1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Virues found after scan

Discussion in 'Virus & Other Malware Removal' started by dogluver, Mar 30, 2019.

Advertisement
  1. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Don't know what to do about this. I was using chrome which I though was better than Firefox and started having all these problems with it crashing. So, somehow a scan was done and they found the following in this screenshot. What should I do? Thanks for any help!

    upload_2019-3-30_19-53-21.png
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything during the cleanup, please ask.
    --------------------

    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen alert, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Attach it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this, along with FRST.txt, to your reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Thank you so much for your response. Unfortunately, I used Norton to do a scan before I received your response. Sorry about that. I was just trying to check to see if anything else was found. I will check to see if you respond again before I do what you said. I don't have time now, so will wait to see if I hear from you again. I hope I didn't do anything that could have really caused damage to my laptop. It's working fine now, but like you said there still could be a virus.

    Thanks again for all your help. It is greatly appreciated.
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    No problem. Let me know if you would like me to take a look at the FRST reports.
     
  5. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Sorry I haven't been in touch. I still haven't did what you said. Have been extremely busy. I plan on trying what you said this weekend. Thanks or you help!
     
  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Sounds good, thanks for letting me know. (y)
     
  7. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Hello and thanks for being patient with me.
    I don't know if I did this download and scan correctly. I'm not computer savy. It's very, very long. Both scans are included. Please let me know if I need to do this again. I have to do 2 separate posts because its too large. The addition.text is next.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
    Ran by Mindy (administrator) on MINDYSTOY (13-04-2019 18:50:28)
    Running from C:\Users\Mindy\Documents\Scanned Documents\Downloads
    Loaded Profiles: Mindy (Available Profiles: Mindy & cavol_000)
    Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\nsWscSvc.exe
    (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\NortonSecurity.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
    (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\rpbgconverter.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
    (Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Mindy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mfpmp.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation -> Sony Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353056 2019-03-31] (RealNetworks, Inc. -> RealNetworks, Inc.)
    HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\RealDownloader\downloader2.exe [1262368 2018-06-01] (RealNetworks, Inc. -> )
    HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [Google Update] => C:\Users\Mindy\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [GoogleChromeAutoLaunch_0D604C637792F066D475DF5FD8B30FE9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-03] (Google LLC -> Google Inc.)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9001904 2019-03-18] (Support.com, Inc. -> SUPERAntiSpyware)
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\MountPoints2: {5abeb953-7326-11e4-bf88-5435304d8744} - "E:\LaunchU3.exe" -a
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.scr [322248 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-02-28] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
    HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-02-28] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2019-03-31]
    ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
    Startup: C:\Users\Mindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-06-15]
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\Mindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-08]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{49a7a5d4-7c60-4e5e-a956-e38d7de607c9}: [NameServer] 208.67.222.222,208.67.220.220
    Tcpip\..\Interfaces\{49a7a5d4-7c60-4e5e-a956-e38d7de607c9}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{5ef87d6a-2ca2-4780-8428-cfe02504a1b6}: [DhcpNameServer] 10.15.0.1
    Tcpip\..\Interfaces\{737d8534-0bea-40bc-ac83-7dd5929ba90d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.7.0.11
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
    SearchScopes: HKU\S-1-5-21-2661530008-4235329372-996412623-1001 -> {304963BB-AECD-446A-9B86-22ABFE83AC74} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2661530008-4235329372-996412623-1001 -> {60F32C65-7B04-4E08-8C88-D057CD2D3231} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
    SearchScopes: HKU\S-1-5-21-2661530008-4235329372-996412623-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=&geo=US&ver=22.17.0.183&locale=en_US&guid=C661381D-5E82-40FC-B548-85BB51D21A08&doi=2018-01-22&gct=kwd&qsrc=2869
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2018-06-01] (RealNetworks, Inc. -> RealDownloader)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2018-06-01] (RealNetworks, Inc. -> RealDownloader)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-31] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-01-24] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-31] (Oracle America, Inc. -> Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKU\S-1-5-21-2661530008-4235329372-996412623-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2661530008-4235329372-996412623-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation -> Microsoft Corporation)
    Edge:
    ======
    Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-31]
    FireFox:
    ========
    FF ProfilePath: C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 [2019-04-13]
    FF Homepage: Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 -> hxxps://www.msn.com/?pc=U506&ocid=U506DHP
    FF HomepageOverride: Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 -> Enabled: {9b43dad5-885b-4f0d-882f-e945b7e4b96f}
    FF HomepageOverride: Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 -> Disabled: [email protected]
    FF NewTabOverride: Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 -> Disabled: [email protected]
    FF NewTabOverride: Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 -> Disabled: [email protected]
    FF NewTabOverride: Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 -> Disabled: [email protected]
    FF NewTabOverride: Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054 -> Enabled: {9b43dad5-885b-4f0d-882f-e945b7e4b96f}
    FF Extension: (Facebook Container) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\@contain-facebook.xpi [2019-03-25]
    FF Extension: (Norton Password Manager) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\[email protected] [2019-04-10]
    FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\[email protected] [2017-08-29]
    FF Extension: (Privacy Badger) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\[email protected] [2019-02-19] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
    FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\[email protected] [2017-11-18]
    FF Extension: (Norton Safe Search) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\[email protected] [2019-04-10] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds/updates.json]
    FF Extension: (Norton Safe Search) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\[email protected] [2019-04-10] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
    FF Extension: (Norton Safe Web) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\[email protected] [2019-03-25]
    FF Extension: (Ebates Rakuten: Get Cash Back For Shopping) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2019-02-28]
    FF Extension: (MSN Homepage and Bing Search Engine) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\{9b43dad5-885b-4f0d-882f-e945b7e4b96f}.xpi [2019-01-14]
    FF Extension: (Wikibuy) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2019-01-21]
    FF Extension: (All Fall by MaDonna) - C:\Users\Mindy\AppData\Roaming\Mozilla\Firefox\Profiles\1ckdnmub.default-1483152736054\Extensions\{bcf82491-347b-4ed2-bb41-4c06f37aeb25}.xpi [2019-03-21]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-31] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-31] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-26] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=18.1.12.206 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2019-03-31] (RealNetworks, Inc. -> RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=18.1.12.206 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2019-03-31] (RealNetworks, Inc. -> RealPlayer)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2661530008-4235329372-996412623-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mindy\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-2661530008-4235329372-996412623-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mindy\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-2661530008-4235329372-996412623-1001: hopster.com/CouponPrinterPlugin -> C:\Users\Mindy\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) [File not signed]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2016-06-09]
    FF Plugin ProgramFiles/Appdata: C:\Users\Mindy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-02-24]
    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
    CHR DefaultSearchKeyword: Default -> Yahoo
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
    CHR Profile: C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default [2019-04-13]
    CHR Extension: (Norton Password Manager) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-03-30]
    CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2019-04-10]
    CHR Extension: (Google Drive) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-01]
    CHR Extension: (Shoptagr - Your Personal Shopping Assistant) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emalgedpdlghbkikiaeocoblajamonoh [2019-03-29]
    CHR Extension: (Norton Safe Search) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2019-03-30]
    CHR Extension: (Norton Safe Web) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-03-22]
    CHR Extension: (Norton Safe) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-07-28]
    CHR Extension: (Norton Identity Safe) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-04-22]
    CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jimdfkeocobeeldobhpakapbhdeample [2017-12-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
    CHR Extension: (Chrome Media Router) - C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-23]
    CHR Profile: C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-03-31]
    CHR Profile: C:\Users\Mindy\AppData\Local\Google\Chrome\User Data\System Profile [2019-03-31]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2661530008-4235329372-996412623-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mindy\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-04-22]
    CHR HKU\S-1-5-21-2661530008-4235329372-996412623-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
    S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation -> Microsoft Corporation)
    S3 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons, Inc. -> Coupons.com Inc.)
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Techporch Incorporated -> Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Techporch Incorporated -> Dell Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382448 2017-02-24] (Intel(R) pGFX -> Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 NortonSecurity; C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\NortonSecurity.exe [225600 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    R2 nsWscSvc; C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\nsWscSvc.exe [934216 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [38016 2018-06-01] (RealNetworks, Inc. -> RealNetworks, Inc.)
    R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [990840 2019-03-31] (RealNetworks, Inc. -> RealNetworks, Inc.)
    S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] (CyberLink -> )
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc. -> Dell Inc.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265640 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-07] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-07] (Microsoft Corporation -> Microsoft Corporation)
    S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
    S3 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Qualcomm Atheros -> Atheros) [File not signed]
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20190409.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
    R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\ccSetx64.sys [192712 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Techporch Incorporated -> Dell Computer Corporation)
    R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
    R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-04] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-05] (Symantec Corporation -> Symantec Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-03-30] (Malwarebytes Corporation -> Malwarebytes)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20190412.061\IDSvia64.sys [1424392 2019-02-20] (Symantec Corporation -> Symantec Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-30] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-13] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-13] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-13] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-13] (Malwarebytes Corporation -> Malwarebytes)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek Semiconductor Corp -> Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-03-05] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [53880 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
    R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSP64.SYS [859864 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSPX64.SYS [49888 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SYMEFASI64.SYS [1998344 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SymELAM.sys [25744 2019-03-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-28] (Symantec Corporation -> Symantec Corporation)
    S4 SymEvnt; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\SymPlatform\SymEvnt.sys [700640 2019-02-19] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\Ironx64.SYS [315912 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\symnets.sys [573448 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-07] (Microsoft Windows -> Microsoft Corporation)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\wpCtrlDrv.sys [1012120 2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-04-13 18:07 - 2019-04-13 18:07 - 000000000 ____D C:\N360_BACKUP
    2019-04-13 11:42 - 2019-04-13 11:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2019-04-13 10:05 - 2019-04-13 10:05 - 000000000 ___HD C:\OneDriveTemp
    2019-04-13 09:55 - 2019-04-13 17:54 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-04-13 09:54 - 2019-04-13 17:53 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-04-13 09:54 - 2019-04-13 09:54 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-04-13 09:54 - 2019-04-13 09:54 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-04-09 20:45 - 2019-04-02 04:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-04-09 20:45 - 2019-04-02 04:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-04-09 20:45 - 2019-04-02 03:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-04-09 20:45 - 2019-04-02 01:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-04-09 20:44 - 2019-04-02 08:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-04-09 20:44 - 2019-04-02 08:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-04-09 20:44 - 2019-04-02 05:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-04-09 20:44 - 2019-04-02 05:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-04-09 20:44 - 2019-04-02 04:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-04-09 20:44 - 2019-04-02 04:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-04-09 20:44 - 2019-04-02 04:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-04-09 20:44 - 2019-04-02 04:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-04-09 20:44 - 2019-04-02 04:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-04-09 20:44 - 2019-04-02 03:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-04-09 20:44 - 2019-04-02 03:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-04-09 20:44 - 2019-04-02 03:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-04-09 20:44 - 2019-04-02 00:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-04-09 20:44 - 2019-04-02 00:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-04-09 20:44 - 2019-04-02 00:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-04-09 20:44 - 2019-03-14 04:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-04-09 20:44 - 2019-03-14 04:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-04-09 20:44 - 2019-03-14 04:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-04-09 20:44 - 2019-03-14 04:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-04-09 20:44 - 2019-03-14 04:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-04-09 20:44 - 2019-03-14 04:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-04-09 20:44 - 2019-03-14 03:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-04-09 20:44 - 2019-03-14 03:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2019-04-09 20:44 - 2019-03-14 03:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-04-09 20:44 - 2019-03-14 03:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2019-04-09 20:44 - 2019-03-14 03:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
    2019-04-09 20:44 - 2019-03-14 03:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2019-04-09 20:43 - 2019-04-02 08:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-04-09 20:43 - 2019-04-02 08:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-04-09 20:43 - 2019-04-02 08:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2019-04-09 20:43 - 2019-04-02 08:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-04-09 20:43 - 2019-04-02 08:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-04-09 20:43 - 2019-04-02 08:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2019-04-09 20:43 - 2019-04-02 08:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-04-09 20:43 - 2019-04-02 05:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-04-09 20:43 - 2019-04-02 05:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-04-09 20:43 - 2019-04-02 05:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-04-09 20:43 - 2019-04-02 04:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-04-09 20:43 - 2019-04-02 04:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-04-09 20:43 - 2019-04-02 04:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-04-09 20:43 - 2019-04-02 04:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-04-09 20:43 - 2019-04-02 03:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-04-09 20:43 - 2019-04-02 03:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-04-09 20:43 - 2019-04-02 03:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-04-09 20:43 - 2019-04-02 03:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-04-09 20:43 - 2019-04-02 03:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-04-09 20:43 - 2019-04-02 01:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-04-09 20:43 - 2019-04-02 01:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2019-04-09 20:43 - 2019-04-02 00:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-04-09 20:43 - 2019-04-02 00:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-04-09 20:43 - 2019-03-14 10:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2019-04-09 20:43 - 2019-03-14 10:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2019-04-09 20:43 - 2019-03-14 10:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
    2019-04-09 20:43 - 2019-03-14 10:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2019-04-09 20:43 - 2019-03-14 09:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2019-04-09 20:43 - 2019-03-14 04:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2019-04-09 20:43 - 2019-03-14 04:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2019-04-09 20:43 - 2019-03-14 04:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-04-09 20:43 - 2019-03-14 04:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-04-09 20:43 - 2019-03-14 04:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-04-09 20:43 - 2019-03-14 04:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-04-09 20:43 - 2019-03-14 04:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2019-04-09 20:43 - 2019-03-14 04:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-04-09 20:43 - 2019-03-14 04:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2019-04-09 20:43 - 2019-03-14 04:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2019-04-09 20:43 - 2019-03-14 04:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-04-09 20:43 - 2019-03-14 04:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-04-09 20:43 - 2019-03-14 04:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-04-09 20:43 - 2019-03-14 04:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2019-04-09 20:43 - 2019-03-14 04:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2019-04-09 20:43 - 2019-03-14 04:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2019-04-09 20:43 - 2019-03-14 04:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-04-09 20:43 - 2019-03-14 03:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-04-09 20:43 - 2019-03-14 03:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2019-04-09 20:43 - 2019-03-14 03:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-04-09 20:43 - 2019-03-14 03:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-04-09 20:43 - 2019-03-14 03:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-04-09 20:43 - 2019-03-14 03:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
    2019-04-09 20:43 - 2019-03-14 03:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-04-09 20:43 - 2019-03-14 03:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2019-04-09 20:43 - 2019-03-14 03:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2019-04-09 20:43 - 2019-03-14 03:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2019-04-09 20:43 - 2019-03-14 03:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2019-04-09 20:43 - 2019-03-14 03:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2019-04-09 20:43 - 2019-03-14 03:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-04-09 20:43 - 2019-03-14 03:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-04-09 20:43 - 2019-03-13 21:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-04-09 20:42 - 2019-04-02 08:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2019-04-09 20:42 - 2019-04-02 05:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-04-09 20:42 - 2019-04-02 05:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2019-04-09 20:42 - 2019-04-02 04:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-04-09 20:42 - 2019-04-02 04:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-04-09 20:42 - 2019-04-02 03:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2019-04-09 20:42 - 2019-04-02 03:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2019-04-09 20:42 - 2019-04-02 03:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-04-09 20:42 - 2019-04-02 01:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2019-04-09 20:42 - 2019-04-02 00:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2019-04-09 20:42 - 2019-03-14 10:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
    2019-04-09 20:42 - 2019-03-14 09:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
    2019-04-09 20:42 - 2019-03-14 04:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2019-04-09 20:42 - 2019-03-14 04:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-04-09 20:42 - 2019-03-14 04:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-04-09 20:42 - 2019-03-14 04:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-04-09 20:42 - 2019-03-14 04:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2019-04-09 20:42 - 2019-03-14 04:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2019-04-09 20:42 - 2019-03-14 04:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2019-04-09 20:42 - 2019-03-14 03:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2019-04-09 20:42 - 2019-03-14 03:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2019-04-09 20:42 - 2019-03-14 03:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2019-04-09 20:42 - 2019-03-14 03:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
    2019-04-09 20:42 - 2019-03-14 03:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2019-04-09 20:41 - 2019-04-02 08:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2019-04-09 20:41 - 2019-04-02 08:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-04-09 20:41 - 2019-04-02 08:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
    2019-04-09 20:41 - 2019-04-02 08:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
    2019-04-09 20:41 - 2019-04-02 05:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-04-09 20:41 - 2019-04-02 04:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-04-09 20:41 - 2019-04-02 04:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-04-09 20:41 - 2019-04-02 04:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-04-09 20:41 - 2019-04-02 04:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-04-09 20:41 - 2019-04-02 03:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2019-04-09 20:41 - 2019-04-02 03:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2019-04-09 20:41 - 2019-04-02 03:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2019-04-09 20:41 - 2019-04-02 01:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-04-09 20:41 - 2019-04-02 00:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2019-04-09 20:41 - 2019-04-02 00:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
    2019-04-09 20:41 - 2019-03-16 08:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-04-09 20:41 - 2019-03-14 10:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2019-04-09 20:41 - 2019-03-14 10:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
    2019-04-09 20:41 - 2019-03-14 10:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
    2019-04-09 20:41 - 2019-03-14 10:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
    2019-04-09 20:41 - 2019-03-14 09:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
    2019-04-09 20:41 - 2019-03-14 04:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
    2019-04-09 20:41 - 2019-03-14 04:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2019-04-09 20:41 - 2019-03-14 04:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
    2019-04-09 20:41 - 2019-03-14 04:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2019-04-09 20:41 - 2019-03-14 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2019-04-09 20:41 - 2019-03-14 04:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2019-04-09 20:41 - 2019-03-14 04:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2019-04-09 20:41 - 2019-03-14 04:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
    2019-04-09 20:41 - 2019-03-14 04:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-04-09 20:41 - 2019-03-14 04:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2019-04-09 20:41 - 2019-03-14 04:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
    2019-04-09 20:41 - 2019-03-14 04:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2019-04-09 20:41 - 2019-03-14 04:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2019-04-09 20:41 - 2019-03-14 04:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
    2019-04-09 20:41 - 2019-03-14 04:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2019-04-09 20:41 - 2019-03-14 04:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2019-04-09 20:41 - 2019-03-14 03:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
    2019-04-09 20:41 - 2019-03-14 03:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2019-04-09 20:41 - 2019-03-14 03:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2019-04-09 20:41 - 2019-03-14 03:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2019-04-09 20:41 - 2019-03-14 03:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
    2019-04-09 20:41 - 2019-03-14 03:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
    2019-04-09 20:41 - 2019-03-14 03:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2019-04-09 20:41 - 2019-03-14 03:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-04-09 20:41 - 2019-03-14 03:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2019-04-09 20:41 - 2019-03-14 03:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2019-04-09 20:41 - 2019-03-14 03:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
    2019-04-09 20:41 - 2019-03-14 03:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2019-04-09 20:41 - 2019-03-14 03:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
    2019-04-09 20:41 - 2019-03-14 03:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
    2019-04-09 20:41 - 2019-03-14 03:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2019-04-09 20:41 - 2019-03-14 03:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2019-04-09 20:41 - 2019-03-14 03:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2019-04-09 20:41 - 2019-03-13 21:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-04-09 20:41 - 2019-03-13 21:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2019-04-09 20:40 - 2019-04-02 08:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-04-09 20:40 - 2019-04-02 08:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
    2019-04-09 20:40 - 2019-04-02 05:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
    2019-04-09 20:40 - 2019-04-02 03:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-04-09 20:40 - 2019-04-02 03:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-04-09 20:40 - 2019-04-02 03:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2019-04-09 20:40 - 2019-04-02 02:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
    2019-04-09 20:40 - 2019-04-02 00:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-04-09 20:40 - 2019-04-02 00:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2019-04-09 20:40 - 2019-04-02 00:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2019-04-09 20:40 - 2019-03-16 05:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-04-09 20:40 - 2019-03-14 10:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
    2019-04-09 20:40 - 2019-03-14 10:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-04-09 20:40 - 2019-03-14 10:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
    2019-04-09 20:40 - 2019-03-14 10:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
    2019-04-09 20:40 - 2019-03-14 09:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
    2019-04-09 20:40 - 2019-03-14 09:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
    2019-04-09 20:40 - 2019-03-14 09:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
    2019-04-09 20:40 - 2019-03-14 04:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
    2019-04-09 20:40 - 2019-03-14 04:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2019-04-09 20:40 - 2019-03-14 04:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
    2019-04-09 20:40 - 2019-03-14 04:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
    2019-04-09 20:40 - 2019-03-14 04:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-04-09 20:40 - 2019-03-14 03:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2019-04-09 20:40 - 2019-03-14 03:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2019-04-09 20:40 - 2019-03-14 03:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-04-09 20:40 - 2019-03-14 03:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
    2019-04-09 20:40 - 2019-03-14 03:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
    2019-04-09 20:40 - 2019-03-14 03:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
    2019-04-09 20:40 - 2019-03-14 03:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
    2019-04-09 20:40 - 2019-03-14 03:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2019-04-09 20:40 - 2019-03-14 03:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-04-09 20:40 - 2019-03-13 21:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
    2019-04-09 20:40 - 2019-03-13 21:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
    2019-04-05 20:36 - 2019-04-13 18:50 - 000000000 ____D C:\FRST
    2019-03-31 09:59 - 2019-03-31 09:59 - 000000000 ____D C:\Users\Mindy\Evernote
    2019-03-31 09:47 - 2019-03-31 09:52 - 000000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b54d9e8a-26af-40ac-950c-03352ebc456a.job
    2019-03-31 09:47 - 2019-03-31 09:52 - 000000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 66bee407-e4ae-42a7-8b35-d05889637d34.job
    2019-03-31 09:47 - 2019-03-31 09:47 - 000003762 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 66bee407-e4ae-42a7-8b35-d05889637d34
    2019-03-31 09:47 - 2019-03-31 09:47 - 000003680 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task b54d9e8a-26af-40ac-950c-03352ebc456a
    2019-03-31 09:46 - 2019-03-31 09:46 - 000001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2019-03-31 09:46 - 2019-03-31 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2019-03-31 09:44 - 2019-03-31 09:44 - 000003592 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2661530008-4235329372-996412623-1001
    2019-03-31 09:44 - 2019-03-31 09:44 - 000003530 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2661530008-4235329372-996412623-1001
    2019-03-31 09:44 - 2019-03-31 09:44 - 000001279 _____ C:\Users\Public\Desktop\RealPlayer.lnk
    2019-03-31 09:44 - 2019-03-31 09:44 - 000000000 ____D C:\Users\Mindy\AppData\Roaming\RealNetworks
    2019-03-31 09:44 - 2019-03-31 09:44 - 000000000 ____D C:\ProgramData\RealNetworks
    2019-03-31 09:36 - 2019-03-31 09:36 - 000002523 _____ C:\Users\Public\Desktop\Evernote.lnk
    2019-03-31 09:36 - 2019-03-31 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    2019-03-31 09:34 - 2019-03-31 09:34 - 000000000 ____D C:\Program Files (x86)\Evernote
    2019-03-30 21:15 - 2019-03-30 21:15 - 000319024 _____ C:\active_protection.txt
    2019-03-30 21:14 - 2019-03-30 21:14 - 000035928 _____ C:\url_setting_definitions.txt
    2019-03-30 20:36 - 2019-03-30 20:36 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-03-30 20:32 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-03-30 20:31 - 2019-03-30 20:35 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-03-30 20:31 - 2019-03-30 20:31 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-03-30 20:31 - 2019-03-30 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-03-29 17:21 - 2019-03-29 17:21 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
    2019-03-29 17:21 - 2019-03-29 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2019-03-29 17:21 - 2019-03-29 17:21 - 000000000 ____D C:\Program Files\iPod
    2019-03-29 17:20 - 2019-03-29 17:21 - 000000000 ____D C:\Program Files\iTunes
    2019-03-29 17:10 - 2019-03-29 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2019-03-29 16:46 - 2019-04-13 17:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security Suite
    2019-03-29 16:34 - 2019-03-29 16:34 - 000003402 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2019-03-29 16:34 - 2019-03-29 16:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
    2019-03-20 19:22 - 2019-04-09 19:31 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    ==================== One month (modified) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-04-13 18:03 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-04-13 18:01 - 2014-10-21 20:35 - 000000000 ___RD C:\Users\Mindy\OneDrive
    2019-04-13 18:00 - 2018-06-28 00:42 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-04-13 18:00 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
    2019-04-13 17:54 - 2014-10-21 20:31 - 000000000 __SHD C:\Users\Mindy\IntelGraphicsProfiles
    2019-04-13 17:53 - 2018-06-28 00:23 - 000000000 ____D C:\Users\Mindy
    2019-04-13 17:53 - 2017-06-17 12:17 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2019-04-13 17:52 - 2018-06-28 00:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-04-13 17:52 - 2018-06-28 00:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-04-13 13:03 - 2016-11-20 10:52 - 000000000 ____D C:\Users\Mindy\AppData\LocalLow\Mozilla
    2019-04-12 23:43 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-04-12 23:36 - 2014-03-22 21:16 - 000000000 ____D C:\Users\Mindy\AppData\Local\CrashDumps
    2019-04-12 20:37 - 2018-06-28 00:37 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2661530008-4235329372-996412623-1001
    2019-04-12 20:37 - 2018-06-28 00:23 - 000002406 _____ C:\Users\Mindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-04-12 20:16 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-04-12 20:14 - 2014-06-30 17:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-04-11 20:03 - 2014-06-30 17:41 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2019-04-11 20:03 - 2014-06-30 17:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2019-04-11 19:30 - 2018-07-03 15:59 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-04-11 19:30 - 2014-02-15 19:29 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-04-11 19:23 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-04-10 20:58 - 2014-04-20 13:01 - 000000000 ____D C:\Users\Mindy\AppData\Local\ElevatedDiagnostics
    2019-04-10 15:53 - 2018-06-28 00:17 - 000291912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-04-09 21:24 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-04-09 21:23 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2019-04-09 21:23 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-04-09 21:20 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-04-09 20:37 - 2014-02-15 19:45 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-04-09 20:20 - 2014-02-15 19:45 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-04-09 20:12 - 2015-11-17 20:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-04-09 19:51 - 2018-06-28 00:37 - 000004576 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-04-09 19:51 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-04-09 19:51 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-04-09 19:33 - 2016-07-30 16:56 - 000000000 ____D C:\Program Files\CCleaner
    2019-04-09 19:27 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-04-07 19:52 - 2018-05-09 21:06 - 000000000 ____D C:\Users\Mindy\Documents\My Kindle Content
    2019-04-04 19:09 - 2018-11-15 20:08 - 000000000 ____D C:\Program Files\rempl
    2019-04-01 19:31 - 2018-06-28 00:23 - 000000000 ____D C:\Users\cavol_000
    2019-04-01 13:51 - 2018-11-14 20:05 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-04-01 13:51 - 2018-11-14 20:05 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-03-31 15:31 - 2017-12-07 00:33 - 000000000 ____D C:\Users\Mindy\AppData\Local\Packages
    2019-03-31 10:01 - 2018-02-27 19:52 - 000000000 ____D C:\Users\Mindy\AppData\Local\PlaceholderTileLogoFolder
    2019-03-31 09:52 - 2014-04-21 16:09 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2019-03-31 09:44 - 2014-02-15 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    2019-03-31 09:44 - 2014-02-15 19:23 - 000000000 ____D C:\Program Files (x86)\Real
    2019-03-31 09:44 - 2014-02-15 19:21 - 000000000 ____D C:\ProgramData\Real
    2019-03-31 09:43 - 2015-12-15 20:49 - 000000000 ____D C:\ProgramData\Package Cache
    2019-03-31 09:42 - 2014-04-06 11:01 - 000207648 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
    2019-03-31 09:41 - 2015-12-15 20:47 - 000285472 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
    2019-03-31 09:39 - 2015-12-15 20:47 - 000512288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
    2019-03-31 09:39 - 2015-12-15 20:47 - 000360736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
    2019-03-30 21:52 - 2014-04-21 14:44 - 000000000 ____D C:\Users\Mindy\Documents\Custom Office Templates
    2019-03-30 20:32 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-03-30 20:32 - 2014-06-30 16:59 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-03-29 19:16 - 2018-06-24 15:04 - 000000000 ___RD C:\Users\Mindy\iCloudDrive
    2019-03-29 17:26 - 2015-07-19 10:20 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-03-29 16:34 - 2018-02-23 17:54 - 000002551 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2019-03-29 16:34 - 2018-02-22 20:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2019-03-28 19:46 - 2018-06-28 00:37 - 000003676 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661530008-4235329372-996412623-1001UA
    2019-03-28 19:46 - 2018-06-28 00:37 - 000003408 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661530008-4235329372-996412623-1001Core
    2019-03-28 19:31 - 2018-06-28 00:37 - 000003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1f4a877efab02
    2019-03-28 19:31 - 2018-06-28 00:37 - 000003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1f4a877904be1
    2019-03-28 16:53 - 2017-12-06 15:46 - 000100064 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
    2019-03-28 16:53 - 2017-12-06 15:46 - 000008585 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
    2019-03-20 19:22 - 2016-07-30 16:56 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2019-03-18 20:42 - 2015-08-13 22:43 - 000002335 _____ C:\Users\Mindy\Desktop\Kindle.lnk
    ==================== Files in the root of some directories =======
    2018-08-31 21:31 - 2018-08-31 21:31 - 000007602 _____ () C:\Users\Mindy\AppData\Local\Resmon.ResmonCfg
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    LastRegBack: 2018-06-28 00:17
    ==================== End of FRST.txt
     
  8. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    The following the other other scan:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
    Ran by Mindy (13-04-2019 18:55:01)
    Running from C:\Users\Mindy\Documents\Scanned Documents\Downloads
    Windows 10 Home Version 1803 17134.706 (X64) (2018-06-28 05:02:40)
    Boot Mode: Normal

    ==================== Accounts:
    Administrator (S-1-5-21-2661530008-4235329372-996412623-500 - Administrator - Disabled)
    cavol_000 (S-1-5-21-2661530008-4235329372-996412623-1004 - Limited - Enabled) => C:\Users\cavol_000
    DefaultAccount (S-1-5-21-2661530008-4235329372-996412623-503 - Limited - Disabled)
    Guest (S-1-5-21-2661530008-4235329372-996412623-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2661530008-4235329372-996412623-1006 - Limited - Enabled)
    Mindy (S-1-5-21-2661530008-4235329372-996412623-1001 - Administrator - Enabled) => C:\Users\Mindy
    WDAGUtilityAccount (S-1-5-21-2661530008-4235329372-996412623-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Norton Security Suite (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security Suite (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
    Amazon Kindle (HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Amazon Kindle) (Version: 1.25.1.52064 - Amazon)
    Amazon Photos (HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Amazon Photos) (Version: 5.6.0 - Amazon.com, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
    Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
    Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.2.0.07300 - Sony Corporation)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
    CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
    Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.8.0 - Dell Inc.) Hidden
    Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
    Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Evernote v. 6.17.6 (HKLM-x32\...\{A957B0DA-2045-11E9-B0CF-005056951CAD}) (Version: 6.17.6.8292 - Evernote Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
    iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
    Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.3.7038 - Mozilla)
    NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
    Norton Security Suite (HKLM-x32\...\NGC) (Version: 22.17.0.183 - Symantec Corporation)
    NWZ-S540 WALKMAN Guide (HKLM-x32\...\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}) (Version: 2.0.00.07010 - Sony Corporation)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
    OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
    [email protected] (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
    [email protected] (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)
    Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
    QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    RealDownloader (HKLM-x32\...\{7C13EBE5-625C-4142-BFD9-58FFEFF9B89D}) (Version: 18.1.12.206 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.12 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    RMNEveryday Coupon Printer (HKLM-x32\...\{08586830-7F6E-41F5-9A1C-51F7D2873631}) (Version: 3.1.0.0 - Valassis)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.4.0 - Splashtop Inc.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.8.4 - Splashtop Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1032 - SUPERAntiSpyware.com)
    TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
    UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
    vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
    vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-2661530008-4235329372-996412623-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
    CustomCLSID: HKU\S-1-5-21-2661530008-4235329372-996412623-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Mindy\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-2661530008-4235329372-996412623-1001_Classes\CLSID\{9B57F475-CCB0-4C85-88A9-2AA9A6C0809A} -> [Amazon Drive] => C:\Users\Mindy\Amazon Drive [2017-05-28 16:30]
    CustomCLSID: HKU\S-1-5-21-2661530008-4235329372-996412623-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mindy\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-08-19] (SoftThinks -> )
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-08-19] (SoftThinks -> )
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-10] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-10] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2019-03-31] (RealNetworks, Inc. -> RealNetworks, Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0507B77F-0E0C-4F38-8267-082C8C10B8F6} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.1.8\SymErr.exe
    Task: {1BFE76B2-7F9C-4D1C-946E-0A23A9ED0E0C} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
    Task: {26D6166E-F9A0-4315-A8FB-0CA35079987C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\WSCStub.exe (Symantec Corporation -> Symantec Corporation)
    Task: {3198E3F3-5023-4C96-83D0-C6AD3E944764} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {325379B9-FC3F-45D9-9F5B-C1B2F5116C33} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe (Adobe Inc. -> Adobe)
    Task: {33B9741D-CF4B-4D2E-8EB3-FBA698CDC9C1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661530008-4235329372-996412623-1001Core => C:\Users\Mindy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {363FB71C-D002-41FD-8323-26C02A5BD724} - System32\Tasks\SUPERAntiSpyware Scheduled Task 66bee407-e4ae-42a7-8b35-d05889637d34 => C:\Program Files\SUPERAntiSpyware\SASTask.exe (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
    Task: {3F5663FF-6211-48E9-8FBB-3E85ABB6F9B5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2661530008-4235329372-996412623-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
    Task: {40A32582-99CE-4EE9-A4E4-BFEF7E3D31AF} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.1.8\SymErr.exe
    Task: {443C13C9-48FD-4AEA-9AA2-F3001EDF6EBB} - System32\Tasks\SUPERAntiSpyware Scheduled Task b54d9e8a-26af-40ac-950c-03352ebc456a => C:\Program Files\SUPERAntiSpyware\SASTask.exe (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
    Task: {45678ACA-F573-472F-90B3-37D2EB5077A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {59C05206-E28A-480E-BDCF-C626F7FC78CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {649DAEAA-9AA2-4C9E-A378-55CEE19B48E3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {6F262550-FDE1-414A-867E-DADC60060CCD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
    Task: {81F63AEB-D212-4560-A6D9-004F8DDFFC35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2661530008-4235329372-996412623-1001UA => C:\Users\Mindy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {835C30E8-C2ED-4E16-938E-544F2560E052} - System32\Tasks\Norton Security Suite\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
    Task: {838CE030-971A-4401-BCC4-2CB98DBDA876} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
    Task: {8FB7A3F2-1961-42EC-9391-638994A36593} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2661530008-4235329372-996412623-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
    Task: {9E0898B6-CBF9-4CFF-B767-96F03D64468A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1f4a877904be1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {B11068D3-DFE5-45AB-943C-06E217C1C194} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
    Task: {B87003D5-8E12-4DD8-9918-0AB51D5B491A} - System32\Tasks\GoogleUpdateTaskMachineUA1d1f4a877efab02 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
    Task: {BC3DB200-48CD-495F-9265-4C6BE11AA0DB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
    Task: {C9017EAA-1192-49E4-87D6-8FC1FEF9D890} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.1.8\SymErr.exe
    Task: {EE36A8FF-6BF2-41B6-B62C-67FF8FC7EF29} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 66bee407-e4ae-42a7-8b35-d05889637d34.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b54d9e8a-26af-40ac-950c-03352ebc456a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ==================== Loaded Modules (Whitelisted) ==============
    2013-05-11 21:45 - 2013-05-11 21:45 - 000733696 _____ (Intel(R) Corporation) [File not signed] c:\Program Files\Intel\iCLS Client\HeciServer.exe
    2016-04-22 11:26 - 2016-04-22 11:26 - 000311296 _____ (The Apache Software Foundation) [File not signed] C:\Program Files (x86)\Dell\SupportAssistAgent\bin\log4net.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
    2019-03-30 20:31 - 2019-03-30 20:35 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
    2019-03-30 20:31 - 2019-03-30 20:35 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
    2018-04-29 18:50 - 2019-03-30 20:35 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
    2019-03-30 20:35 - 2019-03-30 20:35 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
    2013-08-31 01:18 - 2013-08-31 01:18 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
    2013-08-31 01:18 - 2013-08-31 01:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\Users\Mindy\Amazon Drive:com.amazon.drive.sync [178]
    AlternateDataStreams: C:\Users\Mindy\Amazon Drive:com.amazon.drive.sync.root [42]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE trusted site: HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\fixme.it -> hxxps://fixme.it
    IE trusted site: HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\techinline.net -> hxxps://*.techinline.net
    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2012-07-26 01:26 - 2016-11-30 20:03 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\OpenVPN\bin;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mindy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 208.67.222.222 - 208.67.220.220
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    If an entry is included in the fixlist, it will be removed.
    MSCONFIG\Services: AERTFilters => 2
    MSCONFIG\Services: AtherosSvc => 2
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: plsapp => 2
    MSCONFIG\Services: PlsvcV1 => 2
    MSCONFIG\Services: PlsvcV2 => 2
    MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
    MSCONFIG\Services: RealPlayer Cloud Service => 2
    MSCONFIG\Services: SftService => 2
    MSCONFIG\Services: Update EnhanceTronic => 2
    MSCONFIG\Services: Util EnhanceTronic => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^StartUp^RealTimes.lnk => C:\WINDOWS\pss\RealTimes.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Mindy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\WINDOWS\pss\Send to OneNote.lnk.Startup
    MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
    MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
    HKLM\...\StartupApproved\Run: => "SynTPEnh"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "RtHDVBg"
    HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "QuickSet"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "PureLeads Tray"
    HKLM\...\StartupApproved\Run32: => "TkBellExe"
    HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
    HKLM\...\StartupApproved\Run32: => "RealDownloader"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "ContentTransferWMDetector.exe"
    HKLM\...\StartupApproved\Run32: => "IAStorIcon"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\StartupFolder: => "PricePeepUpdater.lnk"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "ComcastAntispyClient"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "Yahoo! Search"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "swg"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "Amazon Drive"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "Google Photos Backup"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "iCloudDrive"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "iCloudPhotos"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "Speech Recognition"
    HKU\S-1-5-21-2661530008-4235329372-996412623-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0D604C637792F066D475DF5FD8B30FE9"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{41218B3C-174C-4C8D-95A7-52027AE5C835}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{ED5B9729-269E-42F4-B8E5-FB9454CC5F01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{1C409E0B-9DEA-445B-A2D9-A979620E9212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{D7ADFC41-1FDE-4CE2-A9B3-B1A66FA76696}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{2D20E7D2-72D4-45F1-A9A7-7200D59E5309}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7F2E3F1C-A1F7-4E82-BB06-047C82868788}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{EAA5477F-AF88-4096-9557-4A41EA7CD65E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{89DBA2F1-FD78-4C3B-B811-B5C5186AEC2C}] => (Allow) LPort=1900
    FirewallRules: [{F6904547-C470-4472-B02B-02F4859215AC}] => (Allow) LPort=2869
    FirewallRules: [{D5311C2F-C486-460E-9DDE-BF615C695737}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{97978961-1BA7-4A02-BF0F-4B506EA941CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{E57A736F-C32D-46B2-ADD0-0CA729A2EF1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{1196444F-A882-4E14-92E5-A7B5692DAC7F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{2B3C8262-8608-47A3-9E28-608A7B698CED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{443F3048-0681-4BC2-BDA9-0FF79273A437}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{AC2BA7D7-40A2-4C5E-A834-826EB040084D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [{9315ED93-7C6F-4957-892C-F5E30A9C0401}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [{464F585D-614D-4D9A-B410-16F95AD094F4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [{5961AE02-1655-4EA4-BBDF-63DA36F952EC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
    FirewallRules: [{F9103BCB-2F63-404A-90A1-83C9EE04A419}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{19867187-310D-477E-B519-B145318B0C6B}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
    FirewallRules: [{CB90521F-13C0-41F1-9D9E-4088C8403EFA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
    FirewallRules: [{2C8B5DF3-FC42-47F9-857E-D186136C9CC7}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Splashtop Inc. -> Splashtop Inc.)
    FirewallRules: [{A0015F84-3F33-4B99-8FB0-CD6A8E7B249B}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (Splashtop Inc. -> Splashtop Inc.)
    FirewallRules: [{9A603E20-F021-4509-BBAE-247E9DAF7612}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe (Splashtop Inc. -> Splashtop Inc.)
    ==================== Restore Points
    31-03-2019 09:33:12 Installed Evernote v. 6.17.6
    04-04-2019 19:07:15 Windows Update
    09-04-2019 20:18:54 Windows Update
    ==================== Faulty Device Manager Devices
    ==================== Event log errors:
    Application errors:

    Error: (04/13/2019 06:45:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MicrosoftEdgeCP.exe version 11.0.17134.677 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 2090
    Start Time: 01d4f248fe6eb27d
    Termination Time: 0
    Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Report Id: 3d01ba6e-06f1-4871-b713-4a868addb953
    Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: ContentProcess
    Error: (04/13/2019 05:55:40 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Windows\Installer\{7C13EBE5-625C-4142-BFD9-58FFEFF9B89D}\recordingmanager.exe".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (04/13/2019 05:53:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WsAppService.exe, version: 2.2.4.1, time stamp: 0x5784a857
    Faulting module name: KERNELBASE.dll, version: 6.2.17134.556, time stamp: 0xb9f4a0f1
    Exception code: 0xe053534f
    Fault offset: 0x000000000003a388
    Faulting process id: 0x%9
    Faulting application start time: 0xWsAppService.exe0
    Faulting application path: WsAppService.exe1
    Faulting module path: WsAppService.exe2
    Report Id: WsAppService.exe3
    Faulting package full name: WsAppService.exe4
    Faulting package-relative application ID: WsAppService.exe5
    Error: (04/13/2019 02:05:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MicrosoftEdgeCP.exe version 11.0.17134.677 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 235c
    Start Time: 01d4f21d61037400
    Termination Time: 0
    Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Report Id: 8da95a2b-b302-4d20-b05b-821b2190a6bb
    Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: ContentProcess
    Error: (04/13/2019 10:02:42 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Windows\Installer\{7C13EBE5-625C-4142-BFD9-58FFEFF9B89D}\recordingmanager.exe".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (04/13/2019 09:54:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname MindysToy.local already in use; will try MindysToy-2.local instead
    Error: (04/13/2019 09:54:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 MindysToy.local. Addr 10.0.0.84
    Error: (04/13/2019 09:54:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 10.0.0.84:5353 16 MindysToy.local. AAAA 2601:0085:8201:92E9:0000:0000:0000:EAEF
    System errors:

    Error: (04/13/2019 06:37:38 PM) (Source: DCOM) (EventID: 10016) (User: MINDYSTOY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user MindysToy\Mindy SID (S-1-5-21-2661530008-4235329372-996412623-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (04/13/2019 05:58:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (04/13/2019 05:54:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (04/13/2019 05:54:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (04/13/2019 05:53:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (04/13/2019 05:53:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Wondershare Application Framework Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (04/13/2019 05:52:43 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:14:16 PM on ‎4/‎13/‎2019 was unexpected.
    Error: (04/13/2019 09:58:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    CodeIntegrity:
    ===================================
    Date: 2019-04-12 21:27:12.467
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    Date: 2019-04-11 21:19:06.907
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    Date: 2019-04-10 21:19:03.770
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    Date: 2019-04-09 21:18:55.922
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    Date: 2019-04-08 21:11:02.976
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    Date: 2019-04-07 20:57:49.347
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    Date: 2019-04-06 20:26:02.575
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    Date: 2019-04-05 19:35:41.749
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
    ==================== Memory info
    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 77%
    Total physical RAM: 6024.96 MB
    Available physical RAM: 1358.51 MB
    Total Virtual: 9106.31 MB
    Available Virtual: 2081.19 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:684.61 GB) (Free:601.26 GB) NTFS
    \\?\Volume{6e88007f-91c5-4901-938a-31e9119737e9}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
    \\?\Volume{4f4f0644-3346-49bb-b7e5-fe4eeb4468e8}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
    \\?\Volume{479aadbc-02e3-4332-a9ba-0e255453765d}\ (PBR Image) (Fixed) (Total:12.4 GB) (Free:0.27 GB) NTFS
    \\?\Volume{a95e3f54-04ea-4381-bdc3-53636c9adf86}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
    ==================== MBR & Partition Table
    Disk: 0 (Size: 698.6 GB) (Disk ID: 95435390)
    Partition: GPT.
    ==================== End of Addition.txt
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    Yes, you ran FRST correctly. (y)

    ----------------------------------------

    Do you use the Firefox extension Awesome Screenshot - Capture, Annotate & More?

    Did you set your Firefox homepage to MSN and search engine Bing, and your Chrome search engine to Yahoo?

    Additionally, there are a number of "coupon printer" programs installed on your computer, which have a reputation of being Adware. Let me know if you would like to keep these or not.

    --------------------------

    Press the Windows Key + R. This will open the Run box.
    Type Appwiz.cpl and click OK.

    A list of installed programs will appear. Uninstall the below program in bold by selecting it and clicking Uninstall:

    CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION

    Follow the steps in the uninstaller to remove the program.


    Note: If you do not use these programs, please uninstall them as well:

    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
    QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
    RMNEveryday Coupon Printer (HKLM-x32\...\{08586830-7F6E-41F5-9A1C-51F7D2873631}) (Version: 3.1.0.0 - Valassis)
     
  10. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Sorry for the long delay.

    Yes I did use the awesome screenshot.

    Your question - Did you set your Firefox homepage to MSN and search engine Bing, and your Chrome search engine to Yahoo?
    Yes, I did set MSN to firefox, but I don't think I set any browser to bing, but have used it a few times. I didn't use yahoo as a search engine. I usually use google.

    I'd like to keep a few coupon sites, however, I usually use coupons.com. But, if I should remove them, let me know.

    Thanks so much!!
     
  11. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Today, I was using the edge browser and got the following message:

    YOUR COMPUTER HAS BEEN BLOCKED" scam. It kept making noise and wouldn't let me "x" out of it. No, I didn't call the scam phone number. I googled it and pcrisk.com mentioned to install Spyhunter. But, I will wait to hear from you. Not sure if it's safe.

    Thanks again for putting up with all my problems.
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    No need to remove the programs if you use them. Just wanted to double-check.

    Let me know if you receive any more "Computer blocked" scam pop-ups.

    ---------------------------------------------------------
    We need to run a fix with FRST:

    • Please download the attached fixlist.txt file and save it to the same location as FRST
      Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
     

    Attached Files:

  13. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Thanks so much for your help and quick response. I'm going to do what you said tomorrow. I can't tell you appreciative I am.

    I'll post my results as soon as I can.

    Thanks!!
     
  14. dogluver

    dogluver Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    205
    Hi, I clicked the download you attached. I clicked open in a file and just see a text document. There is no "fix" button. Can you be more specific in what I'm doing wrong? Like I said before, I'm not real computer literate. Thank you so much! Sorry for my ignorance!
     
  15. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    323
    Hi,

    When you download the file, save it to the same location as FRST64.exe:

    C:\Users\Mindy\Documents\Scanned Documents\Downloads

    Once the file has downloaded, double-click on FRST64.exe. When the tool opens, click Fix.
    Your computer will restart. FRST will generate a log (Fixlog.txt) in the same location the tool was run, please copy and paste its contents into your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1225181

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice