- C:\WINDOWS\System32\winload.exe
2018-12-14 07:10:38 1295360 ----a-w- C:\WINDOWS\SysWow64\MSVPXENC.dll
2018-12-14 06:55:44 3396608 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2018-12-14 06:55:04 209408 ----a-w- C:\WINDOWS\System32\AppXApplicabilityBlob.dll
2018-12-14 06:54:39 1307648 ----a-w- C:\WINDOWS\System32\MSVPXENC.dll
2018-12-14 06:54:31 6032384 ----a-w- C:\WINDOWS\System32\d2d1.dll
2018-12-14 06:52:49 2173440 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2018-12-14 06:52:44 1826816 ----a-w- C:\WINDOWS\System32\Windows.CloudStore.dll
2018-12-14 06:51:24 1551360 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.desktop.dll
2018-12-08 12:47:28 1048712 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2018-12-08 12:47:15 645320 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-12-08 12:46:44 549760 ----a-w- C:\WINDOWS\System32\AppResolver.dll
.
============= FINISH: 17:53:13.16 ===============
Attached Thumbnails
Click image for larger version

Name:	picture_popup.png
Views:	41
Size:	176.0 KB
ID:	322774  
Attached Files
File Type: txt attach.txt (18.7 KB, 3 views)
islavir is offline  
Sponsored Links
Advertisement
 
Old 02-02-2019, 03:34 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-02-2019, 05:52 PM   #3
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-31.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2019
# Duration: 00:00:08
# OS: Windows 10 Home
# Cleaned: 6
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{61D752E5-C35F-4310-9832-22EA6403F702}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{61D752E5-C35F-4310-9832-22EA6403F702}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{61D752E5-C35F-4310-9832-22EA6403F702}
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

Deleted McAfee Security Scan+

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1819 octets] - [02/02/2019 20:36:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019
Ran by Kenneth Rivalsi (administrator) on LAPTOP_2011 (02-02-2019 20:49:10)
Running from C:\FRST
Loaded Profiles: Kenneth Rivalsi (Available Profiles: Kenneth Rivalsi & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

========================================================
islavir is offline  
Sponsored Links
Advertisement
 
Old 02-02-2019, 07:34 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir. Unfortunately, you didn't post the entire FRST.txt log in your reply. Only the header got posted. Most of it is missing.

It also appears you didn't attach the second FRST log, Addition.txt, to you last reply.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-03-2019, 05:34 AM   #5
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Sorry about that, my mistake.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30.01.2019
Ran by Kenneth Rivalsi (administrator) on LAPTOP_2011 (03-02-2019 08:10:46)
Running from C:\Users\Kenneth Rivalsi\Downloads
Loaded Profiles: Kenneth Rivalsi (Available Profiles: Kenneth Rivalsi & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\NortonSecurity.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\nsWscSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\NortonSecurity.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-30] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4090176 2019-01-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\...\Run: [googletalk] => C:\Users\Kenneth Rivalsi\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [525456 2010-01-19] (Corel, Inc.)
HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\...\Run: [GoogleChromeAutoLaunch_1CCAC9EBABA8234BAB75526DDDC69B7B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc.)
HKLM\...\Drivers32: [vidc.mjpg] => pvmjpgx40.dll
HKLM\...\Drivers32-x32: [vidc.mjpg] => pvmjpg30.dll
HKLM\...\Drivers32-x32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-20] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-20] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-20] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.pDAD] => prodad-codec.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Kenneth Rivalsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-12-31]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kenneth Rivalsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk [2011-04-20]
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Kenneth Rivalsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d49ed8a4-1478-4426-9e3d-52970edcd979}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{efa0cdec-f76a-4709-b1d4-4b5f82b2f6f1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2769849268-4207183726-1260941271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NIS&chn=1550&geo=US&ver=22.11.2.7&locale=en_US&guid=C2839700-452A-11E0-874C-EB4BB1146502&doi=2018-02-01&o=APN11915
SearchScopes: HKLM -> {3497FCD3-7E1E-4D28-91CC-DA2AAC1BFE3B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {3F245879-9883-4149-85DF-A367BB581817} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {3497FCD3-7E1E-4D28-91CC-DA2AAC1BFE3B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {3F245879-9883-4149-85DF-A367BB581817} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001 -> {3497FCD3-7E1E-4D28-91CC-DA2AAC1BFE3B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001 -> {3F245879-9883-4149-85DF-A367BB581817} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1550&geo=US&ver=22.16.3.21&locale=en_US&guid=C2839700-452A-11E0-874C-EB4BB1146502&doi=2018-02-01&cmpgn=zeus&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-11-14] (Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-12-11] (Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-19] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14] (Skype Technologies S.A.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension => not found
FF Plugin: @Adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-10] ()
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-10] ()
FF Plugin-x32: @Adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-19] (Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\Default [2019-02-03]
CHR Extension: (Norton Safe Web) - C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-01-23]
CHR Extension: (Norton Safe) - C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2018-03-20]
CHR Extension: (Norton Identity Safe) - C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-13]
CHR Profile: C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-08-23]
CHR Profile: C:\Users\Kenneth Rivalsi\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-23]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2011-03-11] (Andrea Electronics Corporation) [File not signed]
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-01-22] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NortonSecurity; C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-12] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-12] (Symantec Corporation)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SPOCJS; C:\WINDOWS\SysWOW64\SPOCJS64.DLL [19072 2011-01-05] (Conexant Systems, Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [263168 2011-03-11] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-03-30] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-03] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20190129.006\BHDrvx64.sys [1925104 2018-09-20] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-08] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20190201.062\IDSvia64.sys [1424904 2019-01-22] (Symantec Corporation)
R3 LAN9500; C:\WINDOWS\System32\drivers\lan9500-x64-n650f.sys [111312 2018-06-21] (Microchip Technology Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-03-30] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-13] (Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\SymPlatform\SymEvnt.sys [678616 2019-02-01] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation)
R3 usbaud; C:\WINDOWS\system32\DRIVERS\usbaud64.sys [232064 2011-11-16] (Conexant Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-03] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-03] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\Kenneth Rivalsi\Downloads\RealTemp_370\WinRing0x64.sys [14544 2018-08-01] (OpenLibSys.org)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-03 08:10 - 2019-02-03 08:12 - 000029936 _____ C:\Users\Kenneth Rivalsi\Downloads\FRST.txt
2019-02-03 08:08 - 2019-02-03 08:08 - 002428928 _____ (Farbar) C:\Users\Kenneth Rivalsi\Downloads\FRST64.exe
2019-02-03 08:01 - 2019-02-03 08:01 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{7ABF50FA-3041-4E07-B4A8-9B0D00DAA83E}
2019-02-02 20:35 - 2019-02-02 20:35 - 007316688 _____ (Malwarebytes) C:\Users\Kenneth Rivalsi\Downloads\adwcleaner_7.2.7.0.exe
2019-02-02 20:34 - 2019-02-02 20:34 - 007320272 _____ (Malwarebytes) C:\Users\Kenneth Rivalsi\Downloads\AdwCleaner (1).exe
2019-02-02 19:44 - 2019-02-02 19:44 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{1B0D03A9-F470-441A-AD5A-C49426E8414E}
2019-02-02 17:53 - 2019-02-02 17:53 - 000064029 _____ C:\Users\Kenneth Rivalsi\Desktop\dds.txt
2019-02-02 17:53 - 2019-02-02 17:53 - 000019133 _____ C:\Users\Kenneth Rivalsi\Desktop\attach.txt
2019-02-02 07:44 - 2019-02-02 07:44 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{DB2F1EDA-8BDF-431C-9D9D-ACC43068430C}
2019-02-01 22:41 - 2019-02-01 22:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-01 17:04 - 2019-02-01 17:04 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{7B00B56A-BF9B-4A57-B726-40F8386A44C9}
2019-01-31 22:53 - 2019-01-31 22:53 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{48D85AA0-4352-4CDE-A03F-E92B4903C7F6}
2019-01-31 10:53 - 2019-01-31 10:53 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{C8632BF5-8216-42CA-B816-1D9F1D1E57FD}
2019-01-30 22:53 - 2019-01-30 22:53 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{A1710E35-1571-421E-BC56-C0CFC48DE8EA}
2019-01-30 20:43 - 2019-01-30 20:42 - 000002184 _____ C:\Users\Public\Desktop\Corel AfterShot 3 (64-bit).lnk
2019-01-30 20:42 - 2019-01-30 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel AfterShot 3
2019-01-30 20:19 - 2019-01-30 20:19 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\Corel
2019-01-30 10:53 - 2019-01-30 10:53 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{9DD22711-FE3D-4307-8C85-D8143D13999E}
2019-01-30 10:13 - 2019-01-30 10:13 - 002187504 _____ (LogMeIn, Inc.) C:\Users\Kenneth Rivalsi\Downloads\Support-LogMeInRescue.exe
2019-01-30 07:59 - 2019-01-30 08:01 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\NPE
2019-01-29 22:52 - 2019-01-29 22:52 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{37979D0F-6AD2-486F-8526-CC4FEBD02181}
2019-01-29 08:59 - 2019-01-29 08:59 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{443520E7-1D7D-4716-8041-DF507332C9D0}
2019-01-28 20:47 - 2019-01-28 20:47 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{871B61C0-4631-4874-A435-32B1D179D053}
2019-01-28 08:46 - 2019-01-28 08:46 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{632F33DA-3902-4340-8873-FA8384994BE9}
2019-01-27 20:46 - 2019-01-27 20:46 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{E5C22127-8DF2-4E29-BB41-66B16EF400AC}
2019-01-27 08:46 - 2019-01-27 08:46 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{BEB1308B-4C01-4293-80E0-1F5588C5A5D6}
2019-01-26 20:46 - 2019-01-26 20:46 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{BE134CAC-9173-4AB0-AC55-A4AD02F6A165}
2019-01-26 19:04 - 2019-01-26 19:04 - 000002150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter Essentials 6.lnk
2019-01-26 19:04 - 2019-01-26 19:04 - 000000000 ____D C:\Program Files\Common Files\Protexis
2019-01-26 18:52 - 2019-01-26 18:52 - 000000000 ____D C:\Users\Kenneth Rivalsi\Documents\Corel PhotoMirage
2019-01-26 18:52 - 2019-01-26 18:52 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\Corel PhotoMirage
2019-01-26 18:47 - 2019-01-26 18:47 - 000001217 _____ C:\Users\Public\Desktop\PhotoMirage (64-bit).lnk
2019-01-26 18:47 - 2019-01-26 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoMirage
2019-01-26 18:40 - 2019-01-26 18:42 - 000000000 ____D C:\Program Files (x86)\Pic to Painting
2019-01-26 18:00 - 2019-01-26 18:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\Documents\Corel PaintShop Pro
2019-01-26 18:00 - 2019-01-26 18:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\Corel PaintShop Pro
2019-01-26 17:59 - 2019-01-30 20:43 - 000003350 _____ C:\WINDOWS\System32\Tasks\CorelUpdateHelperTaskCore
2019-01-26 17:56 - 2019-01-26 17:56 - 000001306 _____ C:\Users\Public\Desktop\Corel PaintShop Pro 2019 (64-bit).lnk
2019-01-26 17:55 - 2019-01-26 19:10 - 000000000 ____D C:\Program Files\Corel
2019-01-26 17:53 - 2019-01-26 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro 2019
2019-01-26 17:53 - 2019-01-26 17:53 - 000001175 _____ C:\Users\Public\Desktop\Corel PaintShop Pro 2019.lnk
2019-01-26 17:51 - 2019-01-26 18:46 - 000000000 ____D C:\Program Files (x86)\Corel
2019-01-26 08:45 - 2019-01-26 08:45 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{F6B042D4-1BD0-4387-A25C-43C88CB59779}
2019-01-25 20:17 - 2019-01-25 20:17 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{143DC145-EF4B-44B5-B16C-5BF00D727582}
2019-01-25 08:17 - 2019-01-25 08:17 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{BF1FDE1B-F8B8-4DB1-AFBA-6404FD65FE64}
2019-01-24 20:10 - 2019-01-24 20:10 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{F689CC1C-9B73-4FF2-8ADE-76A5137BB5DD}
2019-01-24 14:18 - 2019-01-24 14:18 - 000296575 _____ C:\Users\Kenneth Rivalsi\Downloads\4N-240A (TS-3-53-2).dwg
2019-01-24 11:51 - 2019-01-24 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-01-24 08:10 - 2019-01-24 08:10 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{076721B4-D008-4144-9BA4-532D43682CBF}
2019-01-23 09:02 - 2019-01-23 09:02 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{7E107F90-4C8F-4BC9-ADDE-F771579CEFAA}
2019-01-22 21:02 - 2019-01-22 21:02 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{899EC385-3E36-4262-BF77-BAC53A401987}
2019-01-22 09:55 - 2019-01-22 09:55 - 000458691 _____ C:\Users\Kenneth Rivalsi\Downloads\9600.pdf
2019-01-22 09:00 - 2019-01-22 09:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{AC561291-B94F-4E92-84DD-2145787BBBFF}
2019-01-22 08:14 - 2019-01-22 08:14 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-01-22 08:14 - 2019-01-22 08:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-01-22 08:14 - 2019-01-22 08:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-01-22 08:14 - 2019-01-22 08:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-01-21 21:00 - 2019-01-21 21:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{93DD09F3-1CA1-4452-8AD2-8E28F3FD0B1E}
2019-01-21 17:27 - 2019-01-21 17:28 - 000000000 ____D C:\Users\Kenneth Rivalsi\Documents\Recycle
2019-01-21 09:00 - 2019-01-21 09:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{C30691BF-8144-4C62-B66C-BA0351F1A0C1}
2019-01-20 21:00 - 2019-01-20 21:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{380ADDEF-4864-4EAF-9E51-EAACA59B79AF}
2019-01-20 08:59 - 2019-01-20 08:59 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{93E7171C-560A-44C8-8451-309CD6F21D5C}
2019-01-19 19:43 - 2019-01-19 19:43 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{552F86BE-B751-49B3-9496-86C9F0777686}
2019-01-19 12:20 - 2019-01-19 12:20 - 000003406 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-01-19 12:20 - 2019-01-19 12:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-01-19 07:42 - 2019-01-19 07:42 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{B3349087-0FD0-478F-833E-71AAF27C6B9C}
2019-01-18 17:33 - 2019-01-18 17:33 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{C375CB9F-9825-4ED0-9FA4-131C5C26C642}
2019-01-17 21:08 - 2019-01-17 21:08 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{9F98F57B-CD78-4DA0-8851-F025120EC003}
2019-01-17 09:07 - 2019-01-17 09:07 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{C3DBA6E3-407D-47C2-B3B0-5127E0A7BDEF}
2019-01-16 13:19 - 2019-01-16 13:19 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{0416AFAC-3F62-4605-86E6-DA7192BE0294}
2019-01-15 22:45 - 2019-01-15 22:45 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{F16E8C41-A57F-4455-A9C8-2ACE0EA185F0}
2019-01-15 10:45 - 2019-01-15 10:45 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{D5B8C18A-102A-476E-8F35-20D0B632E96C}
2019-01-14 22:45 - 2019-01-14 22:45 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{28EAD64A-76D8-444B-B184-2BB856192E56}
2019-01-14 17:56 - 2019-01-14 18:03 - 000000000 ____D C:\ProgramData\Protexis64
2019-01-14 17:45 - 2019-01-14 17:46 - 211639856 _____ C:\Users\Kenneth Rivalsi\Downloads\psp2019_en_64.zip
2019-01-14 17:44 - 2019-01-14 17:45 - 006263712 _____ (Corel Corporation) C:\Users\Kenneth Rivalsi\Downloads\Corel_PaintShop_Pro_2019_ppc_brkws.exe
2019-01-14 10:45 - 2019-01-14 10:45 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{A263B674-C2E6-448D-9BF4-7C47C13F40ED}
2019-01-13 22:45 - 2019-01-13 22:45 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{17A3666E-2543-460C-92B1-8460CB3BFC6F}
2019-01-13 10:45 - 2019-01-13 10:45 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{9E8C03C8-89D0-4D15-AF7A-C9B9B6EDBE12}
2019-01-12 22:44 - 2019-01-12 22:44 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{1AF0A363-0B8E-40C8-9959-A16BF84DDDE0}
2019-01-12 09:47 - 2019-01-12 09:47 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{DD95300F-7E0A-4A17-AABF-D0AAA54BA8FF}
2019-01-11 20:51 - 2019-01-11 20:51 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{6942C30F-5FDC-4166-A6A7-66B16EB40C2C}
2019-01-11 14:14 - 2019-01-11 14:14 - 000001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-01-11 08:51 - 2019-01-11 08:51 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{A3AD598E-9E6B-42C5-B1FB-D0A6A927D2D2}
2019-01-10 15:48 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-10 15:48 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-10 15:48 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-10 15:48 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-10 15:48 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-10 15:48 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-10 15:48 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-10 15:48 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-10 15:48 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-10 15:48 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-10 15:48 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-10 15:48 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-10 15:48 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-10 15:48 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-10 15:48 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-10 15:48 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-10 15:48 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-10 15:48 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-10 15:48 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-10 15:48 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-10 15:48 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-10 15:48 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-10 15:48 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-10 15:48 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-10 15:48 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-10 15:48 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-10 15:48 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-10 15:48 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-10 15:48 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-10 15:48 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-10 15:48 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-10 15:48 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-10 15:48 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-10 15:48 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-10 15:48 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-10 15:48 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-10 15:48 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-10 15:48 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-10 15:48 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-10 15:48 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-10 15:48 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-10 15:48 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-10 15:48 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-10 15:48 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-10 15:48 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-10 15:48 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-10 15:48 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-10 15:48 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-10 15:48 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-10 15:48 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-10 15:48 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-10 15:48 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-10 15:48 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-10 15:48 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-10 15:48 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-10 15:48 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-10 15:48 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-10 15:48 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-10 15:48 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-10 15:48 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-10 15:48 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-10 15:48 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-10 15:48 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-10 15:48 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-10 15:48 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-10 15:48 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-10 15:48 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-10 15:48 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-10 15:48 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-10 15:48 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-10 15:48 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-10 15:48 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-10 15:48 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-10 15:48 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-10 15:48 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-10 15:48 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-10 15:48 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-10 15:48 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-10 15:48 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-10 15:48 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-10 15:48 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-10 15:48 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-10 15:48 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-10 15:48 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-10 15:48 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-10 15:48 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-10 15:48 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-10 15:16 - 2019-01-10 15:16 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{37EC8F1A-B9A0-4A73-BCB1-9683B6D8E634}
2019-01-10 15:14 - 2019-01-10 15:14 - 006161920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-01-08 08:21 - 2019-01-08 08:21 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{BA34B9D9-9026-4D2D-9888-F53B78B0017D}
2019-01-07 11:00 - 2019-01-07 11:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{6B55169D-6CE7-4EF1-8777-5C893D6353E1}
2019-01-06 23:00 - 2019-01-06 23:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{58F6D167-C9BE-40B1-8B8E-17526BF6B8EF}
2019-01-06 11:00 - 2019-01-06 11:00 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{D520E386-FCB8-455B-AC37-F1E7442910F2}
2019-01-05 22:59 - 2019-01-05 22:59 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{3B02DB7F-EB73-4480-9D00-AF6C547B1E39}
2019-01-05 08:48 - 2019-01-05 08:48 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{D1D55737-8256-4F07-AB95-A4FA1AFA2EE8}
2019-01-04 20:47 - 2019-01-04 20:47 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{BD3F0196-89F2-4EC1-9C31-A2F70CD5FF67}
2019-01-04 08:47 - 2019-01-04 08:47 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\{74EC8F9E-E99A-428A-86D1-326EC3777978}

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-03 08:10 - 2014-11-11 18:21 - 000000000 ____D C:\FRST
2019-02-03 08:00 - 2011-03-05 16:12 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\CrashDumps
2019-02-02 21:38 - 2018-06-02 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-02 21:38 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-02 20:47 - 2017-06-27 20:16 - 000000000 ___RD C:\Users\Kenneth Rivalsi\Dropbox
2019-02-02 20:43 - 2018-10-31 14:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2019-02-02 20:38 - 2018-06-02 22:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-02 20:38 - 2016-07-01 10:37 - 000144368 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
2019-02-02 20:37 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-02 20:36 - 2014-11-22 21:27 - 000000000 ____D C:\AdwCleaner
2019-02-02 07:39 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-01 22:24 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-30 10:25 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-30 08:00 - 2011-02-08 04:03 - 000000000 ____D C:\ProgramData\Norton
2019-01-29 18:20 - 2017-08-08 20:27 - 000000000 ____D C:\Users\Kenneth Rivalsi\temp
2019-01-29 14:43 - 2018-10-24 12:44 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\Pinnacle
2019-01-29 14:43 - 2011-12-17 18:22 - 000000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2019-01-29 13:20 - 2011-03-02 20:06 - 000000000 ____D C:\Users\Kenneth Rivalsi\Documents\Beth
2019-01-29 13:07 - 2018-07-10 14:35 - 000000000 ____D C:\ProgramData\Packages
2019-01-29 12:59 - 2011-07-03 10:32 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\CutePDF Writer
2019-01-29 09:12 - 2017-08-08 20:25 - 000003449 _____ C:\Users\Kenneth Rivalsi\AppData\Roaming\LAPTOP_2011.MTBF.txt
2019-01-28 17:25 - 2018-06-02 21:43 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-28 17:25 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-28 17:10 - 2018-10-24 12:44 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Local\Pinnacle_Studio_20
2019-01-28 15:46 - 2011-03-02 20:06 - 000000000 ____D C:\Users\Kenneth Rivalsi\Documents\dad
2019-01-27 08:32 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-26 20:27 - 2018-10-12 17:25 - 000000000 ____D C:\WINDOWS\Minidump
2019-01-26 19:28 - 2018-06-02 21:48 - 000000000 ____D C:\Users\Kenneth Rivalsi
2019-01-26 19:10 - 2010-07-20 02:46 - 000000000 ____D C:\ProgramData\Corel
2019-01-26 18:54 - 2017-06-18 19:35 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-26 18:53 - 2012-09-15 21:34 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Roaming\Ulead Systems
2019-01-26 17:39 - 2011-03-03 20:27 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Roaming\GoodSync
2019-01-26 13:11 - 2018-06-02 21:35 - 000511344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-26 13:10 - 2010-07-20 01:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-24 11:52 - 2017-06-27 19:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-01-24 11:34 - 2010-07-20 02:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3
2019-01-24 11:29 - 2011-06-10 08:03 - 000000000 ____D C:\Users\Kenneth Rivalsi\AppData\Roaming\Corel
2019-01-23 08:27 - 2013-03-12 22:26 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-23 08:27 - 2013-03-12 22:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-22 19:40 - 2018-06-02 22:51 - 000003390 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2769849268-4207183726-1260941271-1001
2019-01-22 19:40 - 2018-06-02 21:48 - 000002442 _____ C:\Users\Kenneth Rivalsi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-22 19:40 - 2016-07-01 11:41 - 000000000 ___RD C:\Users\Kenneth Rivalsi\OneDrive
2019-01-20 09:18 - 2015-06-09 05:36 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-19 12:20 - 2018-02-21 18:06 - 000002463 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-01-19 12:20 - 2018-02-09 16:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-01-19 07:54 - 2018-01-14 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-19 07:54 - 2010-07-20 03:48 - 000000000 ____D C:\Program Files (x86)\Java
2019-01-19 07:51 - 2018-01-14 08:51 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-01-19 07:48 - 2013-10-24 19:05 - 000000000 ____D C:\ProgramData\Oracle
2019-01-17 19:08 - 2018-11-16 08:33 - 000000000 ____D C:\Program Files\rempl
2019-01-16 13:33 - 2015-01-18 19:07 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-01-15 17:15 - 2013-03-12 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-15 12:26 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-01-10 20:49 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-10 20:49 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-10 16:16 - 2013-08-15 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-10 16:03 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-10 16:03 - 2011-03-02 19:46 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-10 15:15 - 2018-06-02 22:51 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-10 15:14 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-10 15:14 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-05 18:31 - 2016-04-23 06:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-02-16 15:30 - 2017-02-16 14:07 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2017-08-08 20:25 - 2019-01-29 09:12 - 000003449 _____ () C:\Users\Kenneth Rivalsi\AppData\Roaming\LAPTOP_2011.MTBF.txt
2011-06-06 20:36 - 2017-08-08 22:40 - 000039936 _____ () C:\Users\Kenneth Rivalsi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-26 12:40 - 2018-09-26 12:40 - 000000000 _____ () C:\Users\Kenneth Rivalsi\AppData\Local\oobelibMkey.log
2018-12-18 10:35 - 2018-12-18 10:35 - 000001539 _____ () C:\Users\Kenneth Rivalsi\AppData\Local\recently-used.xbel
2012-04-01 12:08 - 2014-08-10 21:54 - 000007603 _____ () C:\Users\Kenneth Rivalsi\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-02 21:35

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (80.5 KB, 3 views)
islavir is offline  
Old 02-03-2019, 02:07 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir. No worries.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {507341EF-9468-D082-B9D1-02A185889A47} => No File
    ContextMenuHandlers1-x32: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll -> No File
    ContextMenuHandlers2-x32: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll -> No File
    ContextMenuHandlers4-x32: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll -> No File
    Task: {0E9601B5-BE90-4B21-AE0E-474481FC3E53} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    FirewallRules: [{B01931EE-1FAD-4901-8B7A-0A2FB96FF79B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
    FirewallRules: [{136F6FD1-B45E-4E43-8F0B-9B8198E3CB2F}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
    FirewallRules: [{5632D4D2-F499-41A6-A06E-44FB316B335B}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
    FirewallRules: [{78C7F36B-B57E-4EEF-BFD3-873EEB70E51E}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
    FirewallRules: [{91B48878-CA53-4229-8CF4-DAAE93BEBF4D}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
    FirewallRules: [{9CD5774B-C2D6-4B4C-B7D3-19D9C582ABD1}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
    FirewallRules: [{E854B295-7630-42A0-ADDD-B4CBDF0EC186}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
    FirewallRules: [{95A4714B-F005-426E-B33B-FCFE8E9B22DE}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe No File
    FirewallRules: [{4ECD4870-497C-46C4-907F-77FCD0853DDB}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe No File
    FirewallRules: [{D709B5D4-CFC7-444A-A671-E677652D3B50}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe No File
    FirewallRules: [{2E12126D-F240-4624-BC34-0B8BC3B40B80}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
    FirewallRules: [{6A6D79A3-4F23-4016-9810-D80290B3BA36}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
    FirewallRules: [{8565219A-B312-44EC-8342-0281F4928052}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
    FirewallRules: [{D52C9194-0254-46FC-9262-0F14B48407BE}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
    FirewallRules: [{C64F81B6-E8F7-427B-BFB1-D31F52B72EC9}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe No File
    FirewallRules: [{7D0334E7-A11F-49A9-923F-D617C6BB75C3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
    FirewallRules: [{D2D61B7D-BFD9-4CAE-9123-F365795F4F5D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
    FirewallRules: [{9BB6A073-8DAF-4C46-AFD9-5311A3733010}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
    FirewallRules: [{A83E0C23-0780-4E45-AB52-FFDF3717F61D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
    FirewallRules: [{3BF8E095-CBE9-4ECA-A065-33C3709EFB15}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
    CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
    CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
    U3 idsvc; no ImagePath
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-04-2019, 06:33 AM   #7
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Kenneth Rivalsi (04-02-2019 09:03:41) Run:1
Running from C:\FRST
Loaded Profiles: Kenneth Rivalsi (Available Profiles: Kenneth Rivalsi & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {507341EF-9468-D082-B9D1-02A185889A47} => No File
ContextMenuHandlers1-x32: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll -> No File
ContextMenuHandlers2-x32: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll -> No File
ContextMenuHandlers4-x32: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll -> No File
Task: {0E9601B5-BE90-4B21-AE0E-474481FC3E53} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
FirewallRules: [{B01931EE-1FAD-4901-8B7A-0A2FB96FF79B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{136F6FD1-B45E-4E43-8F0B-9B8198E3CB2F}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
FirewallRules: [{5632D4D2-F499-41A6-A06E-44FB316B335B}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
FirewallRules: [{78C7F36B-B57E-4EEF-BFD3-873EEB70E51E}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
FirewallRules: [{91B48878-CA53-4229-8CF4-DAAE93BEBF4D}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
FirewallRules: [{9CD5774B-C2D6-4B4C-B7D3-19D9C582ABD1}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
FirewallRules: [{E854B295-7630-42A0-ADDD-B4CBDF0EC186}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
FirewallRules: [{95A4714B-F005-426E-B33B-FCFE8E9B22DE}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe No File
FirewallRules: [{4ECD4870-497C-46C4-907F-77FCD0853DDB}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe No File
FirewallRules: [{D709B5D4-CFC7-444A-A671-E677652D3B50}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe No File
FirewallRules: [{2E12126D-F240-4624-BC34-0B8BC3B40B80}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
FirewallRules: [{6A6D79A3-4F23-4016-9810-D80290B3BA36}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe No File
FirewallRules: [{8565219A-B312-44EC-8342-0281F4928052}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
FirewallRules: [{D52C9194-0254-46FC-9262-0F14B48407BE}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe No File
FirewallRules: [{C64F81B6-E8F7-427B-BFB1-D31F52B72EC9}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe No File
FirewallRules: [{7D0334E7-A11F-49A9-923F-D617C6BB75C3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe No File
FirewallRules: [{D2D61B7D-BFD9-4CAE-9123-F365795F4F5D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe No File
FirewallRules: [{9BB6A073-8DAF-4C46-AFD9-5311A3733010}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe No File
FirewallRules: [{A83E0C23-0780-4E45-AB52-FFDF3717F61D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe No File
FirewallRules: [{3BF8E095-CBE9-4ECA-A065-33C3709EFB15}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe No File
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
U3 idsvc; no ImagePath
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-2769849268-4207183726-1260941271-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Corel.Paint.Shop.Pro.Photo => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Corel.Paint.Shop.Pro.Photo => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Corel.Paint.Shop.Pro.Photo => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E9601B5-BE90-4B21-AE0E-474481FC3E53} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E9601B5-BE90-4B21-AE0E-474481FC3E53} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B01931EE-1FAD-4901-8B7A-0A2FB96FF79B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{136F6FD1-B45E-4E43-8F0B-9B8198E3CB2F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5632D4D2-F499-41A6-A06E-44FB316B335B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78C7F36B-B57E-4EEF-BFD3-873EEB70E51E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91B48878-CA53-4229-8CF4-DAAE93BEBF4D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9CD5774B-C2D6-4B4C-B7D3-19D9C582ABD1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E854B295-7630-42A0-ADDD-B4CBDF0EC186}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95A4714B-F005-426E-B33B-FCFE8E9B22DE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ECD4870-497C-46C4-907F-77FCD0853DDB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D709B5D4-CFC7-444A-A671-E677652D3B50}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E12126D-F240-4624-BC34-0B8BC3B40B80}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A6D79A3-4F23-4016-9810-D80290B3BA36}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8565219A-B312-44EC-8342-0281F4928052}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D52C9194-0254-46FC-9262-0F14B48407BE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C64F81B6-E8F7-427B-BFB1-D31F52B72EC9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D0334E7-A11F-49A9-923F-D617C6BB75C3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2D61B7D-BFD9-4CAE-9123-F365795F4F5D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BB6A073-8DAF-4C46-AFD9-5311A3733010}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A83E0C23-0780-4E45-AB52-FFDF3717F61D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BF8E095-CBE9-4ECA-A065-33C3709EFB15}" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 598675078 B
Java, Flash, Steam htmlcache => 1110 B
Windows/system/drivers => -233574 B
Edge => 5436807 B
Chrome => 636753671 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 29104 B
LocalService => 0 B
NetworkService => 19194 B
NetworkService => 0 B
Kenneth Rivalsi => 900309846 B
DefaultAppPool => 6656 B

RecycleBin => 3070923638 B
EmptyTemp: => 4.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:08:05 ====
islavir is offline  
Old 02-04-2019, 05:55 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, islavir. Any improvement in behavior? Still getting the popup?

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

I recommend installing BitDefender Anti-Ransomware. It's free and I use it on all my machines.

Download AntiRansomware and save it to your desktop.

Right-click BDAntiRansomwareSetup.exe > 'Run as administrator' and follow the prompts to install it.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mb3-setup-1878.1878-3.6.1.2711.exe and follow the prompts to install the program.
    • A 14 day trial of the Premium features(a full-fledged, real-time antivirus application) will be installed.
    • You may end the free trial later by going to Settings > Account Details > Deactivate Premium Trial > Yes > I don't need real-time protection > OK.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-05-2019, 05:21 AM   #9
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Hi Chemist -
1) Yes, the pop-ups still appear.
2) I use Norton Internet security. Is AntiRansomware compatible with Norton? Can I have both active on my PC at the same time?
3) When running EST, I did not see any option for UNticking "Clean Threats Automatically". Therefore I believe it cleaned it automatically.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/4/19
Scan Time: 9:20 PM
Log File: a6f9e90c-28ec-11e9-822c-c80aa9e24189.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.9120
License: Trial

-System Information-
OS: Windows 10 (Build 17134.523)
CPU: x64
File System: NTFS
User: laptop_2011\Kenneth Rivalsi

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 390221
Threats Detected: 8
Threats Quarantined: 8
Time Elapsed: 20 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.PullUpdate, C:\ProgramData\tgEjXMU\dat, Quarantined, [441], [301963],1.0.9120
PUP.Optional.PullUpdate, C:\PROGRAMDATA\TGEJXMU, Quarantined, [441], [301963],1.0.9120

File: 6
PUP.Optional.PullUpdate, C:\PROGRAMDATA\TGEJXMU\DAT\GUKCUD.EXE.CONFIG, Quarantined, [441], [301963],1.0.9120
PUP.Optional.PullUpdate, C:\ProgramData\tgEjXMU\dat\QAYiGwFkyhs.exe.config, Quarantined, [441], [301963],1.0.9120
PUP.Optional.PullUpdate, C:\ProgramData\tgEjXMU\info.dat, Quarantined, [441], [301963],1.0.9120
PUP.Optional.PullUpdate, C:\ProgramData\tgEjXMU\yekRgL.dat, Quarantined, [441], [301963],1.0.9120
PUP.Optional.PullUpdate, C:\ProgramData\tgEjXMU\yekRgL.exe.config, Quarantined, [441], [301963],1.0.9120
PUP.Optional.ASK, C:\WINDOWS\INSTALLER\2C33C71.MSI, Quarantined, [2], [113867],1.0.9120

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


********************
EST detailed log
********************
2/5/2019 6:09:54 AM
Files scanned: 779328
Infected files: 14
Cleaned threats: 14
Total scan time 05:58:24
Scan status: Finished
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\GenericAskToolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Kenneth Rivalsi\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\x3CF3EDNhm\DRIVERUPDATE-SETUP.EXE Win32/Slimware.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\faq_8A71AEBB623B46A0B934103F1A762800.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\FTsc_94F4507362A24B9B9BA6A29A1AFF037E.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut1_A47BC27445824FCF8A8FDFE7347B3885.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut_B53671B5D9A445549437680533116875.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\UninstallIcon.exe a variant of Win32/SlowPCfighter.A potentially unwanted application cleaned by deleting
islavir is offline  
Old 02-06-2019, 03:29 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Yes, BitDefender AntiRansomware and Norton are compatible.

Can you read everything it says behind the picture in the popup, where it says "files transmitted..."? If so, tell me what the entire message says.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-06-2019, 05:38 AM   #11
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Sorry but the text you see in the background is unrelated.
It was simply part of a valid email I had open.
See attached picture "email_background.jpg" please.
- Ken
Attached Thumbnails
Click image for larger version

Name:	email_background.JPG
Views:	3
Size:	30.6 KB
ID:	322810  
islavir is offline  
Old 02-06-2019, 05:59 AM   #12
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



I just got another popup Feb 6, 2019 at 8:51 am
Right after that, MalwareBytes said it blocked something.
See picture "20190206_0851am_popup_MalwareByes.jpg" for snapshot of MalwareBytes information.

Hope that helps a little bit.
Attached Thumbnails
Click image for larger version

Name:	20190206_0851am_popup_MalwareByes.JPG
Views:	17
Size:	29.4 KB
ID:	322812  
islavir is offline  
Old 02-06-2019, 06:56 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ken. Thanks for the info about that message. Makes sense now.

Also, sorry for the ESET instructions. They changed recently and I haven't updated my instructions.

Since you use Norton, I assumed you would opt out of the trial version of MBAM. MBAM is a full-fledged antivirus. You shouldn't have more than one running.

Nothing our tools detected seem related to the Chrome popups. You're not 'infected'.

MBAM detected an outgoing message, probably ad related, to events.pushtrack.co

You posted here about a Chrome notification popup from smartpackagetracker.com

Ever heard of tracking by websites you visit via Chrome? Google those 2 entries.

We're having several users complain of Chrome notification popups lately, but there really isn't anything we can do via our tools.

You may need to contact Google Chrome. I don't use Chrome, and never will, so I can't keep up with all the crap they do.

I need you to try something.

Let's see if disabling notifications and/or blocking sites will work:

https://support.google.com/chrome/answer/3220216

See here for blocking sites or apps from sending you notifications:

https://support.google.com/chrome/answer/3123708

Let me know if you are successful.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-06-2019, 08:20 PM   #14
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Hi Chemist -
I think you might be on to something with your recommendation about "Notifications by website".
I followed the instructions you provided and Notifications were ALLOWED for "smartpackagetracker". (Please see attached screenshot)

I disabled it and hopefully my issue will be gone.

I very much appreciate your diligence in helping me figure this out.
I will let you know if I still see the popups over the next day or two.

BTW, I removed MalwareBytes.

- regards, Ken
Attached Thumbnails
Click image for larger version

Name:	notifications_allowed.JPG
Views:	16
Size:	26.0 KB
ID:	322816  
islavir is offline  
Old 02-07-2019, 06:23 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ken.

So glad you tried that and let me know. I suspected that was the cause of the popups.

As far as MBAM, I probably wasn't clear. You didn't need to uninstall it. After opting out of the free trial, antivirus version, you can keep MBAM as an on-demand malware scanner. I have it on all my machines and scan with it regularly. I would advise you do the same, as it is a very powerful anti-malware tool.

Again, thanks for the reply, and let me know if they are truly gone.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-07-2019, 06:32 PM   #16
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Hi Chemist -
So far, 24 hours and no pop-ups.
Thanks again for your diligence.
Pretty sure, it is fixed.

For MBAM, I actually I did just disable it rather than uninstall it.
Keeping if for an occasional scan makes sense.

- best regards, Ken
islavir is offline  
Old 02-08-2019, 08:52 PM   #17
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Chemist -
48 hours and NO pop-ups. Looks good.
Thanks again.
- Ken
islavir is offline  
Old 02-08-2019, 09:28 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ken. You're very welcome!

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go Settings > Remove AdwCleaner > Remove

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-09-2019, 05:45 AM   #19
I helped the forums.
 
Join Date: Mar 2005
Location: Long Island, NY
Posts: 64
OS: Windows 10



Above suggestions have been done.
Please close this thread as a Success!
Thanks again.
islavir is offline  
Old 02-09-2019, 02:30 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Ken! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
popups and ads.
I am absolutely plagued by popups and ads etc. I have adblock and the option to stop popups in internet options is on 'high'. Any [email protected]
springgranddad4 Networking Support 4 01-28-2014 04:45 AM
Mozilla Firefox popups
Hello :wave: I'm getting some popups in firefox the few past days. I don't know how this happened. I've already scanned my notebook (full scan) with Malwarebytes Anti-Malware and Microsoft Security Essentials, but my notebook was clean. Its always the same popup that comes on the bottom of my...
IanHanssens Mozilla/Firefox Browsers 1 12-12-2012 05:09 AM
Failed to save System32 Popups Virus CANNOT access anything EVERYTHING is HIDDEN
Hi all, I have read some other threads of users that experienced a similar virus to this but mine seems a bit more complicated. I am using Windows XP on my laptop. I was searching old jeeps today in google and came upon a site I have never been to before. The loading page for this site took a...
ckdk0604 Inactive Malware Help Topics 78 01-08-2012 04:37 PM
Popups, redirects, reduced system performance, and blue screens...
So, I'm at school and I receive a text from my mother stating that she is receiving porn popups and that google results are sending her off to random pages. This isn't uncommon because no one in my family understands computers anymore than your average secretary (no offense, but let's be honest....
Phaaze Virus/Trojan/Spyware Help 43 09-20-2011 04:02 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:51 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts