Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Rogue Norton Utilities 16 Installer, Cannot Remove, Sys Restore Prevtd, Backup Failed

This is a discussion on Rogue Norton Utilities 16 Installer, Cannot Remove, Sys Restore Prevtd, Backup Failed within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I am running Windows Pro 7 Service Pack 1 with McAfee Live Safe antivirus and firewall on. Within the last


Closed Thread
 
Thread Tools Search this Thread
Old 10-27-2016, 11:18 AM   #1
Registered Member
 
Join Date: Mar 2010
Posts: 90
OS: Windows XP



I am running Windows Pro 7 Service Pack 1 with McAfee Live Safe antivirus and firewall on.

Within the last 7 days or so, a Norton Utilities 16 Installer program was downloaded to my system. I did not intentionally download from Symantec. I don't believe I downloaded as an option from a bundler. I suspect malware masquerading as NU16.

The only program I recall installing/updating last week was Java Runtime Environment SRE 11 directly from the java source site.

I may have updated Adobe Reader DC from the source site, a possible bundler. But currently they are only offering two other programs, plus I never accept the optional offers.

Problem: I cannot remove the Norton Utilities 16 Installer either with Norton Removal Tool or manually without all deletions returning upon reboot.

Symptoms:

Prompted daily to install, which I cancel. There is no option to click for "Do not ask again"
Norton Removal Tool will not run stating that NU has to be removed first.
Norton Utilities does not exist as a full install. Not listed in Programs.
The following was noticed in Task Manager:

Application: Setup - Norton Utilities 16
Processes: nu16esd_dlm.exe *32
File Location: C:/Programs Files (x86)/NortonWrapper/NSSWrap (However, this is not visible when accessing manually through Program Files (x86), even after changing the folder properties to show Hidden Files). Contents of folder:
commandline.txt
fallback.dat
ICFusionWrapper.dll
ICFusionWrapperHelper.exe
nu16esd_dlm.exe


I worked with Norton Chat support to attempt removal yesterda. Support attempted removal tool with no success. Also attempted to manually remove all Norton/Symantec registry entries, but they returned upon reboot.

I then attempted and was able to remove most registry entries on my own, including this specific entry:
Computer;HKEY_USERS\S-1-5-21-3634935726-1564049681-1090167109-1000/Software/Microsoft/Windows/RunOnce/
containing the value: C:\PROGRA~2\NORTON~1\NSSWrap\NU16ES~1.EXE

I have not seen the installer application in Task Manager since.

However, I was prevented from deleting these entries:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Schedule/CompatibilityAdapter/Signatures/Norton Product Installer.job
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Schedule/CompatibilityAdapter/Signatures/Norton Product Installer.job.fp
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Schedule/CompatibilityAdapter/Signatures/Norton Product InstallerIdle.job
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Schedule/CompatibilityAdapter/Signatures/Norton Product InstallerIdle.job.fp


Most entries in registry have returned as well the Norton Utilities Installer program has returned to desktop.

Other steps taken:

I have run a McAfee Virus & Spyware Scan with nothing found, Malwarebytes scan with nothing found and Microsoft Malware Removal Tool with 1 infection noted during scan, but log showed no infections when complete. I don't know what it found.

Other symptoms:

Dell Backup & Recovery Sync warning says the program has failed and not running. I have not performed a back up yet. (I know).

I have attempted three times to perform system restore to my oldest restore point, twice in Normal Mode and once in Safe Mode. Upon reboot, sys restore says it did not complete, suggesting it might be caused by antivirus running. The last two attempts I specifically turned off antivirus for good.


Second problem: Through investigation, I discovered I have folders for PC Doctor and PCDr in my ProgramData folder. These were unknown to me.

Followed all steps outlined here: hxxps://malwaretips.com/blogs/remove-pc-doctor-virus/
Cannot remove these programs in Add/Remove Programs - they are not listed.
Have not attempted to delete the folders yet.

dds.txt (pre Microsoft Malware Removal) and dds2.txt (post Microsoft Malware Removal follow below. attach.txt and attach2.txt uploaded respectively.

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18500 BrowserJavaVersion: 11.111.2
Run by Main at 13:18:16 on 2016-10-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8143.3973 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\idafserverhostservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\Compliance.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\disknet.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Watchdog\EPWD.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Users\Main\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Users\Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Main\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\3DCompliance.exe
C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\bin\EPLauncher.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Main\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\bin\cptray.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\ServiceRequest.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_205_ActiveX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
C:\Windows\system32\PrintIsolationHost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWinlogon: Shell = -
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Line2] "C:\Program Files (x86)\Line2\Line2.exe"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Dropbox Update] "C:\Users\Main\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [DropboxOEM] "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe" auto
mRun: [Check Point Endpoint Security 3D Compliance] "C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\3DCompliance.exe"
mRun: [Check Point Endpoint Security Tray 3.0] "C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\Bin\EPLauncher.exe" /0
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [SymInstallStub] C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe /partnerid=adobe /productlist=nu /staging=false /delay=5 /launchedby=3
StartupFolder: C:\Users\Main\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Main\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableUIPI = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: nationallife.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.nationallife.com/Scripts/Secure/smsx.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxps://onbase.nationallife.com/nl/activex/OBXPopup.cab
DPF: {C143E92C-DFB6-41A6-B393-5C4141C4E17D} - hxxps://onbase.nationallife.com/nl/activex/OBXWebSelect.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP20-10086/training/ieatgpc1.cab
DPF: {FD8BD238-CD00-4995-817A-62E6F1A6B782} - hxxps://onbase.nationallife.com/nl/activex/OBXWebViewer.cab
TCP: NameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{577E58D4-D6E4-4993-8F2E-49820B3B1A88} : DHCPNameServer = 24.92.226.11 24.92.226.12
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\k4lbwzmo.default-1477501070505\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Main\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Main\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DNPFW;Disknet Pro Device Firewall Driver;C:\Windows\System32\drivers\dnpfw.sys [2014-7-16 42800]
R0 dvrem;Check Point ESME Client EPM Driver;C:\Windows\System32\drivers\dvrem.sys [2014-7-16 68912]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-7-24 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-7-24 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-24 20464]
R0 KAEON;KAEon CD/DVD Writing Filter Driver;C:\Windows\System32\drivers\kaeon.sys [2014-7-16 45360]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 843048]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 243488]
R0 PSG;Check Point Media Encryption PSG;C:\Windows\System32\drivers\psg.sys [2014-7-16 73008]
R0 rmm;Check Point ESME Client RMM Driver;C:\Windows\System32\drivers\rmm.sys [2014-7-16 33072]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
R1 MeDlpFlt;MeDlpFlt;C:\Windows\System32\drivers\MeDlpFlt.sys [2014-11-13 130560]
R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;C:\Windows\System32\drivers\rxaes100.sys [2014-7-16 61744]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-9-15 669872]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-7-24 98208]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2207960]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-12-27 204928]
R2 Check Point Device Auxiliary Framework;Check Point Device Auxiliary Framework;C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\IDAFServerHostService.exe [2013-8-29 217104]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-12-17 3037424]
R2 CPCompliance;Check Point Endpoint Security Compliance;C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\Compliance.exe [2014-5-25 1967632]
R2 CPDA;Check Point Endpoint Agent;C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe [2014-6-12 1343528]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-6-23 2572024]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2016-6-23 202488]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DisknetClient;Check Point ESME Client;C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\disknet.exe [2014-7-16 24266792]
R2 EPWD;Check Point Endpoint Client Watchdog;C:\Program Files (x86)\CheckPoint\Endpoint Security\Watchdog\EPWD.exe [2014-6-18 282664]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2016-10-26 135496]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-6 15344]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2014-7-25 2451456]
R2 Intel(R) ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-2-19 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-2-19 154584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2016-10-10 166152]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2012-11-30 993824]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe [2016-5-31 1910000]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe [2015-6-17 382456]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-7-25 277744]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe [2016-4-17 1454216]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-5-17 1045336]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-7-24 224840]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2016-1-5 2065808]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2016-9-9 31704]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-12-27 327296]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-7-25 81536]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-12-27 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-12-27 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-12-27 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-12-27 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-12-27 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-12-27 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-12-27 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-12-27 551552]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 78632]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2016-1-5 32464]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2016-1-5 24240]
R3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-1-17 174368]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-24 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-24 786416]
R3 mevdbus;Check Point Media Encryption Disk Dynamic Bus Enumerator;C:\Windows\System32\drivers\mevdbus.sys [2014-6-1 33040]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 419616]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 349480]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2014-7-25 232688]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 493352]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2016-8-1 519456]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-10-10 46240]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-7-24 252048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-24 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2015-4-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-7-27 207968]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-10-11 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2014-7-25 334760]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2016-8-1 100136]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-19 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2016-10-26 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-25 1255736]
S4 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
.
=============== Created Last 30 ================
.
2016-10-27 16:08:40 -------- d-----w- C:\CheckPoint
2016-10-26 19:51:50 -------- d-----w- C:\ProgramData\Symantec
2016-10-26 17:12:44 -------- d-----w- C:\Program Files\HitmanPro
2016-10-26 17:12:06 -------- d-----w- C:\ProgramData\HitmanPro
2016-10-26 16:59:49 -------- d-----w- C:\AdwCleaner
2016-10-26 16:58:03 -------- d-----w- C:\ProgramData\PCDr
2016-10-26 16:54:50 -------- d-----w- C:\Users\Main\AppData\Local\VS Revo Group
2016-10-26 16:54:47 -------- d-----w- C:\ProgramData\VS Revo Group
2016-10-26 16:54:46 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-10-26 16:54:46 -------- d-----w- C:\Program Files\VS Revo Group
2016-10-21 18:12:00 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-12 02:58:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
2016-10-12 02:58:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2016-10-11 22:18:10 -------- d-----w- C:\Users\Main\AppData\Roaming\Product_NU16
2016-10-07 18:45:17 -------- dc-h--w- C:\ProgramData\{A328A61B-C332-4C8C-A740-42F7F71DC398}
2016-09-30 23:36:16 229048 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2016-09-30 23:36:16 229048 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-09-29 23:43:15 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2016-09-29 23:43:12 -------- d-----w- C:\Program Files\Dell Support Center
.
==================== Find3M ====================
.
2016-10-26 11:10:05 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-10-26 11:10:05 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-30 15:37:00 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-30 15:20:30 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-09-30 15:20:30 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-09-30 06:41:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-09-30 06:40:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-09-30 06:26:31 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-30 06:25:48 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-09-30 06:25:42 417792 ----a-w- C:\Windows\System32\html.iec
2016-09-30 06:25:17 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-09-30 06:25:13 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-09-30 06:13:03 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-09-30 06:13:02 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-30 06:12:50 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-09-30 06:09:41 6048256 ----a-w- C:\Windows\System32\jscript9.dll
2016-09-30 06:05:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-09-30 05:55:00 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-09-30 05:54:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-09-30 05:42:47 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-09-30 05:42:45 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-30 05:42:09 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-09-30 05:42:01 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-09-30 05:41:14 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-09-30 05:32:38 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-09-30 05:32:21 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-09-30 05:31:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-09-30 05:31:14 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-09-30 05:19:54 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-09-30 05:17:38 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-09-30 05:12:59 4608512 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-09-30 05:05:17 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-30 05:05:00 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-09-30 04:46:52 2444288 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-09-15 15:30:46 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-09-15 15:30:46 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-09-15 15:15:01 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-09-15 15:15:01 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2016-09-12 21:13:48 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-09-12 21:13:48 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-09-12 20:49:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-09-12 20:39:22 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-09-12 20:37:24 3218944 ----a-w- C:\Windows\System32\win32k.sys
2016-09-12 20:32:44 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-12 20:32:11 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-12 20:32:09 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-12 20:31:28 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-09-12 20:29:45 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-09-12 20:25:30 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-09-12 19:08:46 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2016-09-12 18:43:15 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2016-09-12 18:43:14 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2016-09-10 16:19:03 3649536 ----a-w- C:\Windows\System32\MSVidCtl.dll
2016-09-10 15:53:43 2291712 ----a-w- C:\Windows\SysWow64\MSVidCtl.dll
2016-09-09 18:29:09 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-09 18:26:01 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-09 18:23:54 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-09 18:01:23 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-09 18:00:02 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-09-09 18:00:02 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-09-09 18:00:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-09-09 17:51:58 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-09-09 17:51:54 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-09-09 17:51:53 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-09-09 17:48:09 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-09-09 17:47:17 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-09-09 17:43:16 112640 ----a-w- C:\Windows\System32\smss.exe
2016-09-09 17:38:14 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-09-09 17:38:13 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-09-09 17:38:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-09-09 17:38:12 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-09-09 17:37:20 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-09-09 17:37:20 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-09 17:37:20 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-09 17:37:20 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-09-08 20:34:27 263680 ----a-w- C:\Windows\System32\WebClnt.dll
2016-09-08 20:34:15 108544 ----a-w- C:\Windows\System32\davclnt.dll
2016-09-08 20:34:14 208896 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2016-09-08 20:34:01 87040 ----a-w- C:\Windows\SysWow64\davclnt.dll
2016-09-08 14:55:15 142336 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2016-09-08 14:55:13 106496 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2016-08-16 17:36:50 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-08-16 02:48:15 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-08-12 17:02:26 12574720 ----a-w- C:\Windows\System32\wmploc.DLL
2016-08-12 17:02:24 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2016-08-12 17:02:24 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2016-08-12 17:02:21 9728 ----a-w- C:\Windows\System32\spwmp.dll
2016-08-12 16:47:20 12574208 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2016-08-12 16:46:55 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-08-12 16:31:37 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2016-08-12 16:31:37 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2016-08-12 16:31:35 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2016-08-12 16:26:56 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2016-08-12 16:26:18 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-08-12 16:26:12 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-08-12 16:26:05 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-08-06 15:31:32 310784 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2016-08-06 15:31:32 2023424 ----a-w- C:\Windows\System32\WsmSvc.dll
2016-08-06 15:31:31 54272 ----a-w- C:\Windows\System32\WsmRes.dll
2016-08-06 15:31:31 347136 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
.
============= FINISH: 13:18:22.24 ===============


dds2.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18500 BrowserJavaVersion: 11.111.2
Run by Main at 13:18:16 on 2016-10-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8143.3973 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\idafserverhostservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\Compliance.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\disknet.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Watchdog\EPWD.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Users\Main\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Users\Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Main\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\3DCompliance.exe
C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\bin\EPLauncher.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Main\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\bin\cptray.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\ServiceRequest.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_205_ActiveX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
C:\Windows\system32\PrintIsolationHost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWinlogon: Shell = -
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Line2] "C:\Program Files (x86)\Line2\Line2.exe"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Dropbox Update] "C:\Users\Main\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Main\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [DropboxOEM] "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe" auto
mRun: [Check Point Endpoint Security 3D Compliance] "C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\3DCompliance.exe"
mRun: [Check Point Endpoint Security Tray 3.0] "C:\Program Files (x86)\Common Files\Check Point\UIFramework 3.0\Bin\EPLauncher.exe" /0
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [SymInstallStub] C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe /partnerid=adobe /productlist=nu /staging=false /delay=5 /launchedby=3
StartupFolder: C:\Users\Main\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Main\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableUIPI = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: nationallife.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.nationallife.com/Scripts/Secure/smsx.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxps://onbase.nationallife.com/nl/activex/OBXPopup.cab
DPF: {C143E92C-DFB6-41A6-B393-5C4141C4E17D} - hxxps://onbase.nationallife.com/nl/activex/OBXWebSelect.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP20-10086/training/ieatgpc1.cab
DPF: {FD8BD238-CD00-4995-817A-62E6F1A6B782} - hxxps://onbase.nationallife.com/nl/activex/OBXWebViewer.cab
TCP: NameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{577E58D4-D6E4-4993-8F2E-49820B3B1A88} : DHCPNameServer = 24.92.226.11 24.92.226.12
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\k4lbwzmo.default-1477501070505\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Main\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Main\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DNPFW;Disknet Pro Device Firewall Driver;C:\Windows\System32\drivers\dnpfw.sys [2014-7-16 42800]
R0 dvrem;Check Point ESME Client EPM Driver;C:\Windows\System32\drivers\dvrem.sys [2014-7-16 68912]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-7-24 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-7-24 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-24 20464]
R0 KAEON;KAEon CD/DVD Writing Filter Driver;C:\Windows\System32\drivers\kaeon.sys [2014-7-16 45360]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 843048]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 243488]
R0 PSG;Check Point Media Encryption PSG;C:\Windows\System32\drivers\psg.sys [2014-7-16 73008]
R0 rmm;Check Point ESME Client RMM Driver;C:\Windows\System32\drivers\rmm.sys [2014-7-16 33072]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
R1 MeDlpFlt;MeDlpFlt;C:\Windows\System32\drivers\MeDlpFlt.sys [2014-11-13 130560]
R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;C:\Windows\System32\drivers\rxaes100.sys [2014-7-16 61744]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-9-15 669872]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-7-24 98208]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2207960]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-12-27 204928]
R2 Check Point Device Auxiliary Framework;Check Point Device Auxiliary Framework;C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\IDAFServerHostService.exe [2013-8-29 217104]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-12-17 3037424]
R2 CPCompliance;Check Point Endpoint Security Compliance;C:\Program Files (x86)\CheckPoint\Endpoint Security\Compliance\Compliance.exe [2014-5-25 1967632]
R2 CPDA;Check Point Endpoint Agent;C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe [2014-6-12 1343528]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-6-23 2572024]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2016-6-23 202488]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DisknetClient;Check Point ESME Client;C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\disknet.exe [2014-7-16 24266792]
R2 EPWD;Check Point Endpoint Client Watchdog;C:\Program Files (x86)\CheckPoint\Endpoint Security\Watchdog\EPWD.exe [2014-6-18 282664]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2016-10-26 135496]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-6 15344]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2014-7-25 2451456]
R2 Intel(R) ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-2-19 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-2-19 154584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2016-10-10 166152]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2012-11-30 993824]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe [2016-5-31 1910000]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe [2015-6-17 382456]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-7-25 277744]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe [2016-4-17 1454216]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-5-17 1045336]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-7-24 224840]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2016-1-5 2065808]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2016-9-9 31704]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-12-27 327296]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-7-25 81536]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-12-27 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-12-27 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-12-27 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-12-27 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-12-27 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-12-27 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-12-27 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-12-27 551552]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 78632]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2016-1-5 32464]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2016-1-5 24240]
R3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-1-17 174368]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-24 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-24 786416]
R3 mevdbus;Check Point Media Encryption Disk Dynamic Bus Enumerator;C:\Windows\System32\drivers\mevdbus.sys [2014-6-1 33040]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 419616]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 349480]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2014-7-25 232688]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 493352]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2016-8-1 519456]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-10-10 46240]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-7-24 252048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-24 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2015-4-9 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-7-27 207968]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-10-11 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2014-7-25 334760]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2016-8-1 100136]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-19 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2016-10-26 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-25 1255736]
S4 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-7-25 596768]
.
=============== Created Last 30 ================
.
2016-10-27 16:08:40 -------- d-----w- C:\CheckPoint
2016-10-26 19:51:50 -------- d-----w- C:\ProgramData\Symantec
2016-10-26 17:12:44 -------- d-----w- C:\Program Files\HitmanPro
2016-10-26 17:12:06 -------- d-----w- C:\ProgramData\HitmanPro
2016-10-26 16:59:49 -------- d-----w- C:\AdwCleaner
2016-10-26 16:58:03 -------- d-----w- C:\ProgramData\PCDr
2016-10-26 16:54:50 -------- d-----w- C:\Users\Main\AppData\Local\VS Revo Group
2016-10-26 16:54:47 -------- d-----w- C:\ProgramData\VS Revo Group
2016-10-26 16:54:46 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-10-26 16:54:46 -------- d-----w- C:\Program Files\VS Revo Group
2016-10-21 18:12:00 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-12 02:58:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
2016-10-12 02:58:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2016-10-11 22:18:10 -------- d-----w- C:\Users\Main\AppData\Roaming\Product_NU16
2016-10-07 18:45:17 -------- dc-h--w- C:\ProgramData\{A328A61B-C332-4C8C-A740-42F7F71DC398}
2016-09-30 23:36:16 229048 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2016-09-30 23:36:16 229048 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-09-29 23:43:15 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2016-09-29 23:43:12 -------- d-----w- C:\Program Files\Dell Support Center
.
==================== Find3M ====================
.
2016-10-26 11:10:05 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-10-26 11:10:05 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-30 15:37:00 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-30 15:20:30 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-09-30 15:20:30 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-09-30 06:41:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-09-30 06:40:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-09-30 06:26:31 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-30 06:25:48 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-09-30 06:25:42 417792 ----a-w- C:\Windows\System32\html.iec
2016-09-30 06:25:17 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-09-30 06:25:13 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-09-30 06:13:03 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-09-30 06:13:02 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-30 06:12:50 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-09-30 06:09:41 6048256 ----a-w- C:\Windows\System32\jscript9.dll
2016-09-30 06:05:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-09-30 05:55:00 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-09-30 05:54:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-09-30 05:42:47 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-09-30 05:42:45 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-30 05:42:09 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-09-30 05:42:01 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-09-30 05:41:14 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-09-30 05:32:38 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-09-30 05:32:21 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-09-30 05:31:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-09-30 05:31:14 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-09-30 05:19:54 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-09-30 05:17:38 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-09-30 05:12:59 4608512 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-09-30 05:05:17 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-30 05:05:00 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-09-30 04:46:52 2444288 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-09-15 15:30:46 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-09-15 15:30:46 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-09-15 15:15:01 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-09-15 15:15:01 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2016-09-12 21:13:48 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-09-12 21:13:48 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-09-12 20:49:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-09-12 20:39:22 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-09-12 20:37:24 3218944 ----a-w- C:\Windows\System32\win32k.sys
2016-09-12 20:32:44 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-12 20:32:11 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-12 20:32:09 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-12 20:31:28 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-09-12 20:29:45 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-09-12 20:25:30 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-09-12 19:08:46 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2016-09-12 18:43:15 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2016-09-12 18:43:14 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2016-09-10 16:19:03 3649536 ----a-w- C:\Windows\System32\MSVidCtl.dll
2016-09-10 15:53:43 2291712 ----a-w- C:\Windows\SysWow64\MSVidCtl.dll
2016-09-09 18:29:09 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-09 18:26:01 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-09 18:23:54 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-09 18:01:23 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-09 18:00:02 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-09-09 18:00:02 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-09-09 18:00:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-09-09 17:51:58 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-09-09 17:51:54 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-09-09 17:51:53 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-09-09 17:48:09 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-09-09 17:47:17 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-09-09 17:43:16 112640 ----a-w- C:\Windows\System32\smss.exe
2016-09-09 17:38:14 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-09-09 17:38:13 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-09-09 17:38:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-09-09 17:38:12 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-09-09 17:37:20 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-09-09 17:37:20 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-09 17:37:20 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-09 17:37:20 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-09-08 20:34:27 263680 ----a-w- C:\Windows\System32\WebClnt.dll
2016-09-08 20:34:15 108544 ----a-w- C:\Windows\System32\davclnt.dll
2016-09-08 20:34:14 208896 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2016-09-08 20:34:01 87040 ----a-w- C:\Windows\SysWow64\davclnt.dll
2016-09-08 14:55:15 142336 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2016-09-08 14:55:13 106496 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2016-08-16 17:36:50 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-08-16 02:48:15 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-08-12 17:02:26 12574720 ----a-w- C:\Windows\System32\wmploc.DLL
2016-08-12 17:02:24 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2016-08-12 17:02:24 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2016-08-12 17:02:21 9728 ----a-w- C:\Windows\System32\spwmp.dll
2016-08-12 16:47:20 12574208 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2016-08-12 16:46:55 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-08-12 16:31:37 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2016-08-12 16:31:37 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2016-08-12 16:31:35 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2016-08-12 16:26:56 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2016-08-12 16:26:18 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-08-12 16:26:12 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-08-12 16:26:05 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-08-06 15:31:32 310784 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2016-08-06 15:31:32 2023424 ----a-w- C:\Windows\System32\WsmSvc.dll
2016-08-06 15:31:31 54272 ----a-w- C:\Windows\System32\WsmRes.dll
2016-08-06 15:31:31 347136 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
.
============= FINISH: 13:18:22.24 ===============
Attached Files
File Type: txt attach.txt (17.8 KB, 26 views)
File Type: txt Attach2.txt (17.8 KB, 206 views)
tomzak2000 is offline  
Sponsored Links
Advertisement
 
Old 10-28-2016, 08:26 AM   #2
Registered Member
 
Join Date: Mar 2010
Posts: 90
OS: Windows XP



Found this on my screen this morning. See attached.
Attached Thumbnails
Click image for larger version

Name:	Untitled2.jpg
Views:	230
Size:	157.6 KB
ID:	295329  
tomzak2000 is offline  
Old 10-28-2016, 10:55 AM   #3
Registered Member
 
Join Date: Mar 2010
Posts: 90
OS: Windows XP



I think I solved this.
tomzak2000 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Factory Restore your Computer
How to Factory Restore your Computer This tutorial will guide you on how to do a system restore on your Windows computer. Below make sure you read and follow only the tutorial that matches your computer. If an error occurs during the restore process, stop the process and post in the appropriate...
Masterchiefxx17 Windows XP Support 0 03-24-2012 08:11 PM
How to Factory Restore your Computer
How to Factory Restore your Computer This tutorial will guide you on how to do a system restore on your Windows computer. Below make sure you read and follow only the tutorial that matches your computer. If an error occurs during the restore process, stop the process and post in the appropriate...
Masterchiefxx17 Windows 7 , Windows Vista Support 0 03-24-2012 08:11 PM
DirectX 11 massive issue
Hi guys, I recently fixed a sound problem which has been occurring on my PC but along the way, it was suggested to me that I remove DirectX 11 as this may be causing an issue with my sound card. I'll give you an idea of how I uninstalled DirectX 11 - like this: How to Uninstall DirectX 11 |...
deltaaa Driver Support 13 12-29-2011 04:56 PM
Virus/Trojan/spyware
I keep getting popups telling me to scan my computer, it's infected with trojans and malware. I didn't click on anything but I really don't know how long this has been happing because my grandaughter and husband use the computer everyday. My husband told me he was getting pop ups and that we needed...
kmel2u Resolved HJT Threads 29 12-18-2011 08:23 PM
[SOLVED] VCExpress Problem, Probably AppData\Permissions Problem?
I think it should be related to this forum because I think the problem is something with AppData \ Permissions which is related to Windows 7. I'm having a problem while running\installing Visual C++. The problem started 2 days ago, it did work before. When I'm trying to run I'm getting this...
benben12 Windows 7 , Windows Vista Support 8 02-09-2011 12:45 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts