1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Seguarzo

Discussion in 'Virus & Other Malware Removal' started by londo, Mar 21, 2020.

Advertisement
  1. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    I didn't down load this but it keeps coming up to say it found trojans. It says it's unregistered. Norton hasn't flagged, but should I uninstall this?
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,774
    First Name:
    Karen
    I think you mean Segurazo and it's malware so I'll move this to the Virus & Other Malware Removal forum.
     
  3. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    I tried uninstalling it but it's still there!
     
  4. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    I found a reference to something called MBAM that might help. How can I download it?
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,774
    First Name:
    Karen
    Wait for one of our Malware Specialists to help you.
     
  6. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    97
    Hello, londo.

    Please download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button and wait for a while.
    • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt. Please copy and paste the content of these two logs in your next reply.

    NOTES:

    1. Do not run any tool unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

    2. Always ask before act. Do not continue if you are not sure, or if something unexpected happens.
     
  7. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-03-2020
    Ran by baltar (21-03-2020 17:42:14)
    Running from C:\Users\baltar\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2015-08-29 01:51:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3440046686-3313208431-1811527676-500 - Administrator - Disabled) => C:\Users\Administrator
    baltar (S-1-5-21-3440046686-3313208431-1811527676-1000 - Administrator - Enabled) => C:\Users\baltar
    Guest (S-1-5-21-3440046686-3313208431-1811527676-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3440046686-3313208431-1811527676-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Norton 360 (Enabled - Up to date) {AA43507E-C04B-3762-B41C-BC76F4531830}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.344 - Adobe)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Azkend 2: The World Beneath (HKLM-x32\...\WTA-1fc6b1b3-459e-46d4-89b4-60ffde718a9b) (Version: 2.2.0.98 - WildTangent) Hidden
    Barn Yarn Collector's Edition (HKLM-x32\...\WTA-120144e2-fc5e-4876-b688-b05cc2b99714) (Version: 3.0.2.48 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Coyote The Outlander (HKLM-x32\...\WTA-bb5e581a-e816-4964-8622-16c6c9ff8366) (Version: 3.0.2.59 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3606 - CyberLink Corp.)
    Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-0fb3fcfc-fdb9-4ef6-a5e6-8377a1389f83) (Version: 3.0.2.59 - WildTangent) Hidden
    DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Entwined: The Perfect Murder (HKLM-x32\...\WTA-08b41d5b-af68-42a0-955f-eff8cfced21a) (Version: 3.0.2.59 - WildTangent) Hidden
    Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Hidden Odyssey 2 in 1 Pack (HKLM-x32\...\WTA-92b143ee-af99-4fdb-9484-49d8b43fd01e) (Version: 3.0.2.59 - WildTangent) Hidden
    Home Makeover (HKLM-x32\...\WTA-1273194b-8d40-4225-90bf-26f53c6dab09) (Version: 3.0.2.59 - WildTangent) Hidden
    HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
    HP Documentation (HKLM-x32\...\{E0E6FBA2-BF5B-4B79-9066-2BB5FA41291B}) (Version: 1.4.0.0 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.8.24.33 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.14.49.15 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-37b94a3c-3c4e-4ad1-919e-5dfca47f5ca0) (Version: 3.0.2.59 - WildTangent) Hidden
    Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-31301147-9a71-46aa-b2b2-dc372562b897) (Version: 3.0.2.59 - WildTangent) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.27.1012 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.3.60 - Intel Corporation)
    Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-0c9bd3e4-d8d2-4d5f-be4e-f5fbd5b29d06) (Version: 3.0.2.59 - WildTangent) Hidden
    Magic Heroes: Save Our Park (HKLM-x32\...\WTA-fa71c8ee-ee37-4e74-8c38-49d1c84ddda4) (Version: 3.0.2.59 - WildTangent) Hidden
    Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
    Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-1b4901f7-a3e6-4b94-89e0-528f30c79979) (Version: 3.0.2.59 - WildTangent) Hidden
    Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 74.0 (x64 en-US) (HKLM\...\Mozilla Firefox 74.0 (x64 en-US)) (Version: 74.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 74.0.0.7373 - Mozilla)
    Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-75031f3f-e8ca-4d5e-a360-eb08a36523a4) (Version: 3.0.2.59 - WildTangent) Hidden
    Norton 360 (HKLM-x32\...\NGC) (Version: 22.20.1.69 - Symantec Corporation)
    NVIDIA Graphics Driver 335.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.58 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
    Plagiarii (HKLM-x32\...\WTA-e3ca6e23-1515-4d06-8b15-517e8eebc645) (Version: 3.0.2.59 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-3ff833b6-958c-4563-8537-b98de83eb1b5) (Version: 3.0.2.59 - WildTangent) Hidden
    PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 200204 - Kakao Corp.)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30176 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
    Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6704 - CyberLink Corp.) Hidden
    Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
    Royal Envoy Double Pack (HKLM-x32\...\WTA-6754fdaf-74aa-4b3e-b3c8-5a6d401f6cae) (Version: 3.0.2.59 - WildTangent) Hidden
    Runefall (HKLM-x32\...\WTA-61f7ca97-6198-42f2-913c-7cfcbc9e856c) (Version: 3.0.2.126 - WildTangent) Hidden
    Rush Hour! Gas Station (HKLM-x32\...\WTA-0c0d3595-c52e-4680-b588-f1c319db1a19) (Version: 3.0.2.59 - WildTangent) Hidden
    SAntivirus Realtime Protection Lite (HKLM-x32\...\SAntivirus) (Version: 1.0.21.34 - Digital Com. Inc) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sky High Farm (HKLM-x32\...\WTA-84053d10-b2b8-4a84-b458-590a60a6c828) (Version: 3.0.2.59 - WildTangent) Hidden
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-a0edf6fc-3d17-4cb3-a10b-490a2069e254) (Version: 3.0.2.51 - WildTangent) Hidden
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-12-06] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Incorporated -> Foxit Software Inc.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll -> No File
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll -> No File
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-12-06] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
    ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll -> No File
    ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll -> No File
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2014-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll -> No File
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll -> No File

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2015-07-01 14:13 - 2014-06-11 00:53 - 000423936 _____ (Hewlett-Packard) [File not signed] C:\windows\System32\hpbprtmon.dll
    2014-06-11 00:53 - 2014-06-11 00:53 - 000442880 _____ (Hewlett-Packard) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\hpbxjobsvr1401.dll
    2015-07-01 14:09 - 2015-08-29 19:30 - 000074240 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
    2019-03-28 00:34 - 2019-03-28 00:34 - 000130560 _____ (Microsoft Corporation) [File not signed] C:\windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    2015-07-01 14:11 - 2013-04-02 02:19 - 000574464 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\windows\system32\Rtlihvs.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000\...\researchnow.com -> hxxp://surveymyopinion.researchnow.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 ____N C:\windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\
    HKU\S-1-5-21-3440046686-3313208431-1811527676-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\baltar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    HKU\S-1-5-21-3440046686-3313208431-1811527676-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
    FirewallRules: [{7FC76C23-7A81-4B3D-9AA4-12C5B6F61145}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{E6F586F0-0877-43D4-A275-A8F46A88A27D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{BD73D1AB-74D4-4F64-8C64-88B434979478}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{44A6E2B5-745D-4551-92D9-32184FA8E2BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{19AD8614-3069-4B4A-A421-29525B9292B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{B4949A0F-AA5A-4A4B-84FC-89E6D85DD997}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{6FA1684A-E6A5-4A7B-A3DD-382E71995095}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{09025C17-7184-4F44-A4F1-460EC66387C3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
    FirewallRules: [{28527F66-3B01-4622-8FB5-AEBF2C140F82}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E98AD6FF-0FC6-4775-AC21-D5B604639052}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{26851BDE-F925-44FC-B206-9F440E278964}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{9E12F734-F563-45AA-B646-7D4281704AB3}] => (Allow) C:\Users\baltar\AppData\Local\Temp\7zSEA7D.tmp\SymNRT.exe No File
    FirewallRules: [{8D71697B-F1D9-47DA-8549-CA8E5320B373}] => (Allow) C:\Users\baltar\AppData\Local\Temp\7zSEA7D.tmp\SymNRT.exe No File
    FirewallRules: [{7A2714ED-CADF-44C8-BA59-ABEC8CB9B845}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe (Kakao corp. -> Kakao)
    FirewallRules: [{6C2DF6F6-B2F4-4679-B5B4-2E752D028154}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe (Kakao corp. -> Kakao)

    ==================== Restore Points =========================

    20-03-2020 03:02:03 Windows Update
    21-03-2020 03:00:36 Windows Update

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (03/21/2020 05:44:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (03/21/2020 05:43:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (03/21/2020 05:42:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (03/21/2020 05:40:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (03/21/2020 05:39:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (03/21/2020 05:38:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (03/21/2020 05:37:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (03/21/2020 05:36:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
    Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.


    System errors:
    =============
    Error: (03/21/2020 05:44:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error

    Error: (03/21/2020 05:43:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error

    Error: (03/21/2020 05:42:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error

    Error: (03/21/2020 05:41:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error

    Error: (03/21/2020 05:40:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error

    Error: (03/21/2020 05:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error

    Error: (03/21/2020 05:38:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error

    Error: (03/21/2020 05:37:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WMI Performance Adapter service terminated with the following error:
    Unspecified error


    ==================== Memory info ===========================

    BIOS: AMI 80.01 10/21/2014
    Motherboard: Hewlett-Packard 2B2C
    Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
    Percentage of memory in use: 83%
    Total physical RAM: 8130.2 MB
    Available physical RAM: 1323.44 MB
    Total Virtual: 16258.54 MB
    Available Virtual: 8730.16 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:913.88 GB) (Free:434.54 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:17.41 GB) (Free:2.16 GB) NTFS
    Drive f: (My Passport) (Fixed) (Total:4657.49 GB) (Free:2314.03 GB) NTFS
    Drive g: (My Passport) (Fixed) (Total:3725.99 GB) (Free:54.63 GB) NTFS
    Drive h: () (Fixed) (Total:3725.99 GB) (Free:295.07 GB) NTFS
    Drive i: (My Passport) (Fixed) (Total:931.49 GB) (Free:98.71 GB) NTFS
    Drive j: (My Passport) (Fixed) (Total:3725.99 GB) (Free:165.09 GB) NTFS
    Drive k: (My Passport) (Fixed) (Total:931.48 GB) (Free:83.82 GB) NTFS
    Drive l: (My Passport) (Fixed) (Total:2794.49 GB) (Free:713.89 GB) NTFS
    Drive m: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:232.59 GB) NTFS
    Drive n: (My Passport) (Fixed) (Total:1862.98 GB) (Free:40.27 GB) NTFS
    Drive o: (My Passport) (Fixed) (Total:3725.99 GB) (Free:60.23 GB) NTFS
    Drive p: (SimpleDrive) (Fixed) (Total:149.05 GB) (Free:122.47 GB) NTFS
    Drive r: (My Passport) (Fixed) (Total:931.49 GB) (Free:63.21 GB) NTFS
    Drive s: (My Passport) (Fixed) (Total:1862.98 GB) (Free:31.39 GB) NTFS
    Drive t: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:36.86 GB) NTFS
    Drive u: (My Passport) (Fixed) (Total:2794.49 GB) (Free:197.75 GB) NTFS
    Drive v: (My Passport) (Fixed) (Total:931.48 GB) (Free:48.13 GB) NTFS
    Drive w: (My Passport) (Fixed) (Total:1862.98 GB) (Free:47.82 GB) NTFS


    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 2D114E10)

    Partition: GPT.

    ==========================================================
    Disk: 1 (Size: 232.9 GB) (Disk ID: A4B57300)
    Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: EF1DD4C2)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: DFC9D848)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00065C05)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 5C108B0D)
    Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 6 (Size: 3726 GB) (Disk ID: 16F2A91F)

    Partition: GPT.

    ==========================================================
    Disk: 7 (Size: 3726 GB) (Disk ID: 16F2A91F)

    Partition: GPT.
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 8.

    ==========================================================
    Disk: 9 (Size: 1863 GB) (Disk ID: CF463E86)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 10 (Size: 4657.5 GB) (Disk ID: 16F2A91F)

    Partition: GPT.

    ==========================================================
    Disk: 11 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0002FA52)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 12 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: E3657141)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 13 (Size: 2794.5 GB) (Disk ID: 16F2A91F)

    Partition: GPT.

    ==========================================================
    Disk: 14 (Size: 3726 GB) (Disk ID: 16F2A91F)

    Partition: GPT.

    ==========================================================
    Disk: 15 (Size: 3726 GB) (Disk ID: 16F2A91F)

    Partition: GPT.

    ==========================================================
    Disk: 16 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 8AF020BA)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 17 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E9D61D94)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-03-2020
    Ran by baltar (administrator) on BALTAR-HP (Hewlett-Packard 550-045t) (21-03-2020 17:40:41)
    Running from C:\Users\baltar\Downloads
    Loaded Profiles: baltar & Administrator (Available Profiles: baltar & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Digital Communications Inc -> Digital Com. Inc) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe
    (Digital Communications Inc -> Digital Com. Incorporated) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusClient.exe
    (Digital Communications Inc -> Digital Com. Incorporated) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe
    (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Intel Corporation - Client Components Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Windows -> Microsoft Corporation) C:\windows\System32\wlanext.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\NortonSecurity.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-09-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794904 2014-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296208 2015-08-29] (Intel Corporation - Client Components Group -> Intel Corporation)
    HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard) [File not signed]
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) [File not signed]
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{438363A8-F486-4C37-834C-4955773CB3D3}] -> msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0281F8ED-0CD9-48C9-8516-6BECD58154E4} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [339008 2013-03-12] (CyberLink Corp. -> CyberLink Corp.)
    Task: {04B3B237-D26C-4FE3-BF4B-2C2EDF288108} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
    Task: {1B6662C6-D1E6-4C29-B034-802FE10FFC78} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Task: {1BAA21DA-3562-4A04-89FD-E529F047BE8C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {1D4F3E0E-45FC-4D83-BA48-77F9E72234A3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\WSCStub.exe [570824 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Task: {25F63F39-61AF-4D3C-939D-35FC8A5D8887} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink Corp. -> CyberLink)
    Task: {2A45C2F0-B753-433D-96A4-F9A7A7B765C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
    Task: {2DE9D64E-262C-490B-9DC7-2549E72FE88C} - System32\Tasks\HPCeeScheduleForbaltar => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {42DF80CB-4ABC-48E2-AC59-EC554FC47541} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
    Task: {46252A80-B533-497C-B66C-00F862D058AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
    Task: {6C441AEB-7F5B-46AE-8AAA-DC9A40A0F656} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
    Task: {7E151FF5-30D7-40E4-9B54-03E50F5F006D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-18] (HP Inc. -> )
    Task: {81AE69CF-AA02-4A01-A53A-FDC3AB153FD8} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Task: {8741DF4D-B832-4D8E-8749-4451B1A32268} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Task: {A90C9D9E-2A08-4B0C-819B-BFE830C56FBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
    Task: {AB2E6CD5-419B-4B41-8921-B13DE6A2BF2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [147832 2020-02-24] (HP Inc. -> HP Inc.)
    Task: {ADBB6499-6F90-4839-8A63-D3AB015FD388} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
    Task: {C1699D63-C438-42C1-8DC8-2C276A4753AC} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    Task: {C4311B38-875E-4DF3-B73E-0BEF947334AD} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Task: {CBDB2F18-E21A-4D48-B200-04F99ED45744} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [308088 2020-02-12] (HP Inc. -> HP Inc.)
    Task: {D0B600D3-A54B-4A01-BCCF-628F6B45192C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [1926304 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Task: {DCBAE7A7-D347-4048-9F1C-694D84F78CF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {DE817316-8945-4831-87B8-84D35778FBDE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {E7CAD9DB-E274-449F-9567-35C9D7E01EE6} - System32\Tasks\Norton Security Scan for baltar => C:\PROGRA~2\NORTON~3\Engine\430~1.43\Nss.exe
    Task: {E8BD6829-B657-439F-91BC-10B24AE51698} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {F83FA020-4422-49FB-9FE5-8BFEF69B82BF} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [518504 2013-07-04] (CyberLink Corp. -> CyberLink)
    Task: {FBD35633-D55A-4F9A-9C91-FE1011184AE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\HPCeeScheduleForbaltar.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\windows\Tasks\Norton Security Scan for baltar.job => C:\PROGRA~2\NORTON~3\Engine\430~1.43\Nss.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
    Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{6985E048-7869-40C5-865B-402EFB593303}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
    HKU\S-1-5-21-3440046686-3313208431-1811527676-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGBFXUoMaf8lgcuK4VcS5o3zMrTtWsUTa9To6hASzvS%2Bt7%2BNIC%2BOkJJKTA8%2F5BUUNwpLXrYHoxCZAzqV5gGDiDi7rShGeq7XWOjloazKPJhapYkckYlYU6COhaRDXJqRgEo%2Bq5cED4A3xfKVyU%2F1H9OOJF7tYP0%2FNnZrIBnvXKJMuBjuLFDaEXAoEFu5RDfSmT5rJOwcVxse%2Fj7t4Jthjbvf8akzgj9pZdo5%2F9PpB6PMnQP014%2Fk%2FX3x%2FUHRZ4kr0h5oJwCrmqD31K%2BohTdaC8eEf37czo%2BgPT1JvUE0gW2xz3ieDE68Zy0yqnkJfssfRzg%3D%3D
    HKU\S-1-5-21-3440046686-3313208431-1811527676-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
    HKU\S-1-5-21-3440046686-3313208431-1811527676-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
    HKU\S-1-5-21-3440046686-3313208431-1811527676-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGBFXUoMaf8lgcuK4VcS5o3zMrTtWsUTa9To6hASzvS%2Bt7%2BNIC%2BOkJJKTA8%2F5BUUNwpLXrYHoxCZAzqV5gGDiDi7rShGeq7XWOjloazKPJhapYkckYlYU6COhaRDXJqRgEo%2Bq5cED4A3xfKVyU%2F1H9OOJF7tYP0%2FNnZrIBnvXKJMuBjuLFDaEXAoEFu5RDfSmT5rJOwcVxse%2Fj7t4Jthjbvf8akzgj9pZdo5%2F9PpB6PMnQP014%2Fk%2FX3x%2FUHRZ4kr0h5oJwCrmqD31K%2BohTdaC8eEf37czo%2BgPT1JvUE0gW2xz3ieDE68Zy0yqnkJfssfRzg%3D%3D
    HKU\S-1-5-21-3440046686-3313208431-1811527676-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
    SearchScopes: HKLM -> {DB215C5A-E0DA-4BFE-9AA3-5DED453B3493} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {DB215C5A-E0DA-4BFE-9AA3-5DED453B3493} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> {0A33EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> {A4CEC750-E34D-4153-BF25-62D872E2C31A} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.20.1.69&locale=US_en&guid=19F7AE66-CEB3-4220-94F4-50E41E86E3CE&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> {DB215C5A-E0DA-4BFE-9AA3-5DED453B3493} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-500 -> {0A33EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-500 -> {DB215C5A-E0DA-4BFE-9AA3-5DED453B3493} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\coIEPlg.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)

    Edge:
    ======
    Edge Profile: C:\Users\baltar\AppData\Local\Microsoft\Edge\User Data\Default [2020-03-20]
    Edge HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGBmpViuHi4YasHnGCOJ5HR7VUURVxTJq2uENdnYj6rvjoo8r1JxLwcWbEE6hnCeUjzGY5WrhZb8fjB%2FyrNWvinI8MX4GKAcVxGL0YZNTstmecIkitilCdcJIsTYUvEgdnzkeUhl%2FYzpisnpYkgIQdy%2Fl5uFtQcMntZopmMEt8gGZUDF8vonrGdzmKKakOXVXG%2FDg8xtw%2BU06iE2gsNK0wX1uO%2Fg9x21vT4hpreBSKunJKCTt7soL5pTVx4mz%2Frx0MYmUMjoKUKRwqcWOJjBQ1TSxYQzxbnxroezF9S8IzeOcD0funJqTl%2BnHTnWxZNeHZQ%3D%3D
    Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGPvaufFPKgq1b7uhPa6FDJQ8VTCe47KNYCxytm2cYu9wX%2F7pLbsAbhW5Axpd2daJW0TX2ZiMg7LVu07lTgr%2Fdxunjq6n3pM2cUn9%2BrClCw3i86cyFRKPT%2BMmJLvcxM4xjh3fbjXyDqkt80MkX4elctd1x%2FAHng5HlO6YOUwLL%2FU6pbbFXDT85v9ng6be7YwKsq%2FP7LNPPbagayh1X5AaKSk3vIisKeuQJIBPIZOej7rAd20CUoMFdqgEDPideolXG6EjhWzxp6xAK0%2FXGidiXuwtIofR%2FCAwnEebMYMd4Yy5rinHPSnvxkuZeBpkKLNWKA%3D%3D"
    Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGKH21vWB3RDE3avAY%2FfkMqNeCTe57YkXkXO2HKGZgtCvkB7161i%2Fy8DSF0rZS8c5amEE4W3ui3k6xowgbPE3XG2uC%2FyEGvvw%2BGSL454ah6b8D9m1O4iIFT6AXA61N8jGBimp0dV%2FstNUD%2BpOPQEKGWTnikpnLUIfJKEgQhZql5432%2BMIEoNPb%2Fek0bTb5oKBUhMVdL%2BhFKUhygZIujdxSjG%2FC77N42ijcvDRtL7h%2BzXpIGlIxaYAW18H6AboB%2ByWAAiahy9Ix%2BBv1%2F1CIyNznhltO8UkA8llJsHpfCOwo%2BqAercyBKU3zXZnKO3mQMQ2jQ%3D%3D&p={searchTerms}
    Edge DefaultSearchKeyword: Default -> search.yahoo.com
    Edge DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}

    FireFox:
    ========
    FF DefaultProfile: zwzu54hn.default
    FF ProfilePath: C:\Users\baltar\AppData\Roaming\Mozilla\Firefox\Profiles\zwzu54hn.default [2020-03-21]
    FF Homepage: Mozilla\Firefox\Profiles\zwzu54hn.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMWsuh6PGd%2FIWH6WZaXfi729V7NAg7bHjBNAFonEArrV7wtaNg75WEKAaNPJ5me5EIhoMBoQ05876vw26KxSCwGgAGYKmQHXQuWLmsE2iLQycIaqdUpHRkWHpokYL092HyyzGn7wQu3NQBdlJkGghTXLmYzPKI6ODTScLDFUQsl00Pm0LYdcNn%2BDbYQgmYrNOr15za7JrSYKdOH6%2Bf7OLq%2F0G5I45OT%2BwuneOlG%2BF5R2QLtThggJ%2BcXJla5QPc4pjd9BYYOe6kmYUshg9pq3RwSIA0EVQ2evcO47wmdvZjB9ndRotYxTbzPZzJFpCYsY1w%3D%3D
    FF NewTab: Mozilla\Firefox\Profiles\zwzu54hn.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMWsuh6PGd%2FIWH6WZaXfi729V7NAg7bHjBNAFonEArrV7wtaNg75WEKAaNPJ5me5EIhoMBoQ05876vw26KxSCwGgAGYKmQHXQuWLmsE2iLQycIaqdUpHRkWHpokYL092HyyzGn7wQu3NQBdlJkGghTXLmYzPKI6ODTScLDFUQsl00Pm0LYdcNn%2BDbYQgmYrNOr15za7JrSYKdOH6%2Bf7OLq%2F0G5I45OT%2BwuneOlG%2BF5R2QLtThggJ%2BcXJla5QPc4pjd9BYYOe6kmYUshg9pq3RwSIA0EVQ2evcO47wmdvZjB9ndRotYxTbzPZzJFpCYsY1w%3D%3D
    FF Session Restore: Mozilla\Firefox\Profiles\zwzu54hn.default -> is enabled.
    FF Notifications: Mozilla\Firefox\Profiles\zwzu54hn.default -> hxxps://www.facebook.com
    FF SearchPlugin: C:\Users\baltar\AppData\Roaming\Mozilla\Firefox\Profiles\zwzu54hn.default\searchplugins\Yahoo powered search.xml [2020-03-20]
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2016-09-29] (WildTangent Inc -> )

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    "SAntivirusIC" => service was unlocked. <==== ATTENTION

    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-29] (WildTangent Inc -> WildTangent)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [361848 2019-12-06] (HP Inc. -> HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-21] (Malwarebytes Inc -> Malwarebytes)
    R2 NortonSecurity; C:\Program Files (x86)\Norton Internet Security\Engine\22.20.1.69\NortonSecurity.exe [227352 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [306944 2015-09-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [7056880 2020-03-06] (Digital Communications Inc -> Digital Com. Inc) <==== ATTENTION
    R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [164848 2020-03-12] (Digital Communications Inc -> Digital Com. Incorporated) <==== ATTENTION
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Windows -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\BASHDefs\20200316.001\BHDrvx64.sys [1952136 2019-09-30] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614010.045\ccSetx64.sys [192376 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-09] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-03-11] (Symantec Corporation -> Symantec Corporation)
    R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
    S3 GENERICDRV; C:\SWSetup\SP73862\samifldrv64.sys [15640 2012-07-27] (American Megatrends, Inc. -> )
    S3 hpvision; C:\windows\System32\drivers\hp64vision.sys [26912 2013-02-08] (Hewlett-Packard Company -> Windows (R) Codename Longhorn DDK provider)
    R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [31144 2015-07-29] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\IPSDefs\20200320.061\IDSvia64.sys [1451016 2019-08-05] (Symantec Corporation -> Symantec Corporation)
    R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [214496 2020-03-21] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [195432 2020-03-21] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73584 2020-03-21] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-03-21] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [109168 2020-03-21] (Malwarebytes Inc -> Malwarebytes)
    R3 MEIx64; C:\windows\system32\drivers\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
    S3 RTSUER; C:\windows\System32\Drivers\RtsUer.sys [402136 2016-04-30] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [4471000 2019-01-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
    R1 SANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusKD.sys [90096 2020-03-12] (Digital Communications Inc. -> Digital Comm. Inc) <==== ATTENTION
    R3 SRTSP; C:\windows\System32\drivers\NGCx64\1614010.045\SRTSP64.SYS [889520 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\windows\System32\drivers\NGCx64\1614010.045\SRTSPX64.SYS [50864 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614010.045\SYMEFASI64.SYS [1964200 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-23] (Symantec Corporation -> Symantec Corporation)
    R3 SymEvnt; C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\SymPlatform\SymEvnt.sys [712368 2020-01-16] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\windows\System32\drivers\NGCx64\1614010.045\Ironx64.SYS [316656 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    R1 SymNetS; C:\windows\System32\drivers\NGCx64\1614010.045\symnets.sys [573448 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    R3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
    R1 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1614010.045\wpCtrlDrv.sys [1012120 2020-01-21] (Symantec Corporation -> Symantec Corporation)
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20170511.009\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20170511.009\NAVEX15.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-03-21 17:40 - 2020-03-21 17:41 - 000035241 _____ C:\Users\baltar\Downloads\FRST.txt
    2020-03-21 17:40 - 2020-03-21 17:41 - 000000000 ____D C:\FRST
    2020-03-21 17:39 - 2020-03-21 17:39 - 002279936 _____ (Farbar) C:\Users\baltar\Downloads\FRST64.exe
    2020-03-21 17:34 - 2020-03-21 17:38 - 000000000 ____D C:\Users\baltar\AppData\LocalLow\IGDump
    2020-03-21 17:34 - 2020-03-21 17:34 - 000195432 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
    2020-03-21 17:34 - 2020-03-21 17:34 - 000109168 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
    2020-03-21 17:34 - 2020-03-21 17:34 - 000073584 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
    2020-03-21 17:32 - 2020-03-21 17:32 - 000000000 ____D C:\Users\baltar\AppData\Local\cache
    2020-03-21 17:31 - 2020-03-21 17:31 - 000214496 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
    2020-03-21 17:31 - 2020-03-21 17:31 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-03-21 17:31 - 2020-03-21 17:31 - 000001950 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-03-21 17:31 - 2020-03-21 17:31 - 000000000 ____D C:\Users\baltar\AppData\Local\mbamtray
    2020-03-21 17:31 - 2020-03-21 17:31 - 000000000 ____D C:\Users\baltar\AppData\Local\mbam
    2020-03-21 17:31 - 2020-03-21 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2020-03-21 17:30 - 2020-03-21 17:30 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
    2020-03-21 17:30 - 2020-03-21 17:30 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
    2020-03-21 17:30 - 2020-03-21 17:30 - 000000000 ____D C:\ProgramData\Malwarebytes
    2020-03-21 17:30 - 2020-03-21 17:30 - 000000000 ____D C:\Program Files\Malwarebytes
    2020-03-21 17:29 - 2020-03-21 17:29 - 001957784 _____ (Malwarebytes) C:\Users\baltar\Downloads\MBSetup.exe
    2020-03-21 17:24 - 2020-03-21 17:24 - 000000000 ____D C:\windows\system32\Tasks\Remediation
    2020-03-21 13:55 - 2020-03-21 14:20 - 076899826 _____ C:\Users\baltar\Downloads\Domme Attempt Thwarted.mp4
    2020-03-21 03:36 - 2020-03-21 03:51 - 1852689432 _____ C:\Users\baltar\Downloads\HA_0318 - The Tits - Ella Jane.mp4
    2020-03-21 03:36 - 2020-03-21 03:50 - 1700636214 _____ C:\Users\baltar\Downloads\DB_45586 - Alexis Tae.mp4
    2020-03-21 03:36 - 2020-03-21 03:44 - 494124809 _____ C:\Users\baltar\Downloads\FS_1211 - Muriel Hogtied - Part 1.mp4
    2020-03-21 03:35 - 2020-03-21 03:43 - 813487971 _____ C:\Users\baltar\Downloads\SSL_0121 - Social Degredation.mp4
    2020-03-21 03:35 - 2020-03-21 03:41 - 903500238 _____ C:\Users\baltar\Downloads\HUC_0914 - Ulysse doesnt like to be touched.mp4
    2020-03-21 03:35 - 2020-03-21 03:40 - 453358945 _____ C:\Users\baltar\Downloads\HT_2564 - Smokie Flame.mp4
    2020-03-21 03:35 - 2020-03-21 03:38 - 239764884 _____ C:\Users\baltar\Downloads\AM_0311 - Submissive teen ****.mp4
    2020-03-21 03:34 - 2020-03-21 03:55 - 1343843928 _____ C:\Users\baltar\Downloads\VA_0312 - Victoria J - Downward Doggy Style.mp4
    2020-03-21 03:34 - 2020-03-21 03:50 - 992146300 _____ C:\Users\baltar\Downloads\HP_E46 - Cunthulhu 4k.mp4
    2020-03-21 03:34 - 2020-03-21 03:42 - 1398062311 _____ C:\Users\baltar\Downloads\BR_0704 - Garbage - Nothing Interrogation.mp4
    2020-03-21 03:33 - 2020-03-21 03:48 - 919609601 _____ C:\Users\baltar\Downloads\RE_1109 - Getting Revenge On The Village Gossip 4k.mp4
    2020-03-21 03:33 - 2020-03-21 03:38 - 353628067 _____ C:\Users\baltar\Downloads\BO_1210 - Redheads Painful Struggle.mp4
    2020-03-21 03:16 - 2020-03-21 03:16 - 042245559 _____ C:\Users\baltar\Downloads\Pleasure Toys 6-9.rar
    2020-03-21 03:16 - 2020-03-21 03:16 - 011739270 _____ C:\Users\baltar\Downloads\Pleasure Toys 14.rar
    2020-03-21 03:16 - 2020-03-21 03:16 - 009115524 _____ C:\Users\baltar\Downloads\Pleasure Toys 15.rar
    2020-03-21 03:15 - 2020-03-21 03:15 - 002657624 _____ C:\Users\baltar\Downloads\Jungle Trouble.rar
    2020-03-21 01:11 - 2020-03-21 02:10 - 181817312 _____ C:\Users\baltar\Downloads\Rubberdoll Masturbating in Vacbed.mp4
    2020-03-20 21:20 - 2020-03-20 21:20 - 005031207 _____ C:\Users\baltar\Downloads\Lady Of The Manor.rar
    2020-03-20 21:17 - 2020-03-20 21:17 - 019469343 _____ C:\Users\baltar\Downloads\Tracy Scops - Sinful Six.rar
    2020-03-20 21:15 - 2020-03-20 21:17 - 202148739 _____ C:\Users\baltar\Downloads\elisecf2.mp4
    2020-03-20 21:14 - 2020-03-20 21:16 - 153089615 _____ C:\Users\baltar\Downloads\willow6.mp4
    2020-03-20 21:02 - 2020-03-20 21:03 - 205330167 _____ C:\Users\baltar\Downloads\willow7.wmv
    2020-03-20 21:02 - 2020-03-20 21:03 - 145805945 _____ C:\Users\baltar\Downloads\willow8.mp4
    2020-03-20 21:01 - 2020-03-20 21:04 - 107389769 _____ C:\Users\baltar\Downloads\elisecf3.mp4
    2020-03-20 21:01 - 2020-03-20 21:02 - 104208612 _____ C:\Users\baltar\Downloads\elisecf1.mp4
    2020-03-20 21:01 - 2020-03-20 21:02 - 079793952 _____ C:\Users\baltar\Downloads\willow5.mp4
    2020-03-20 20:08 - 2020-03-20 20:10 - 247323146 _____ C:\Users\baltar\Downloads\Cheerleading(1).mp4
    2020-03-20 20:07 - 2020-03-20 21:48 - 310462956 _____ C:\Users\baltar\Downloads\Latex Doll In Latex Catsuit And Medical Restraints On Latex Inflatable Bed.m4v
    2020-03-20 20:05 - 2020-03-20 20:33 - 648827079 _____ C:\Users\baltar\Downloads\btbo_sahryebed18.mp4
    2020-03-20 20:05 - 2020-03-20 20:13 - 1023987674 _____ C:\Users\baltar\Downloads\lrgtabletaped.mp4
    2020-03-20 20:05 - 2020-03-20 20:11 - 808040342 _____ C:\Users\baltar\Downloads\hood_15_Kimberly_Mom_Tied.mp4
    2020-03-20 20:05 - 2020-03-20 20:08 - 717299192 _____ C:\Users\baltar\Downloads\Toe tied thief.mp4
    2020-03-20 20:05 - 2020-03-20 20:08 - 303094377 _____ C:\Users\baltar\Downloads\lexihogtied18.mp4
    2020-03-20 20:05 - 2020-03-20 20:06 - 126574134 _____ C:\Users\baltar\Downloads\Riley Rose Workshop Bound.mp4
    2020-03-20 20:03 - 2020-03-20 20:10 - 849253415 _____ C:\Users\baltar\Downloads\btbo_morinasj.wmv
    2020-03-20 15:51 - 2020-03-20 15:57 - 872375451 _____ C:\Users\baltar\Downloads\Lucie Tied and ****.mp4
    2020-03-20 15:01 - 2020-03-20 15:07 - 832255355 _____ C:\Users\baltar\Downloads\Catalina and the Masked Man.mp4
    2020-03-20 15:00 - 2020-03-20 15:04 - 556423901 _____ C:\Users\baltar\Downloads\Vintage Insex_ The Weekend.wmv
    2020-03-20 14:55 - 2020-03-20 15:01 - 910981409 _____ C:\Users\baltar\Downloads\The Domina Files part 5.wmv
    2020-03-20 14:55 - 2020-03-20 14:56 - 178408722 _____ C:\Users\baltar\Downloads\ngMJ07_lg.mp4
    2020-03-20 14:14 - 2020-03-20 14:19 - 372736691 _____ C:\Users\baltar\Downloads\Beth_Pig_Feeding.mp4
    2020-03-20 14:14 - 2020-03-20 14:18 - 414008378 _____ C:\Users\baltar\Downloads\Beth_Yap_Training_2.mp4
    2020-03-20 14:14 - 2020-03-20 14:18 - 364655288 _____ C:\Users\baltar\Downloads\Kim_Pet_School.mp4
    2020-03-20 14:14 - 2020-03-20 14:17 - 362960165 _____ C:\Users\baltar\Downloads\Beth_Leash.mp4
    2020-03-20 14:14 - 2020-03-20 14:17 - 263535530 _____ C:\Users\baltar\Downloads\Yuka_Leash.mp4
    2020-03-20 14:13 - 2020-03-20 14:44 - 504311500 _____ C:\Users\baltar\Downloads\Alexa_Door_to_Floor.mp4
    2020-03-20 14:13 - 2020-03-20 14:16 - 288906314 _____ C:\Users\baltar\Downloads\Beth_Fuck_Bunny.mp4
    2020-03-20 14:13 - 2020-03-20 14:15 - 404576134 _____ C:\Users\baltar\Downloads\Beth_Dog_Feed_2.mp4
    2020-03-20 14:13 - 2020-03-20 14:14 - 121756013 _____ C:\Users\baltar\Downloads\zooeygags.wmv
    2020-03-20 14:12 - 2020-03-20 14:25 - 1587156260 _____ C:\Users\baltar\Downloads\Squirting Shiny Fistfucked Table - Scene 1 - Full HD 1080p.mp4
    2020-03-20 14:07 - 2020-03-20 14:11 - 586457807 _____ C:\Users\baltar\Downloads\Babysitting Gone Wrong.mp4
    2020-03-20 14:02 - 2020-03-20 14:10 - 1248403525 _____ C:\Users\baltar\Downloads\Squirting Shiny Fistfucked Table - Scene 2 - Full HD 1080p.mp4
    2020-03-20 14:01 - 2020-03-20 14:07 - 793747795 _____ C:\Users\baltar\Downloads\Indoor Sub - Latex Slave Chastised by Domina - Scene 1 - Full HD 1080p.mp4
    2020-03-20 13:43 - 2020-03-20 13:44 - 802683404 _____ C:\Users\baltar\Downloads\The Cat is Away.mp4
    2020-03-20 13:43 - 2020-03-20 13:43 - 084140829 _____ C:\Users\baltar\Downloads\ngDA24_lg.mp4
    2020-03-20 13:43 - 2020-03-20 13:43 - 004403103 _____ C:\Users\baltar\Downloads\Gord00_lg.mp4
    2020-03-20 13:42 - 2020-03-20 13:47 - 683404969 _____ C:\Users\baltar\Downloads\Things Get a Little Sticky.mp4
    2020-03-20 13:41 - 2020-03-20 14:10 - 489471404 _____ C:\Users\baltar\Downloads\Tightly Tied to a Chair.mp4
    2020-03-20 13:25 - 2020-03-20 13:26 - 171608676 _____ C:\Users\baltar\Downloads\DiP_451 Penny Lee.mp4
    2020-03-20 13:19 - 2020-03-20 13:59 - 653802794 _____ C:\Users\baltar\Downloads\Capture of Jennifer.wmv
    2020-03-20 13:19 - 2020-03-20 13:26 - 823597363 _____ C:\Users\baltar\Downloads\She_s ****ed.wmv
    2020-03-20 13:19 - 2020-03-20 13:24 - 611170794 _____ C:\Users\baltar\Downloads\Kung Fu Masochist.wmv
    2020-03-20 13:19 - 2020-03-20 13:24 - 595170794 _____ C:\Users\baltar\Downloads\Cottn Candy_s Vises.wmv
    2020-03-20 13:19 - 2020-03-20 13:21 - 633130794 _____ C:\Users\baltar\Downloads\Kinkerella.wmv
    2020-03-20 13:11 - 2020-03-20 13:15 - 490149185 _____ C:\Users\baltar\Downloads\latex-lucy-skin-tight-scene-5.540p.mp4
    2020-03-20 13:11 - 2020-03-20 13:14 - 468047011 _____ C:\Users\baltar\Downloads\latex-lucy-skin-tight-scene-4.540p.mp4
    2020-03-20 13:10 - 2020-03-20 13:15 - 569296531 _____ C:\Users\baltar\Downloads\latex-lucy-skin-tight-scene-3.540p.mp4
    2020-03-20 13:10 - 2020-03-20 13:14 - 445248377 _____ C:\Users\baltar\Downloads\latex-lucy-skin-tight-scene-2.540p.mp4
    2020-03-20 13:10 - 2020-03-20 13:13 - 433372061 _____ C:\Users\baltar\Downloads\latex-lucy-skin-tight-scene-1.540p.mp4
    2020-03-20 10:33 - 2020-03-20 12:13 - 306523712 _____ C:\Users\baltar\Downloads\Mary Jale - Latex Slut.part3.rar
    2020-03-20 02:59 - 2020-03-20 03:28 - 1630210603 _____ C:\Users\baltar\Downloads\Precious_Gestures.mp4
    2020-03-20 02:59 - 2020-03-20 03:26 - 1311009192 _____ C:\Users\baltar\Downloads\Luna s Struggles.mp4
    2020-03-20 02:59 - 2020-03-20 03:22 - 887007782 _____ C:\Users\baltar\Downloads\Newbie_In_Tough_Bondage.mp4
    2020-03-20 02:59 - 2020-03-20 03:20 - 975359136 _____ C:\Users\baltar\Downloads\Nervous Ziva.mp4
    2020-03-20 02:58 - 2020-03-20 03:19 - 832255355 _____ C:\Users\baltar\Downloads\Catalina Ossa and the Masked Man.mp4
    2020-03-20 02:58 - 2020-03-20 03:17 - 848579521 _____ C:\Users\baltar\Downloads\Dominating_Luna.mp4
    2020-03-20 02:58 - 2020-03-20 03:16 - 696760375 _____ C:\Users\baltar\Downloads\Jades_Sacrifice.mp4
    2020-03-20 02:57 - 2020-03-20 03:18 - 1291903216 _____ C:\Users\baltar\Downloads\Reena captured.mp4
    2020-03-20 02:57 - 2020-03-20 03:14 - 791705995 _____ C:\Users\baltar\Downloads\AJ Marion & David Andrews.mp4
    2020-03-20 02:57 - 2020-03-20 02:59 - 129324595 _____ C:\Users\baltar\Downloads\hogTG66_lg.mp4
    2020-03-20 02:56 - 2020-03-20 03:18 - 585131281 _____ C:\Users\baltar\Downloads\Hot Mama Struggles Hard in Bondage.mp4
    2020-03-20 02:56 - 2020-03-20 03:05 - 615620220 _____ C:\Users\baltar\Downloads\Dbm Videovertrieb.mp4
    2020-03-20 02:55 - 2020-03-20 03:19 - 2132413293 _____ C:\Users\baltar\Downloads\Tight bondage, mummification and strappado sexy hot model.mp4
    2020-03-20 02:55 - 2020-03-20 03:14 - 429522458 _____ C:\Users\baltar\Downloads\Her Screams Were Stifled.mp4
    2020-03-20 02:55 - 2020-03-20 03:06 - 576713054 _____ C:\Users\baltar\Downloads\Black Nylon Encasement.mp4
    2020-03-20 02:54 - 2020-03-20 02:56 - 161562862 _____ C:\Users\baltar\Downloads\Butt Thrust Trainer.wmv
    2020-03-20 02:53 - 2020-03-20 02:56 - 247323146 _____ C:\Users\baltar\Downloads\Cheerleading.mp4
    2020-03-20 02:51 - 2020-03-20 03:24 - 2635810836 _____ C:\Users\baltar\Downloads\PS_45705 - Lucy Love.mp4
    2020-03-20 02:47 - 2020-03-20 03:21 - 2561265627 _____ C:\Users\baltar\Downloads\SLM_0924 - Rebel Rhyder - Mouth Hole Control.mp4
    2020-03-20 02:47 - 2020-03-20 03:16 - 1467584932 _____ C:\Users\baltar\Downloads\DS_45541 - Carolina Sweets - Carolina Has Her 1st Blow Bang.mp4
    2020-03-20 02:43 - 2020-03-20 02:54 - 1731178110 _____ C:\Users\baltar\Downloads\DH_1102 - Vicki Chase gets dominated by big - Luna Star, Vicki Chase.mp4
    2020-03-20 02:42 - 2020-03-20 03:23 - 2743278259 _____ C:\Users\baltar\Downloads\ES_34898 - Aiden Starr And Mona Wales.mp4
    2020-03-20 02:41 - 2020-03-20 02:54 - 2199311526 _____ C:\Users\baltar\Downloads\BO_0302 - Laney Grey - Kiss and make up.mp4
    2020-03-20 02:41 - 2020-03-20 02:42 - 137167863 _____ C:\Users\baltar\Downloads\AM_0311 - dirty moni - Gefesselt und benutzt.mp4
    2020-03-20 02:39 - 2020-03-20 02:46 - 1220575355 _____ C:\Users\baltar\Downloads\BIV_42303 - Baby In Chains - Jasmin, Baylock.mp4
    2020-03-20 02:38 - 2020-03-20 02:45 - 1060769135 _____ C:\Users\baltar\Downloads\LCD_0314 - Alexis Crystal.mp4
    2020-03-20 02:38 - 2020-03-20 02:39 - 143602364 _____ C:\Users\baltar\Downloads\HT_2490 - Isis Love, Matt Williams.mp4
    2020-03-20 02:37 - 2020-03-20 02:42 - 845988666 _____ C:\Users\baltar\Downloads\FS_1210 - JJ Hogtied In The Basement.mp4
    2020-03-20 02:37 - 2020-03-20 02:39 - 603335411 _____ C:\Users\baltar\Downloads\BR_0618 - Wednesday - She Made The Whips For Her Own Torture.mp4
    2020-03-20 02:03 - 2020-03-20 02:03 - 000000000 ____D C:\Users\baltar\Downloads\New folder (46)
    2020-03-20 01:08 - 2020-03-20 02:54 - 325058560 _____ C:\Users\baltar\Downloads\Mary Jale - Latex Slut.part2.rar
    2020-03-19 17:46 - 2020-03-19 19:32 - 325058560 _____ C:\Users\baltar\Downloads\Mary Jale - Latex Slut.part1.rar
    2020-03-19 17:13 - 2020-03-19 17:13 - 000295992 _____ C:\windows\Minidump\031920-140260-01.dmp
    2020-03-19 02:29 - 2020-03-19 02:32 - 447608711 _____ C:\Users\baltar\Downloads\RE_1102 - Lifestyle 4k.mp4
    2020-03-19 02:06 - 2020-03-19 02:11 - 356809913 _____ C:\Users\baltar\Downloads\ngSD01_lg.mp4
    2020-03-19 02:06 - 2020-03-19 02:08 - 130971259 _____ C:\Users\baltar\Downloads\ng_TG51_b_LG.mp4
    2020-03-19 02:03 - 2020-03-19 02:11 - 729096861 _____ C:\Users\baltar\Downloads\Latex Bondage Captive.mp4
    2020-03-19 02:02 - 2020-03-19 02:11 - 673558924 _____ C:\Users\baltar\Downloads\Security Guared Secures Her Prize.mp4
    2020-03-19 02:02 - 2020-03-19 02:07 - 435563827 _____ C:\Users\baltar\Downloads\Secretary Attacked at Home.mp4
    2020-03-19 01:58 - 2020-03-19 02:03 - 737724129 _____ C:\Users\baltar\Downloads\Rubber Straps and Boots.mp4
    2020-03-17 22:52 - 2020-03-17 22:52 - 000000000 ____D C:\Users\baltar\Downloads\Carissa Montgomery
    2020-03-16 08:09 - 2020-03-16 08:09 - 000000000 ____D C:\Users\baltar\Desktop\Old Firefox Data
    2020-03-16 00:32 - 2020-03-16 00:43 - 000000000 ____D C:\Users\baltar\Downloads\Blood Angels
    2020-03-15 20:27 - 2020-03-15 20:29 - 000000000 ____D C:\Users\baltar\Downloads\Tied Girls
    2020-03-15 16:13 - 2020-03-15 16:13 - 000039851 _____ C:\Users\baltar\Downloads\Taylor_familylines_graph.pdf
    2020-03-15 14:03 - 2020-03-15 14:03 - 000000000 ____D C:\Users\baltar\Downloads\New folder (45)
    2020-03-15 02:28 - 2020-03-15 02:28 - 000000000 ____D C:\Users\baltar\Downloads\New folder (44)
    2020-03-13 21:48 - 2020-03-13 21:48 - 000000359 _____ C:\Users\baltar\Desktop\Recycle Bin - Shortcut.lnk
    2020-03-12 20:01 - 2020-03-12 20:01 - 000000000 ____D C:\Users\baltar\AppData\Roaming\santivirusclient
    2020-03-12 20:00 - 2020-03-12 20:00 - 000000000 ____D C:\ProgramData\SAntivirus
    2020-03-12 20:00 - 2020-03-12 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
    2020-03-12 20:00 - 2020-03-12 20:00 - 000000000 ____D C:\Program Files (x86)\Digital Communications
    2020-03-11 20:40 - 2020-03-11 20:40 - 001285113 _____ C:\Users\baltar\Downloads\RASPUTIN by DeHaro.rar
    2020-03-09 17:55 - 2020-03-09 17:56 - 000000000 ____D C:\Users\baltar\Downloads\New folder (43)
    2020-03-09 17:52 - 2020-03-09 17:53 - 000000000 ____D C:\Users\baltar\Downloads\New folder (42)
    2020-03-05 19:49 - 2020-03-05 19:49 - 000000000 ____D C:\windows\system32\Tasks\Norton 360
    2020-03-03 16:10 - 2020-03-03 16:12 - 608757161 _____ C:\Users\baltar\Downloads\Tina Tickling And Big Ball gag.mp4
    2020-03-02 19:43 - 2020-03-02 20:33 - 558327974 _____ C:\Users\baltar\Downloads\Corseted Leather Strap.mp4
    2020-03-02 19:26 - 2020-03-02 20:06 - 1169948559 _____ C:\Users\baltar\Downloads\Slave traning.wmv
    2020-03-02 03:49 - 2020-03-02 04:10 - 1229753779 _____ C:\Users\baltar\Downloads\Love and money.wmv
    2020-02-29 03:13 - 2020-02-29 03:16 - 000000000 ____D C:\Users\baltar\Downloads\Bound Hotties
    2020-02-27 10:00 - 2020-02-27 10:01 - 000000000 ____D C:\Users\baltar\Downloads\Bondax
    2020-02-24 02:38 - 2020-02-24 02:38 - 000000000 ____D C:\Users\baltar\Downloads\Lacey Lennon
    2020-02-21 02:47 - 2020-03-15 02:45 - 000000000 ____D C:\Users\baltar\Downloads\Bound-Feet

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-03-21 17:05 - 2018-09-29 18:53 - 000000000 ____D C:\Users\baltar\AppData\Local\NPE
    2020-03-21 17:01 - 2009-07-14 00:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2020-03-21 17:01 - 2009-07-14 00:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2020-03-21 17:00 - 2015-08-29 00:11 - 000000000 ____D C:\ProgramData\Norton
    2020-03-21 16:48 - 2016-11-20 18:59 - 000000000 ____D C:\Users\baltar\AppData\LocalLow\Mozilla
    2020-03-21 16:46 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
    2020-03-21 12:34 - 2015-08-28 21:53 - 000003934 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{CA8CA479-30F3-4C48-A311-475CA6A036CD}
    2020-03-21 12:23 - 2020-02-01 10:59 - 000000336 _____ C:\windows\Tasks\HPCeeScheduleForbaltar.job
    2020-03-21 04:34 - 2020-02-01 10:59 - 000003192 _____ C:\windows\system32\Tasks\HPCeeScheduleForbaltar
    2020-03-21 03:13 - 2017-08-12 11:23 - 000000000 ____D C:\Users\baltar\Downloads\New folder (4)
    2020-03-21 02:34 - 2015-09-08 08:29 - 000000000 ____D C:\Users\baltar\Downloads\Comics
    2020-03-20 02:29 - 2018-09-26 08:34 - 000000000 ____D C:\Users\baltar\Downloads\NabHer
    2020-03-20 02:26 - 2018-09-11 08:45 - 000000000 ____D C:\Users\baltar\Downloads\David Knight Bondage
    2020-03-20 02:25 - 2018-07-21 22:58 - 000000000 ____D C:\Users\baltar\Downloads\Bronx Ties
    2020-03-19 17:13 - 2016-03-12 05:05 - 734035957 _____ C:\windows\MEMORY.DMP
    2020-03-19 17:13 - 2016-03-12 05:05 - 000000000 ____D C:\windows\Minidump
    2020-03-19 16:22 - 2015-08-29 01:08 - 000000408 ____H C:\windows\Tasks\Norton Security Scan for baltar.job
    2020-03-18 18:51 - 2019-04-26 18:20 - 000000000 ____D C:\Users\baltar\Downloads\New folder (33)
    2020-03-18 13:37 - 2015-08-28 21:52 - 000000000 ____D C:\Users\baltar
    2020-03-17 22:39 - 2018-06-09 20:53 - 000000000 ____D C:\Users\baltar\Downloads\Tucson Tied
    2020-03-17 22:31 - 2019-09-01 21:11 - 000000000 ____D C:\Users\baltar\Downloads\Moraxian
    2020-03-17 21:19 - 2015-08-30 16:39 - 000000000 ____D C:\Users\baltar\AppData\Local\CrashDumps
    2020-03-15 17:32 - 2018-04-07 21:07 - 000000000 ____D C:\Users\baltar\Downloads\Tomiko
    2020-03-15 14:07 - 2015-08-27 23:01 - 000000000 ____D C:\Users\baltar\Documents\MWOTRC
    2020-03-15 02:25 - 2020-02-15 02:56 - 000000000 ____D C:\Users\baltar\Downloads\archw.com
    2020-03-13 22:33 - 2019-02-07 09:54 - 000000000 ____D C:\Users\baltar\Downloads\Angelique Kithos
    2020-03-13 18:18 - 2019-01-30 19:27 - 000000000 ____D C:\ProgramData\Mozilla
    2020-03-13 17:38 - 2009-07-14 01:08 - 000032586 _____ C:\windows\Tasks\SCHEDLGU.TXT
    2020-03-12 19:59 - 2019-12-30 22:25 - 000000975 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
    2020-03-12 19:59 - 2019-12-30 22:25 - 000000975 _____ C:\ProgramData\Desktop\PotPlayer 64 bit.lnk
    2020-03-12 18:13 - 2020-02-19 21:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2020-03-12 18:13 - 2015-08-28 21:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2020-03-12 03:10 - 2015-11-25 21:40 - 000000000 ____D C:\windows\system32\MRT
    2020-03-12 03:05 - 2015-11-25 21:40 - 121542864 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
    2020-03-11 19:23 - 2018-03-13 21:23 - 000004466 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
    2020-03-11 19:23 - 2015-07-01 14:12 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
    2020-03-11 19:23 - 2015-07-01 14:12 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2020-03-11 19:23 - 2015-07-01 14:12 - 000004312 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
    2020-03-11 19:23 - 2015-07-01 14:12 - 000000000 ____D C:\windows\SysWOW64\Macromed
    2020-03-11 19:23 - 2015-07-01 14:12 - 000000000 ____D C:\windows\system32\Macromed
    2020-03-11 00:24 - 2015-08-29 13:06 - 000000000 ____D C:\Users\baltar\Documents\Move
    2020-03-09 17:01 - 2015-12-23 22:58 - 000000000 ____D C:\Users\Administrator
    2020-03-07 23:35 - 2018-10-03 08:55 - 000000000 ____D C:\Users\baltar\Downloads\ProVillian
    2020-03-06 10:11 - 2018-10-12 08:49 - 000000000 ____D C:\Users\baltar\Downloads\Stormy Evans
    2020-03-05 20:11 - 2015-12-06 02:24 - 000000000 ____D C:\Program Files\Common Files\AV
    2020-03-05 19:43 - 2020-02-11 20:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2020-03-05 19:43 - 2018-02-15 00:54 - 000002486 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2020-03-05 19:43 - 2018-02-15 00:54 - 000002486 _____ C:\ProgramData\Desktop\Norton Security.lnk
    2020-02-22 05:48 - 2016-02-27 10:18 - 000000000 ____D C:\windows\HP
    2020-02-21 03:09 - 2019-01-21 16:00 - 000000000 ____D C:\Users\baltar\Downloads\Two Some

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2020-03-19 03:39
    ==================== End of FRST.txt ========================
     
    Last edited by a moderator: Mar 22, 2020
  8. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    Any idea how to fix this?
     
  9. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    97
    Hi, londo.

    I'm in the process of reviewing your logs. I will be back to you as soon as I can. :)
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,774
    First Name:
    Karen
    Londo,

    Please do not quote all of the previous posts when replying. Inistead of using the Reply button simply put your reply in the whilte reply box at the bottom of the thread to avoid unnecessary scrolling in posts that are already very lengthy.

    Also, it's not appropriate to bump your post until at least 24 hours has passed. Kindly keep this in mind in the future.
     
  11. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    Just got pinged again. Shut it down, abut it's still there.
     
  12. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    97
    Hi, londo.

    I have a lot of work for you today. :)

    These are my comments and instructions, regarding the logs you provided.

    1. Windows Update

    It seems that your computer is running with Windows 7 Pro. This version of Windows came to its end of life last January. An outdated operating system means no security fixes. Therefore, it is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. You should consider to update your computer to Windows 10, when we finish the cleaning process.

    2. Notification from sites

    Did you intentionally enable notifications from Facebook?

    3. Uninstall a program
    • Click on the Start button to open your Start Menu.
    • When the Start Menu opens click on the Control Panel menu option.
    • When the Control Panel window opens click on the Uninstall a program option option under the Programs category. If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
    • In the list of programs look for the program listed below, right-click the entry and click Uninstall.
      • SAntivirus Realtime Protection Lite
    • Restart the computer.

    4. Run FRST fix

    Before run the fix, please move the FRST tool from your Downloads folder to your Desktop. It should be easier to deal with the created logs as we are moving on. Find it in the Downloads folder and just drug it on the Desktop.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll -> No File
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll -> No File
    ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll -> No File
    ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll -> No File
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll -> No File
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll -> No File
    FirewallRules: [{9E12F734-F563-45AA-B646-7D4281704AB3}] => (Allow) C:\Users\baltar\AppData\Local\Temp\7zSEA7D.tmp\SymNRT.exe No File
    FirewallRules: [{8D71697B-F1D9-47DA-8549-CA8E5320B373}] => (Allow) C:\Users\baltar\AppData\Local\Temp\7zSEA7D.tmp\SymNRT.exe No File
    Task: {1BAA21DA-3562-4A04-89FD-E529F047BE8C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {DE817316-8945-4831-87B8-84D35778FBDE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    HKU\S-1-5-21-3440046686-3313208431-1811527676-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGBFXUoMaf8lgcuK4VcS5o3zMrTtWsUTa9To6hASzvS%2Bt7%2BNIC%2BOkJJKTA8%2F5BUUNwpLXrYHoxCZAzqV5gGDiDi7rShGeq7XWOjloazKPJhapYkckYlYU6COhaRDXJqRgEo%2Bq5cED4A3xfKVyU%2F1H9OOJF7tYP0%2FNnZrIBnvXKJMuBjuLFDaEXAoEFu5RDfSmT5rJOwcVxse%2Fj7t4Jthjbvf8akzgj9pZdo5%2F9PpB6PMnQP014%2Fk%2FX3x%2FUHRZ4kr0h5oJwCrmqD31K%2BohTdaC8eEf37czo%2BgPT1JvUE0gW2xz3ieDE68Zy0yqnkJfssfRzg%3D%3D
    HKU\S-1-5-21-3440046686-3313208431-1811527676-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGBFXUoMaf8lgcuK4VcS5o3zMrTtWsUTa9To6hASzvS%2Bt7%2BNIC%2BOkJJKTA8%2F5BUUNwpLXrYHoxCZAzqV5gGDiDi7rShGeq7XWOjloazKPJhapYkckYlYU6COhaRDXJqRgEo%2Bq5cED4A3xfKVyU%2F1H9OOJF7tYP0%2FNnZrIBnvXKJMuBjuLFDaEXAoEFu5RDfSmT5rJOwcVxse%2Fj7t4Jthjbvf8akzgj9pZdo5%2F9PpB6PMnQP014%2Fk%2FX3x%2FUHRZ4kr0h5oJwCrmqD31K%2BohTdaC8eEf37czo%2BgPT1JvUE0gW2xz3ieDE68Zy0yqnkJfssfRzg%3D%3D
    HKU\S-1-5-21-3440046686-3313208431-1811527676-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
    HKU\S-1-5-21-3440046686-3313208431-1811527676-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-1000 -> {0A33EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMS5GobgFSH4jWy%2FQ%2F22vu4V3Lyr8QMNDEdQ6PYT4ntkV50QB4UHNhyBVLD3hsTUKZNfkY96GNtXW096Dd4GT8uY%2BUrZvzvneXT0BKaHPdXYcRm2ZbnRfOTRGGOYVXfzlP77NG4DrQqFY7oPhHPNt%2BmjG%2FCQqSQjHwu%2FpnVOxHnHSsTFt06Ou7ftlFmA59wB%2F4U3wZCojJJLozMzZDulDsUa3r9SqoI3VRgLIz29UVCLNoZk%2FjXau0om5VVM1Tt7yJ50i56Bey3IB6Bi4cKw%2FoE3IVyDiWgBsRgRkEOOB9R2g4mkQqh0CkpWuNC7KaKn6w%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3440046686-3313208431-1811527676-500 -> {0A33EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Edge HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGBmpViuHi4YasHnGCOJ5HR7VUURVxTJq2uENdnYj6rvjoo8r1JxLwcWbEE6hnCeUjzGY5WrhZb8fjB%2FyrNWvinI8MX4GKAcVxGL0YZNTstmecIkitilCdcJIsTYUvEgdnzkeUhl%2FYzpisnpYkgIQdy%2Fl5uFtQcMntZopmMEt8gGZUDF8vonrGdzmKKakOXVXG%2FDg8xtw%2BU06iE2gsNK0wX1uO%2Fg9x21vT4hpreBSKunJKCTt7soL5pTVx4mz%2Frx0MYmUMjoKUKRwqcWOJjBQ1TSxYQzxbnxroezF9S8IzeOcD0funJqTl%2BnHTnWxZNeHZQ%3D%3D
    Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGPvaufFPKgq1b7uhPa6FDJQ8VTCe47KNYCxytm2cYu9wX%2F7pLbsAbhW5Axpd2daJW0TX2ZiMg7LVu07lTgr%2Fdxunjq6n3pM2cUn9%2BrClCw3i86cyFRKPT%2BMmJLvcxM4xjh3fbjXyDqkt80MkX4elctd1x%2FAHng5HlO6YOUwLL%2FU6pbbFXDT85v9ng6be7YwKsq%2FP7LNPPbagayh1X5AaKSk3vIisKeuQJIBPIZOej7rAd20CUoMFdqgEDPideolXG6EjhWzxp6xAK0%2FXGidiXuwtIofR%2FCAwnEebMYMd4Yy5rinHPSnvxkuZeBpkKLNWKA%3D%3D"
    Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGKH21vWB3RDE3avAY%2FfkMqNeCTe57YkXkXO2HKGZgtCvkB7161i%2Fy8DSF0rZS8c5amEE4W3ui3k6xowgbPE3XG2uC%2FyEGvvw%2BGSL454ah6b8D9m1O4iIFT6AXA61N8jGBimp0dV%2FstNUD%2BpOPQEKGWTnikpnLUIfJKEgQhZql5432%2BMIEoNPb%2Fek0bTb5oKBUhMVdL%2BhFKUhygZIujdxSjG%2FC77N42ijcvDRtL7h%2BzXpIGlIxaYAW18H6AboB%2ByWAAiahy9Ix%2BBv1%2F1CIyNznhltO8UkA8llJsHpfCOwo%2BqAercyBKU3zXZnKO3mQMQ2jQ%3D%3D&p={searchTerms}
    Edge DefaultSearchKeyword: Default -> search.yahoo.com
    Edge DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    FF Homepage: Mozilla\Firefox\Profiles\zwzu54hn.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMWsuh6PGd%2FIWH6WZaXfi729V7NAg7bHjBNAFonEArrV7wtaNg75WEKAaNPJ5me5EIhoMBoQ05876vw26KxSCwGgAGYKmQHXQuWLmsE2iLQycIaqdUpHRkWHpokYL092HyyzGn7wQu3NQBdlJkGghTXLmYzPKI6ODTScLDFUQsl00Pm0LYdcNn%2BDbYQgmYrNOr15za7JrSYKdOH6%2Bf7OLq%2F0G5I45OT%2BwuneOlG%2BF5R2QLtThggJ%2BcXJla5QPc4pjd9BYYOe6kmYUshg9pq3RwSIA0EVQ2evcO47wmdvZjB9ndRotYxTbzPZzJFpCYsY1w%3D%3D
    FF NewTab: Mozilla\Firefox\Profiles\zwzu54hn.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88ppvspf4lzacegikmv9001120&param1=y6bdVFVIsvuYsgEClQfz8CNS8DHrdkSsZKtF6jAG5BEbQLjbC8JBEnxHmOwQP7ltsOSuKyW0oJjxlAAclPYUGMWsuh6PGd%2FIWH6WZaXfi729V7NAg7bHjBNAFonEArrV7wtaNg75WEKAaNPJ5me5EIhoMBoQ05876vw26KxSCwGgAGYKmQHXQuWLmsE2iLQycIaqdUpHRkWHpokYL092HyyzGn7wQu3NQBdlJkGghTXLmYzPKI6ODTScLDFUQsl00Pm0LYdcNn%2BDbYQgmYrNOr15za7JrSYKdOH6%2Bf7OLq%2F0G5I45OT%2BwuneOlG%2BF5R2QLtThggJ%2BcXJla5QPc4pjd9BYYOe6kmYUshg9pq3RwSIA0EVQ2evcO47wmdvZjB9ndRotYxTbzPZzJFpCYsY1w%3D%3D
    FF SearchPlugin: C:\Users\baltar\AppData\Roaming\Mozilla\Firefox\Profiles\zwzu54hn.default\searchplugins\Yahoo powered search.xml [2020-03-20]
    "SAntivirusIC" => service was unlocked. <==== ATTENTION
    R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [7056880 2020-03-06] (Digital Communications Inc -> Digital Com. Inc) <==== ATTENTION
    R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [164848 2020-03-12] (Digital Communications Inc -> Digital Com. Incorporated) <==== ATTENTION
    R1 SANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusKD.sys [90096 2020-03-12] (Digital Communications Inc. -> Digital Comm. Inc) <==== ATTENTION
    C:\ProgramData\SAntivirus
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
    Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    EmptyTemp:
    End::
    
    • Please right-click on FRST/FRST64 icon to run as administrator. When the tool opens, click Yes to the disclaimer.
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
    • Please post the log in your next reply.

    5. Please do the following to provide fresh FRST logs:

    • Double-click FRST to run it again, as you did before. When the tool opens click Yes to disclaimer.
    • Wait a bit, until the tool gets any updates, if any.
    • Press Scan button and wait the tool to finish.
    • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
    • Please copy and paste the content of these two logs in your next reply.

    In your next reply, please make sure to:
    • Reply to my question about the notifications.
    • Copy and paste the content of the fixlog.txt
    • Copy and paste the content of the new FRST.txt and Addition.txt.
     
    Last edited: Mar 23, 2020
  13. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    Ran the program but no fixlog.txt.
     
  14. DR.M

    DR.M Malware Trainee

    Joined:
    Sep 4, 2019
    Messages:
    97
    Hi, londo.

    If you ran the fix having FRST in your Downloads folder, then the fixlog is also in your Downloads folder. If you moved FRST on your Desktop, then the fixlog is also on your Desktop. Perhaps you see it just as fixlog, without .txt.
     
  15. londo

    londo Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    58
    I keep running the program and this is I all keep getting. I did run Malwalbytes and it got rid ot the malware. Thanks for your work.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Short URL to this thread: https://techguy.org/1241856

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice