Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92398 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I opened a PDF, how can i tell if I am infected? [Solved]

pdf email

  • This topic is locked This topic is locked
27 replies to this topic

#1 joelk01

joelk01

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 28 October 2019 - 10:00 PM

I got an email from "Apple Payment".  The body of the email is

 

"We're received your payment for orders "Dawn of Isles" on October 28, 2019.

 

Download and open invoice below to manage, view or request a cancellation for your orders or you can save it for your records.

 

Thankyou for shopping with us."

 

The email had a PDF attachment which I opened.  I am attaching it to this message.

 

Norton says all clear, but I am still nervous.  Any help is appreciated.

Thank you


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 29 October 2019 - 03:38 PM

Hello joelk01 and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • click on Start Scan
  • when it has finished, click on Open Report
  • click on Export Txt and save the file on your Desktop as RKreport.txt
  • copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

Logs to include with next post:

AdwCleaner log
RKreport.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 29 October 2019 - 03:40 PM

Sorry, I missed Juliet's reply. Please ignore the previous instructions and follow Juliet's.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,394 posts
  • Interests:Boo!....
  • MVP

Posted 29 October 2019 - 03:41 PM

I deleted mine, you go ahead.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 29 October 2019 - 03:45 PM

Please follow the instructions in this post as Juliet is busy.

 

Thanks

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#6 joelk01

joelk01

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 29 October 2019 - 08:21 PM

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build:    10-21-2019
# Database: 2019-10-21.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-29-2019
# Duration: 00:00:00
# OS:       Windows 7 Home Premium
# Cleaned:  1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       Bing Search Engine
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner_Debug.log - [47185 octets] - [29/10/2019 21:56:56]
AdwCleaner[S00].txt - [4292 octets] - [29/10/2019 21:57:18]
AdwCleaner[C00].txt - [3675 octets] - [29/10/2019 21:58:54]
AdwCleaner[S01].txt - [1767 octets] - [29/10/2019 22:13:55]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


#7 joelk01

joelk01

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 29 October 2019 - 08:23 PM

I am running Win7 and RogueKiller doesnt install.  It just freezes upon installation.



#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 October 2019 - 06:21 AM

Try disabling your antivirus temporarily and then retry.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 joelk01

joelk01

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 30 October 2019 - 10:22 AM

I disabled Norton but the program still hangs on install. I get to the screen where I select English and then it goes non responsive.

#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 October 2019 - 02:41 PM

I doubt it's anything sinister causing that but we'll have a different look.

 

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Threat Scan option
  • slick the Scan Now button
  • Threat Scan will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard

Please paste the contents of the clipboard into your next reply to me.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Mbam.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 joelk01

joelk01

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 30 October 2019 - 04:19 PM

Malware doesnt finish.  It gets almost completely done but hangs.  When I cancel the program, it says the scan was complete.  Here is that log:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/30/19
Scan Time: 5:58 PM
Log File: 72bfa644-fb60-11e9-b050-842b2bb11e8e.json
 
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.13119
License: Expired
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hannah-PC\Hannah
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Cancelled
Objects Scanned: 247390
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 38 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2019 01
Ran by Hannah (administrator) on HANNAH-PC (Dell Inc. Inspiron 580) (30-10-2019 18:13:13)
Running from C:\Users\Hannah\Desktop
Loaded Profiles: Hannah (Available Profiles: Hannah & Hannah_2 & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ATI Technologies, Inc -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies, Inc -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc -> Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Cisco Video Technologies Israel Ltd. -> Cisco) C:\Users\Hannah\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(GlavSoft LLC. -> GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(NETGEAR -> ) C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Tenda\TeWlanCuRt\RtlService.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\NortonSecurity.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123488 2017-07-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [EPSON Artisan 810 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [Artisan 810(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hannah\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83523944 2019-08-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Run: [VideoGuardMonitor] => C:\Users\Hannah\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2353408 2018-07-22] (Cisco Video Technologies Israel Ltd. -> Cisco)
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\MountPoints2: {456bbdd8-f01b-11df-ba68-842b2bb11e8e} - O:\LaunchU3.exe -a
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\MountPoints2: {ca5b9f59-e6d4-11e3-bdf6-842b2bb11e8e} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\MountPoints2: {ca5b9f6e-e6d4-11e3-bdf6-842b2bb11e8e} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPSON Artisan 810 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE [223232 2009-02-23] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-10] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2018-02-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Hannah_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-11-14]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1BB97F48-933E-4CF3-9696-24C4F2705C65} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {254777BF-FA1F-44B9-A847-CA39DC049753} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {28CEE31D-5BFD-4C28-A086-7341DEA88177} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003Core => C:\Users\Hannah_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook, Inc. -> Facebook Inc.)
Task: {2B00D15B-D1B3-4095-9B0E-A87D53A6B0F8} - System32\Tasks\{EDBD423C-D46C-4129-B261-12A8B53B42B6} => C:\Program Files (x86)\CGN\Colonization for Windows\COLONIZE.EXE
Task: {2F16EBEA-64BA-4C0E-95A2-8321FCB8D759} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {33F2693B-03B2-44D6-BCFC-80C9EF929E7F} - System32\Tasks\{A730B27C-29CF-4451-987E-68C3B033A620} => C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe
Task: {342CD352-F4F3-47EF-A05E-439FE686E777} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {363E676D-B6A3-4A15-855F-9D912AAFF9DD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {373977E3-7CEA-4DD8-9533-A3B8D2724F5A} - System32\Tasks\{DBE0C417-767E-40C6-AFBB-1342FD1CA0DF} => C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe
Task: {3A0CB873-69A0-43A1-938A-7FCCEE1ACAA2} - System32\Tasks\{49571682-6400-490F-92D2-98F905426629} => C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe
Task: {41B1B1A5-045F-48C1-B389-9D0D12635097} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\SymErr.exe [102424 2019-09-11] (Symantec Corporation -> Symantec Corporation)
Task: {63912D6D-0A0E-4700-BFE9-B48E1F1FF008} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1382215785-360157019-2900194103-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {6D8DCEF6-2367-4583-8497-CA2B424AE4B6} - System32\Tasks\{42EA4160-CBC1-4366-A939-197CDF9DF598} => C:\Windows\twain_32\escndv\escndv.exe [143360 2008-11-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORP.)
Task: {70ED8E59-EBA4-4A53-855E-FA2741DD3759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {77E0646F-163C-4CE9-8C67-18CA05D5D532} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {7B0B2843-A0F6-4FC2-B1F6-8CD821292E31} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D9150B8-BB63-4C23-9B85-8BE4F610AEF7} - System32\Tasks\{AF4B1097-5666-47D4-A784-6F8FC480C895} => C:\Windows\twain_32\escndv\escndv.exe [143360 2008-11-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORP.)
Task: {83449CFC-17FD-4955-8A98-EF81CFDB3611} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {8566F579-1C20-488D-93A0-EAC16C5971FB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C117F6E-EEAC-46A2-B7E8-AE973D3D82A3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E51EEFC-AA76-4B51-9ACE-062FBEF72E3F} - System32\Tasks\{B0A3678E-AB63-419C-BB65-1198169D0D35} => C:\Program Files (x86)\CGN\Colonization for Windows\COLONIZE.EXE
Task: {9598803C-32D3-4789-8992-0A0DA2309DA6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [1890552 2019-09-11] (Symantec Corporation -> Symantec Corporation)
Task: {965476CD-CC42-475B-9B1F-F17B0D2B1C10} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {982B284C-5A9A-4BCF-9169-383FBEE8DB6F} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\SymErr.exe [102424 2019-09-11] (Symantec Corporation -> Symantec Corporation)
Task: {B9CAAD01-1E5D-4B10-AF5C-A416661EBE0A} - System32\Tasks\{519F4A9A-792D-4255-BBB6-D8BAA8FA18FE} => C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe
Task: {BCDD44DF-4D8A-4A65-BE32-4FB26F2B98F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {BFA6C975-E9FC-4942-9E9B-D1D03C3C98B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {C4BBA8E7-18A9-4EE5-B6B4-6609C9687221} - System32\Tasks\cmd => C:\Windows\System32\cmd.exe 
Task: {CA14A98F-C60C-4808-B812-8137BFBACFFD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\WSCStub.exe [707624 2019-09-11] (Symantec Corporation -> Symantec Corporation)
Task: {DA01D777-A0E6-4D0D-9025-ACD918AC0339} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003UA => C:\Users\Hannah_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook, Inc. -> Facebook Inc.)
Task: {DA27B5DA-BA1F-4459-BC6B-C4DAC559084C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003Core.job => C:\Users\Hannah_2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003UA.job => C:\Users\Hannah_2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\iMeshNAG.job => C:\Users\Hannah_2\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C605F0D-2F30-4149-8677-495945BA940E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{260D71DF-F3ED-4756-B428-993D3C5BA380}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3082A0BF-DB8E-4DC7-86AC-A305F878514D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D5CCFCF5-7CFC-4119-8225-610F3DA210CB}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{DA7B795E-F9F0-4877-AAE2-111515A9BD7C}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://cnn.com/
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.cnn.com/
SearchScopes: HKLM -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {CB741BA7-1390-49FA-9C90-90AC21CF194E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {47CA27CB-238A-4CC7-9E39-E332D0A82333} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> DefaultScope {47E70B16-857D-1F50-ADFB-8839257B41A4} URL = hxxp://www.bing.com/search?FORM=SK2CDF&PC=SK2C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> {47CA27CB-238A-4CC7-9E39-E332D0A82333} URL = 
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> {47E70B16-857D-1F50-ADFB-8839257B41A4} URL = hxxp://www.bing.com/search?FORM=SK2CDF&PC=SK2C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1122&geo=US&ver=22.16.2.22&locale=en_US&guid=3E36490B-F01A-11DF-A373-842B2BB11E8E&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\coIEPlg.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-21] (Google Inc -> Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.19.8.65\coIEPlg.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-21] (Google Inc -> Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies SA -> Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-21] (Google Inc -> Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\coIEPlg.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.19.8.65\coIEPlg.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-21] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-21] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\coIEPlg.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies SA -> Skype Technologies S.A.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2010-11-04] (Adobe Systems Incorporated -> )
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1382215785-360157019-2900194103-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Hannah\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape -> Octoshape ApS)
FF Plugin HKU\S-1-5-21-1382215785-360157019-2900194103-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Hannah\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-10-21] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1382215785-360157019-2900194103-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\Hannah\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1382215785-360157019-2900194103-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\Hannah\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Hannah\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-05-31]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://cnn.com/
CHR StartupUrls: Default -> "hxxp://cnn.com/"
CHR Notifications: Default -> hxxps://forum.leasehackr.com; hxxps://www.chess.com; hxxps://www.empirasign.com
CHR Profile: C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default [2019-10-30]
CHR DownloadDir: C:\Users\Hannah\Downloads
CHR Extension: (YouTube) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Bing Search Engine) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2019-10-29]
CHR Extension: (Norton Security Toolbar) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-05-10]
CHR Extension: (Google Search) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Norton Identity Safe) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-25]
CHR Profile: C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1382215785-360157019-2900194103-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk, Inc -> Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc. -> Apple Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc -> Autodesk, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 NortonSecurity; C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\NortonSecurity.exe [225608 2019-09-11] (Symantec Corporation -> Symantec Corporation)
R2 RealtekWlanU; C:\Program Files (x86)\Tenda\TeWlanCuRt\RtlService.exe [48856 2016-08-23] (Realtek Semiconductor Corp -> Realtek)
S2 RTLDHCPService; C:\Program Files (x86)\Tenda\TeWlanCuRt\RTLDHCP.exe [262360 2016-08-23] (Realtek Semiconductor Corp -> Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2017-01-06] (Realtek Semiconductor Corp -> )
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2017-07-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (Dell Inc -> SoftThinks SAS)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC. -> GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] (NETGEAR -> )
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [4863752 2016-02-17] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation -> Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20191029.001\BHDrvx64.sys [1952136 2019-10-01] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1613080.041\ccSetx64.sys [194416 2019-09-11] (Symantec Corporation -> Symantec Corporation)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-04-11] (Techporch Incorporated -> Dell Computer Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-09] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2019-10-22] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20191029.061\IDSvia64.sys [1451016 2019-08-05] (Symantec Corporation -> Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-10-30] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 netr7364; C:\Windows\System32\DRIVERS\netr7364.sys [707072 2009-06-10] (Microsoft Windows -> Ralink Technology, Corp.)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2016-08-12] (PTT - Software driver -> )
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5597216 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [285312 2017-07-31] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [119424 2017-07-31] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\1613080.041\SRTSP64.SYS [885936 2019-09-11] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1613080.041\SRTSPX64.SYS [50864 2019-09-11] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1613080.041\SYMEFASI64.SYS [1963400 2019-09-11] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-12] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\SymPlatform\SymEvnt.sys [721584 2019-10-15] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1613080.041\Ironx64.SYS [316656 2019-09-11] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1613080.041\symnets.sys [573448 2019-09-11] (Symantec Corporation -> Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1613080.041\wpCtrlDrv.sys [1012120 2019-09-11] (Symantec Corporation -> Symantec Corporation)
U3 aswbdisk; no ImagePath
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160704.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160704.008\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-30 18:13 - 2019-10-30 18:14 - 000046217 _____ C:\Users\Hannah\Desktop\FRST.txt
2019-10-30 18:12 - 2019-10-30 18:12 - 000000000 ____D C:\Users\Hannah\Desktop\FRST-OlderVersion
2019-10-30 18:08 - 2019-10-30 18:13 - 000000000 ____D C:\FRST
2019-10-30 18:07 - 2019-10-30 18:12 - 001619456 _____ (Farbar) C:\Users\Hannah\Desktop\FRST64 (1).exe
2019-10-30 17:57 - 2019-10-30 17:57 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-30 17:57 - 2019-10-30 17:57 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-30 17:57 - 2019-10-30 17:57 - 000001869 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-30 17:57 - 2019-10-30 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-30 17:57 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-30 17:55 - 2019-10-30 17:55 - 000000000 ____D C:\ProgramData\MB3Install
2019-10-30 17:54 - 2019-10-30 17:54 - 064333800 _____ (Malwarebytes ) C:\Users\Hannah\Desktop\mb3-setup-1878.1878-3.8.3.2965.exe
2019-10-30 17:29 - 2019-10-30 17:29 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2019-10-29 22:17 - 2019-10-29 22:17 - 033064160 _____ (Adlice Software ) C:\Users\Hannah\Desktop\RogueKiller_setup_ref3 (1).exe
2019-10-29 22:13 - 2019-10-29 22:13 - 033064160 _____ (Adlice Software ) C:\Users\Hannah\Downloads\6ada9cda-d08c-4955-8070-22eb1cf02e29.tmp
2019-10-29 22:04 - 2019-10-29 22:04 - 033064160 _____ (Adlice Software ) C:\Users\Hannah\Desktop\RogueKiller_setup_ref3.exe
2019-10-29 21:56 - 2019-10-29 21:58 - 000000000 ____D C:\AdwCleaner
2019-10-29 21:55 - 2019-10-29 21:55 - 007622344 _____ (Malwarebytes) C:\Users\Hannah\Desktop\adwcleaner_7.4.2.exe
2019-10-23 14:46 - 2019-10-23 14:46 - 000228332 _____ C:\Users\Hannah\Documents\Talking points_RG.zip
2019-10-23 14:46 - 2019-10-23 14:46 - 000228332 _____ C:\Users\Hannah\Documents\Talking points_RG.pages
2019-10-23 14:46 - 2019-10-23 14:46 - 000228332 _____ C:\Users\Hannah\Documents\Talking points_RG..zip
2019-10-22 11:10 - 2019-10-07 02:49 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-22 11:10 - 2019-10-07 01:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-22 11:10 - 2019-10-06 00:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-22 11:10 - 2019-10-06 00:00 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-22 11:10 - 2019-10-06 00:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-22 11:10 - 2019-10-05 23:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-22 11:10 - 2019-10-05 23:48 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-22 11:10 - 2019-10-05 23:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-22 11:10 - 2019-10-05 23:47 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-22 11:10 - 2019-10-05 23:47 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-22 11:10 - 2019-10-05 23:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-22 11:10 - 2019-10-05 23:41 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-22 11:10 - 2019-10-05 23:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-22 11:10 - 2019-10-05 23:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-22 11:10 - 2019-10-05 23:37 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-22 11:10 - 2019-10-05 23:37 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-22 11:10 - 2019-10-05 23:36 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-22 11:10 - 2019-10-05 23:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-22 11:10 - 2019-10-05 23:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-22 11:10 - 2019-10-05 23:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-22 11:10 - 2019-10-05 23:31 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-22 11:10 - 2019-10-05 23:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-22 11:10 - 2019-10-05 23:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-22 11:10 - 2019-10-05 23:23 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-22 11:10 - 2019-10-05 23:22 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-22 11:10 - 2019-10-05 23:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-22 11:10 - 2019-10-05 23:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-22 11:10 - 2019-10-05 23:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-22 11:10 - 2019-10-05 23:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-22 11:10 - 2019-10-05 23:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-22 11:10 - 2019-10-05 23:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-22 11:10 - 2019-10-05 23:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-22 11:10 - 2019-10-05 23:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-22 11:10 - 2019-10-05 23:16 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-22 11:10 - 2019-10-05 23:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-22 11:10 - 2019-10-05 23:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-22 11:10 - 2019-10-05 23:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-22 11:10 - 2019-10-05 23:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-22 11:10 - 2019-10-05 23:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-22 11:10 - 2019-10-05 23:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-22 11:10 - 2019-10-05 23:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-22 11:10 - 2019-10-05 23:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-22 11:10 - 2019-10-05 23:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-22 11:10 - 2019-10-05 23:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-22 11:10 - 2019-10-05 23:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-22 11:10 - 2019-10-05 23:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-22 11:10 - 2019-10-05 23:03 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-22 11:10 - 2019-10-05 23:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-22 11:10 - 2019-10-05 23:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-22 11:10 - 2019-10-05 23:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-22 11:10 - 2019-10-05 22:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-22 11:10 - 2019-10-05 22:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-22 11:10 - 2019-10-05 22:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-22 11:10 - 2019-10-05 22:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-22 11:10 - 2019-10-05 22:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-22 11:10 - 2019-10-05 22:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-22 11:10 - 2019-10-05 22:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-22 11:10 - 2019-10-05 22:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-22 11:10 - 2019-10-05 22:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-22 11:10 - 2019-10-05 22:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-22 11:10 - 2019-10-05 22:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-22 11:10 - 2019-10-05 22:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-22 11:10 - 2019-10-05 22:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-22 11:10 - 2019-10-05 22:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-22 11:10 - 2019-10-05 22:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-22 11:10 - 2019-10-05 22:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-22 11:10 - 2019-10-05 22:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-22 11:10 - 2019-10-05 22:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-22 11:10 - 2019-09-19 00:27 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-22 11:10 - 2019-09-16 22:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-22 11:10 - 2019-09-16 22:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-22 11:10 - 2019-09-16 22:32 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-22 11:10 - 2019-09-16 22:32 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-22 11:10 - 2019-09-16 22:31 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-22 11:10 - 2019-09-16 22:31 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-22 11:10 - 2019-09-16 22:31 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-22 11:10 - 2019-09-16 22:31 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-22 11:10 - 2019-09-16 22:31 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-22 11:10 - 2019-09-16 22:30 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 22:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-22 11:10 - 2019-09-16 22:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-22 11:10 - 2019-09-16 22:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-22 11:10 - 2019-09-16 22:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-22 11:10 - 2019-09-16 22:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-22 11:10 - 2019-09-16 21:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-22 11:10 - 2019-09-16 21:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-22 11:10 - 2019-09-16 21:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-22 11:10 - 2019-09-16 21:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-22 11:10 - 2019-09-16 21:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-22 11:10 - 2019-09-16 21:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-22 11:10 - 2019-09-16 21:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 21:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 21:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 21:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-22 11:10 - 2019-09-16 21:56 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-22 11:10 - 2019-09-16 21:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-22 11:10 - 2019-09-16 21:55 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-22 11:10 - 2019-09-16 21:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-22 11:10 - 2019-09-16 21:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-22 11:10 - 2019-09-16 21:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-22 11:10 - 2019-09-16 21:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-22 11:10 - 2019-09-16 21:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-22 11:10 - 2019-09-16 21:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-22 11:10 - 2019-09-16 21:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-22 11:10 - 2019-09-16 21:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-22 11:10 - 2019-09-16 21:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-22 11:10 - 2019-09-16 21:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-22 11:10 - 2019-09-16 21:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-22 11:10 - 2019-09-16 21:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-22 11:10 - 2019-09-16 20:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-22 11:10 - 2019-09-11 00:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-22 11:10 - 2019-09-11 00:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-22 11:10 - 2019-09-09 22:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-22 11:10 - 2019-09-09 22:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-22 11:10 - 2019-09-09 22:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-22 11:10 - 2019-09-09 22:24 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-22 11:10 - 2019-09-09 22:24 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-22 11:10 - 2019-09-09 22:24 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-22 11:10 - 2019-09-09 22:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-22 11:10 - 2019-09-09 22:24 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-22 11:10 - 2019-09-09 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-22 11:10 - 2019-09-09 22:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-22 11:10 - 2019-09-09 22:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-22 11:10 - 2019-09-09 22:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-22 11:10 - 2019-09-09 22:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-22 11:10 - 2019-09-09 22:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-22 11:10 - 2019-09-09 22:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-22 11:10 - 2019-09-09 21:54 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-22 11:10 - 2019-09-09 21:53 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-22 11:10 - 2019-09-09 21:53 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-22 11:10 - 2019-09-09 21:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-22 11:10 - 2019-09-09 21:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-22 11:10 - 2019-09-09 21:52 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-22 11:10 - 2019-09-09 21:49 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-22 11:10 - 2019-09-09 20:09 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-22 11:10 - 2019-09-09 20:09 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-10-21 15:43 - 2019-10-21 15:43 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Zoom
2019-10-21 15:43 - 2019-10-21 15:43 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2019-10-17 22:13 - 2019-10-17 22:13 - 017455496 _____ (Cisco Systems, Inc) C:\Users\Hannah\Downloads\CiscoVideoGuard.11.5.exe
2019-10-14 22:54 - 2019-10-14 22:54 - 000144871 _____ C:\Users\Hannah\Documents\Hannah picture for eulogy
2019-10-14 21:56 - 2019-10-14 21:56 - 000057600 _____ C:\Users\Hannah\Downloads\mv-13st.pdf
2019-10-04 23:32 - 2019-10-04 23:32 - 000000000 ____D C:\Windows\system32\Tasks\Norton Security Suite
2019-10-04 23:27 - 2019-10-04 23:27 - 000003230 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2019-10-04 23:27 - 2019-10-04 23:27 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2019-10-04 23:23 - 2019-09-11 23:53 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-10-04 23:23 - 2019-09-11 23:52 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-10-04 23:23 - 2019-09-11 23:52 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-10-04 23:23 - 2019-09-11 23:44 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-04 23:23 - 2019-09-11 23:44 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-04 23:23 - 2019-09-11 23:44 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-04 23:23 - 2019-09-11 23:44 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-04 23:23 - 2019-09-11 23:44 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-10-04 23:23 - 2019-09-11 23:24 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-10-02 12:01 - 2019-10-02 12:01 - 000202876 _____ C:\Users\Hannah\Downloads\sagis.pdf
2019-10-02 11:38 - 2019-10-02 11:38 - 000201435 _____ C:\Users\Hannah\Downloads\LivDerm1.pdf
2019-10-01 12:16 - 2019-10-01 12:16 - 002769894 _____ C:\Users\Hannah\Downloads\safety-04-00010.pdf
2019-10-01 11:39 - 2019-10-01 11:39 - 000824949 _____ C:\Users\Hannah\Downloads\19457.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-30 18:06 - 2009-07-14 00:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-30 18:06 - 2009-07-14 00:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-30 18:01 - 2009-07-14 01:13 - 000785858 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-30 18:01 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-10-30 18:00 - 2010-11-04 22:42 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2019-10-30 17:57 - 2014-03-25 21:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-30 17:57 - 2010-11-04 23:02 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2019-10-30 17:57 - 2010-11-04 23:02 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2019-10-30 17:56 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-30 17:39 - 2012-06-07 00:25 - 000000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003UA.job
2019-10-30 17:27 - 2016-09-09 23:45 - 000000000 ____D C:\Users\Hannah\AppData\Local\B41A1E04-87F5-4B63-8DED-9EC4C0222765.aplzod
2019-10-30 16:56 - 2017-12-19 19:28 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-10-29 20:39 - 2012-06-07 00:25 - 000000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003Core.job
2019-10-29 09:08 - 2014-03-30 15:17 - 000000000 ____D C:\Users\Hannah\AppData\Local\CrashDumps
2019-10-22 14:19 - 2019-05-04 00:51 - 000000000 ____D C:\Windows\rescache
2019-10-22 13:42 - 2009-07-14 00:45 - 000492504 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-22 13:41 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-22 11:16 - 2014-02-25 23:55 - 000762152 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-22 11:15 - 2014-02-22 19:54 - 000000000 ____D C:\Windows\system32\MRT
2019-10-22 11:12 - 2010-11-14 23:40 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-20 19:48 - 2017-07-08 15:27 - 000000000 ____D C:\Users\Hannah\AppData\Local\GoToMyPC
2019-10-16 14:45 - 2014-02-19 12:49 - 000000000 ____D C:\Users\Hannah\Documents\Joel Work
2019-10-14 23:58 - 2015-08-20 00:46 - 000000000 ____D C:\Users\Hannah\Desktop\SAM
2019-10-10 16:53 - 2012-03-25 12:13 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-10 16:53 - 2012-03-25 12:13 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-10 16:53 - 2012-03-25 12:12 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-10 15:11 - 2018-05-15 13:00 - 000000000 ____D C:\Users\Hannah\Downloads\Joel Phoenix
2019-10-04 23:53 - 2015-07-21 22:19 - 000000000 ____D C:\Program Files\Common Files\AV
2019-10-04 23:27 - 2018-02-15 18:06 - 000002453 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-10-04 23:27 - 2018-02-15 18:06 - 000002453 _____ C:\ProgramData\Desktop\Norton Security.lnk
2019-10-04 23:27 - 2018-02-11 00:44 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2019-10-02 13:47 - 2010-11-14 14:32 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-02 13:47 - 2010-11-14 14:32 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-02 13:47 - 2010-11-14 14:31 - 000000000 ____D C:\Program Files (x86)\Google
 
==================== Files in the root of some directories ========
 
2015-09-25 08:22 - 2015-09-25 08:22 - 000000093 _____ () C:\Users\Hannah\AppData\Roaming\ARCompanion.log
2014-03-23 21:07 - 2014-03-23 21:07 - 000000045 _____ () C:\Users\Hannah\AppData\Roaming\WB.CFG
2014-11-05 22:19 - 2014-11-05 22:19 - 000000064 _____ () C:\Users\Hannah\AppData\Local\4d0003c32636a4c5e9cb90650df69609
2014-05-10 21:24 - 2014-05-10 21:24 - 000003584 _____ () C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-19 11:22 - 2015-11-19 11:22 - 000004096 ____H () C:\Users\Hannah\AppData\Local\keyfile3.drm
2016-08-12 12:19 - 2016-08-12 12:19 - 000000017 _____ () C:\Users\Hannah\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-10-30 00:59
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2019 01
Ran by Hannah (30-10-2019 18:14:59)
Running from C:\Users\Hannah\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-14 17:55:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1382215785-360157019-2900194103-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1382215785-360157019-2900194103-501 - Limited - Disabled)
Hannah (S-1-5-21-1382215785-360157019-2900194103-1000 - Administrator - Enabled) => C:\Users\Hannah
Hannah_2 (S-1-5-21-1382215785-360157019-2900194103-1003 - Limited - Disabled) => C:\Users\Hannah_2
HomeGroupUser$ (S-1-5-21-1382215785-360157019-2900194103-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
FW: Norton Security Suite (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Aleks 3.16 (HKLM-x32\...\Aleks 3.16) (Version:  - )
Amyuni PDF Converter (HKLM-x32\...\{F3036434-FFF7-449A-AC9E-7D5C5F18875B}) (Version: 5.0.0 - Amyuni Technologies)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.108.150 - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.54 - Piriform)
Cisco VideoGuard Player (HKLM-x32\...\{5e0dea41-f3a4-431f-877c-8ea36fafb4a7}) (Version: 11.5.0x11dce5da.1107 - Cisco Systems, Inc)
Cisco VideoGuard Player (HKLM-x32\...\{eb841aaa-19f5-40db-93af-850cf64f61c3}) (Version: 6.8 - Cisco Systems, Inc)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DIRECTV Player (HKLM-x32\...\{33a5f796-fbe8-4ef4-b95d-94e9c3c6efbd}) (Version: 12.0 - DIRECTV)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
Infinite HD™ App (HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 26.0.0.0 - NETGEAR)
Norton Security Suite (HKLM-x32\...\NGC) (Version: 22.19.8.65 - Symantec Corporation)
Online Plug-in (HKLM-x32\...\{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.9.3 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.19.1 - Quicken)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAPID Mode (HKLM\...\{5A683E39-C974-4AB6-AD12-DE462FEE74D1}) (Version: 1.0.0.99 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Self-service Plug-in (HKLM-x32\...\{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}) (Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype version 8.51 (HKLM-x32\...\Skype_is1) (Version: 8.51 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Tenda Wireless Utility (HKLM-x32\...\{198CC6BB-29D8-43DB-AF60-CEEF9DDF9F18}) (Version: 1.0.0.8 - Tenda)
TestGen (HKLM-x32\...\TestGen) (Version:  - )
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.25 - Tweaking.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\ZoomUMX) (Version: 4.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1382215785-360157019-2900194103-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1382215785-360157019-2900194103-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1382215785-360157019-2900194103-1000_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Hannah\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1382215785-360157019-2900194103-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1382215785-360157019-2900194103-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-10-05] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\NavShExt.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\NavShExt.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\NavShExt.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2015-02-21] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2015-02-21] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2012-12-14 17:21 - 2012-12-14 17:21 - 002293760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Citrix\Receiver\xerces-c_3_1.dll
2017-12-19 15:59 - 2016-10-04 10:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-03-27 23:34 - 2019-03-27 23:34 - 000130560 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-02-22 15:37 - 2014-02-22 15:37 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2014-02-22 15:37 - 2014-02-22 15:37 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2014-02-22 15:37 - 2014-02-22 15:37 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2015-12-08 13:32 - 2005-01-13 14:47 - 000049152 ____N (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2014-03-15 13:11 - 2007-09-18 16:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll
2014-03-15 13:11 - 2007-09-10 15:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll
2014-03-15 13:11 - 2006-12-26 14:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll
2014-03-15 13:11 - 2004-11-17 16:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll
2014-03-15 13:11 - 2007-09-10 15:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll
2014-03-15 13:11 - 2006-08-30 01:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll
2013-08-01 16:05 - 2013-08-01 16:05 - 000112128 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2014-03-12 22:56 - 2010-09-13 15:00 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2014-03-12 22:56 - 2008-06-18 11:49 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\dell.com -> dell.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-02-22 15:49 - 000000855 ____N C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\startupreg: "C: => 
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: EPSON Artisan 810 Series (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S3CC6.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON01DB1B => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SC754.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON01DB1B (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SD661.tmp" /EF "HKCU"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GENIE => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe -s
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanuchApp => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe
MSCONFIG\startupreg: Launcher => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\Hannah\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: PCShowServer => "C:\Users\Hannah\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C2A5FDC4-7E62-41FD-B01F-FCFB8B3AC1F5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{33DEFE95-A7BF-4582-ACE6-37D82FE56241}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{8C0C4CC1-1B2E-4333-9E9C-09B2AF20506D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe No File
FirewallRules: [{6BDFCEEE-ECD3-4B7D-8C9E-0C113E23456B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe No File
FirewallRules: [{E16583E2-BEE3-4F02-88AD-201D9614A0C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe No File
FirewallRules: [{6E6FF841-4961-4554-BE90-6E2E369B519D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe No File
FirewallRules: [{61A9516A-72E3-4470-8CF6-58D639BA7E88}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{EAEBE1FF-1A0D-470A-9BA7-D6172888D8E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{3F469F37-D174-45F0-9E42-4717C63280F6}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe No File
FirewallRules: [{6E59DC4C-C249-46B8-B2FF-0201D0B4C0BA}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe No File
FirewallRules: [{F59E90B4-0BA4-43BA-BBF4-0FD30CC1C7E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{C7BFDCF9-2D46-432C-8EB4-CC4BA6FF2548}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{F4BFDAFD-1ABE-49C9-9BDB-4CDF8C34A0FB}] => (Allow) C:\Users\Hannah\AppData\Local\Temp\7zS6E4.tmp\SymNRT.exe No File
FirewallRules: [{8ED5D293-4218-4986-AFA7-28D6450279D9}] => (Allow) C:\Users\Hannah\AppData\Local\Temp\7zS6E4.tmp\SymNRT.exe No File
FirewallRules: [{677A609C-AF80-42A9-9908-2331AB222EDF}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{4B85DA21-B28A-41EF-A1E1-3079B9E41F8B}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{106E10D2-4298-4144-9CFD-E645F1FCE5F3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{1C028637-F22E-4430-9616-D201CE6FC73A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{85875B62-D632-4762-B8CB-F87957D906B6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{53B7F3AC-445D-4B9D-A841-CE69ED01A4F5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{CC65C571-8CE4-46BF-BFE5-3226AD94F759}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{879DC76F-73B0-4A44-BD18-E842928ABEEF}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [UDP Query User{80D8891B-A686-40A2-A3AC-5B465245BDAC}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{86257973-44A1-4651-9220-3A902694ECDF}C:\users\hannah\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\hannah\appdata\local\directv player\ndspcshowserver.exe (DIRECTV, LLC. -> )
FirewallRules: [UDP Query User{3055B253-234E-43A0-8115-E6028028A993}C:\users\hannah\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\hannah\appdata\local\directv player\ndspcshowserver.exe (DIRECTV, LLC. -> )
FirewallRules: [{4619FF6E-277D-42F2-B35B-BDA9440CC281}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{67E8EF80-65B4-4D04-840F-32876319F890}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{395CD2D9-9E19-448C-A5B0-5CC2EEA238AE}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC. -> GlavSoft LLC.)
FirewallRules: [{790F32A0-8735-46F1-9798-61C883F3B093}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C0876B7B-4328-46FB-92AD-A5A1B55B3E6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{950F317C-682C-4954-B8AA-0E103EEE7016}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0359A8AF-DAB2-462B-BC1F-55A2033E302B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7151322-A48A-4581-8D8E-8DD90AC4BFA5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{FDE20CE5-3BDD-4200-9475-50EB3BE2F501}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [UDP Query User{D8D81E04-C33E-4E16-AA6B-E2CEA5DAE313}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{98FE860D-93D2-40CF-8D9D-B08FA4DABE6A}] => (Allow) C:\PROGRA~2\Tenda\TEWLAN~1\Rtldhcp.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{E17E38D2-2679-4748-9FE0-E4A30C02FA6A}] => (Allow) LPort=53
FirewallRules: [{9D10765C-2F57-4C11-9E65-9D504B12CBB6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe No File
FirewallRules: [{86FFCF53-13DF-4B39-A50F-EFB489F69649}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe No File
FirewallRules: [{2F13E9C5-0BF4-461B-912A-9B07CBF340D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{82FDF3A4-B598-4688-B314-1115F2B402BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{FE629B9E-FBD9-4376-BA2E-B3F9C806AFD3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{2A6CA5E2-C5BE-4BE7-8A58-36D14C37B157}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{720B95F5-BE2A-4900-BF12-B8E232210540}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe No File
FirewallRules: [{B463BE71-96BD-4883-A853-ECEEBCC8D685}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe No File
FirewallRules: [{8F874D3C-F11F-4DC4-B297-1D8965B0610A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{41CB0013-779F-44A9-AD3C-A96FF78FC7B3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A9532605-A3A6-4C35-B65F-5FD3712C45A9}] => (Allow) LPort=1542
FirewallRules: [{3ACDDA0F-3AC1-4758-965F-FFA051A8D49B}] => (Allow) LPort=1542
FirewallRules: [{98221EC7-EF3A-4173-944D-4A747151930F}] => (Allow) LPort=53
FirewallRules: [{A52AA534-5D2A-4FA6-9B9E-1DA29DD116BF}] => (Allow) C:\PROGRA~2\Tenda\TEWLAN~1\Rtldhcp.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{F542F68F-75FF-4244-8C68-134BEF992A71}] => (Allow) C:\Program Files (x86)\Tenda\TeWlanCuRt\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{A928A173-C0DA-4FA1-B7A5-3332A4EBB1B8}] => (Allow) C:\Program Files (x86)\Tenda\TeWlanCuRt\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{6B10165D-BC7F-405E-98D5-494D7B0DFCE0}] => (Allow) C:\Program Files (x86)\Tenda\TeWlanCuRt\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{3CCB5B58-DD92-4E2B-86F7-F78EA3D5F288}] => (Allow) C:\Program Files (x86)\Tenda\TeWlanCuRt\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{667C499A-BC3F-407A-922B-888B1DA2322B}] => (Allow) C:\Program Files (x86)\Tenda\TeWlanCuRt\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{CFE201D5-7773-4E65-A478-485937000ADB}] => (Allow) C:\Program Files (x86)\Tenda\TeWlanCuRt\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{B5B6B09A-EF8B-4449-A73F-A81814D2EBFA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4C01B80F-9548-4C95-8F1E-22CD705E6272}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{523476AA-DB1B-40B0-9743-8431C1BC0789}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CC0C050C-8F46-43E8-B7AF-1E019EAF88C4}] => (Allow) C:\Users\Hannah\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2FEEF1F0-37C8-4C49-BC51-04D24DC2BC21}] => (Allow) C:\Users\Hannah\AppData\Roaming\Zoom\bin\airhost.exe No File
 
==================== Restore Points =========================
 
29-10-2019 23:32:19 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: I:\
Description: MS/MS-Pro       
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/30/2019 06:09:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64 (1).exe version 30.10.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1dcc
 
Start Time: 01d58f6e96197c87
 
Termination Time: 4
 
Application Path: C:\Users\Hannah\Desktop\FRST64 (1).exe
 
Report Id: fa7b68ca-fb61-11e9-afaf-842b2bb11e8e
 
Error: (10/30/2019 05:56:59 PM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/30/2019 12:19:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller_setup_ref3.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ea0
 
Start Time: 01d58f3dbadd062e
 
Termination Time: 13374
 
Application Path: C:\Users\Hannah\AppData\Local\Temp\is-1QCAT.tmp\RogueKiller_setup_ref3.tmp
 
Report Id:
 
Error: (10/30/2019 12:18:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller_setup_ref3 (1).tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2370
 
Start Time: 01d58f3d96a986bb
 
Termination Time: 16554
 
Application Path: C:\Users\Hannah\AppData\Local\Temp\is-28IO1.tmp\RogueKiller_setup_ref3 (1).tmp
 
Report Id:
 
Error: (10/30/2019 12:24:51 AM) (Source: EventSystem) (EventID: 4622) (User: )
Description: The COM+ Event System could not marshal the subscriber for subscription {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 800706b5.
 
Error: (10/29/2019 10:46:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: FunDisc.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdf11
Exception code: 0xc0000005
Fault offset: 0x000007fef5042664
Faulting process id: 0x1b2c
Faulting application start time: 0x01d58ecb04346d9d
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: FunDisc.dll
Report Id: 7dc201a9-fabf-11e9-b0a3-842b2bb11e8e
 
Error: (10/29/2019 10:24:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller_setup_ref3 (1).tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 146c
 
Start Time: 01d58ec8f41773a7
 
Termination Time: 5
 
Application Path: C:\Users\Hannah\AppData\Local\Temp\is-QO11J.tmp\RogueKiller_setup_ref3 (1).tmp
 
Report Id:
 
Error: (10/29/2019 10:12:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller_setup_ref3.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2330
 
Start Time: 01d58ec759af7593
 
Termination Time: 10
 
Application Path: C:\Users\Hannah\AppData\Local\Temp\is-BNRH3.tmp\RogueKiller_setup_ref3.tmp
 
Report Id:
 
 
System errors:
=============
Error: (10/30/2019 06:16:10 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (10/30/2019 06:16:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (10/30/2019 06:15:55 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (10/30/2019 06:15:47 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (10/30/2019 06:14:41 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (10/30/2019 06:14:34 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (10/30/2019 06:14:26 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (10/30/2019 06:14:18 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A07 11/13/2010
Motherboard: Dell Inc. 0C2KJT
Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 91%
Total physical RAM: 5943.12 MB
Available physical RAM: 479.45 MB
Total Virtual: 11884.38 MB
Available Virtual: 4290.65 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.68 GB) (Free:28.86 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1690.81 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:10.21 GB) (Free:1.13 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 5A39C828)
Partition 1: (Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.7 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 6 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A3A162EF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================


#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 October 2019 - 05:51 PM

Thanks for the logs.

 

It's 11:50pm here, (UK), so I won't reply tonight but will be in touch as soon as I've had a chance to review your logs.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 joelk01

joelk01

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 30 October 2019 - 05:53 PM

Thank you

#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 October 2019 - 06:02 PM

:thumbup:


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,563 posts
  • Interests:LFC, music, more LFC, more music

Posted 31 October 2019 - 10:18 AM

Sorry for the delay – busy day.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\MountPoints2: {456bbdd8-f01b-11df-ba68-842b2bb11e8e} - O:\LaunchU3.exe -a
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\MountPoints2: {ca5b9f59-e6d4-11e3-bdf6-842b2bb11e8e} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1382215785-360157019-2900194103-1000\...\MountPoints2: {ca5b9f6e-e6d4-11e3-bdf6-842b2bb11e8e} - D:\VZW_Software_upgrade_assistant.exe
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Task: {2F16EBEA-64BA-4C0E-95A2-8321FCB8D759} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003Core.job => C:\Users\Hannah_2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1382215785-360157019-2900194103-1003UA.job => C:\Users\Hannah_2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\iMeshNAG.job => C:\Users\Hannah_2\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
SearchScopes: HKLM -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CB741BA7-1390-49FA-9C90-90AC21CF194E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {47CA27CB-238A-4CC7-9E39-E332D0A82333} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> DefaultScope {47E70B16-857D-1F50-ADFB-8839257B41A4} URL = hxxp://www.bing.com/search?FORM=SK2CDF&PC=SK2C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> {47CA27CB-238A-4CC7-9E39-E332D0A82333} URL =
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> {47E70B16-857D-1F50-ADFB-8839257B41A4} URL = hxxp://www.bing.com/search?FORM=SK2CDF&PC=SK2C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1382215785-360157019-2900194103-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1122&geo=US&ver=22.16.2.22&locale=en_US&guid=3E36490B-F01A-11DF-A373-842B2BB11E8E&doi=2016-09-01&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1382215785-360157019-2900194103-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.19.8.65\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
U3 aswbdisk; no ImagePath
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160704.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160704.008\EX64.SYS [X]
(x86)\Norton Security Suite\Engine\22.19.8.65\buShell.dll [2019-09-11] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
FirewallRules: [{C2A5FDC4-7E62-41FD-B01F-FCFB8B3AC1F5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{33DEFE95-A7BF-4582-ACE6-37D82FE56241}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
FirewallRules: [{8C0C4CC1-1B2E-4333-9E9C-09B2AF20506D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe No File
FirewallRules: [{6BDFCEEE-ECD3-4B7D-8C9E-0C113E23456B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe No File
FirewallRules: [{E16583E2-BEE3-4F02-88AD-201D9614A0C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe No File
FirewallRules: [{6E6FF841-4961-4554-BE90-6E2E369B519D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe No File
FirewallRules: [{3F469F37-D174-45F0-9E42-4717C63280F6}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe No File
FirewallRules: [{6E59DC4C-C249-46B8-B2FF-0201D0B4C0BA}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe No File
FirewallRules: [{F4BFDAFD-1ABE-49C9-9BDB-4CDF8C34A0FB}] => (Allow) C:\Users\Hannah\AppData\Local\Temp\7zS6E4.tmp\SymNRT.exe No File
FirewallRules: [{8ED5D293-4218-4986-AFA7-28D6450279D9}] => (Allow) C:\Users\Hannah\AppData\Local\Temp\7zS6E4.tmp\SymNRT.exe No File
FirewallRules: [TCP Query User{879DC76F-73B0-4A44-BD18-E842928ABEEF}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [UDP Query User{80D8891B-A686-40A2-A3AC-5B465245BDAC}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [TCP Query User{FDE20CE5-3BDD-4200-9475-50EB3BE2F501}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [UDP Query User{D8D81E04-C33E-4E16-AA6B-E2CEA5DAE313}C:\users\hannah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\hannah\appdata\local\akamai\netsession_win.exe No File
FirewallRules: [{9D10765C-2F57-4C11-9E65-9D504B12CBB6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe No File
FirewallRules: [{86FFCF53-13DF-4B39-A50F-EFB489F69649}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe No File
FirewallRules: [{2F13E9C5-0BF4-461B-912A-9B07CBF340D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{82FDF3A4-B598-4688-B314-1115F2B402BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{FE629B9E-FBD9-4376-BA2E-B3F9C806AFD3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{2A6CA5E2-C5BE-4BE7-8A58-36D14C37B157}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{720B95F5-BE2A-4900-BF12-B8E232210540}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe No File
FirewallRules: [{B463BE71-96BD-4883-A853-ECEEBCC8D685}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe No File
FirewallRules: [{2FEEF1F0-37C8-4C49-BC51-04D24DC2BC21}] => (Allow) C:\Users\Hannah\AppData\Roaming\Zoom\bin\airhost.exe No File
C:\Program Files\AVAST Software
C:\Program Files\Common Files\AVAST Software
C:\Users\Hannah_2\AppData\Local\Temp\iMesh_setup.exe
C:\Users\Hannah\AppData\Roaming\ARCompanion.log
C:\Users\Hannah\AppData\Roaming\WB.CFG
C:\Users\Hannah\AppData\Local\4d0003c32636a4c5e9cb90650df69609
C:\Users\Hannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Hannah\AppData\Local\keyfile3.drm
C:\Users\Hannah\AppData\Local\resmon.resmoncfg
cmd: netsh winsock reset catalog
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics




Also tagged with one or more of these keywords: pdf, email

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users