Solved Family Computer VERY slow

Nicki

TS Booster
Family computer (many users) very slow. Must have picked up something. Scans I have done not picking up anything. Need assistance fixing.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 4.02.2019
Ran by Nicki A. Layman (administrator) on C3N01-NICKI (05-02-2019 09:13:57)
Running from C:\Users\Nicki A. Layman\Desktop
Loaded Profiles: Nicki A. Layman (Available Profiles: Nicki A. Layman)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\nsWscSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\pcdrwi.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NortonSecurity.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NortonSecurity.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5776712 2013-11-25] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\MountPoints2: {10195be0-f373-11e8-83dc-e74cf390b7f0} - "D:\LaunchU3.exe"
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2015-06-12]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2015-06-12]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2015-06-12]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{04b62a43-b658-451d-bb8c-19a8be0592dd}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

FireFox:
========
FF ProfilePath: C:\Users\Nicki A. Layman\AppData\Roaming\Mozilla\Firefox\Profiles\0149i8yj.default-1473871826246 [2019-02-05]
FF Homepage: Mozilla\Firefox\Profiles\0149i8yj.default-1473871826246 -> www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://sidelineswap.com/static/assets/src/images/icons/icon-32x32.png
CHR Profile: C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default [2019-02-05]
CHR Extension: (Slides) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-04]
CHR Extension: (Docs) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-04]
CHR Extension: (Google Drive) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-04]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-11-04]
CHR Extension: (YouTube) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-04]
CHR Extension: (Honey) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-02]
CHR Extension: (The EDGE) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonidcfgodikbmdhnjalkkgdeklncbgi [2018-11-04]
CHR Extension: (EasyBib) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe [2018-11-04]
CHR Extension: (SidelineSwap) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbihabkbniojnbhfhoganlkikmpfadnc [2018-11-04]
CHR Extension: (Google News) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2018-11-04]
CHR Extension: (Pandora) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2018-11-04]
CHR Extension: (Google Finance) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2018-11-04]
CHR Extension: (Sheets) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-04]
CHR Extension: (Little Alchemy) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2018-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-31]
CHR Extension: (Gmail) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc -> Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc -> Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe [1035072 2019-01-09] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Techporch Incorporated -> Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc -> Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] (Microsoft Windows -> )
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39384 2018-12-12] (Dell Inc. -> Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265640 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-05-21] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20190129.006\BHDrvx64.sys [1925104 2018-09-17] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-11-28] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-11-30] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20190204.061\IDSvia64.sys [1424904 2019-01-21] (Symantec Corporation -> Symantec Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [53880 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\SymPlatform\SymEvnt.sys [678616 2019-01-28] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-05 09:13 - 2019-02-05 09:15 - 000024127 _____ C:\Users\Nicki A. Layman\Desktop\FRST.txt
2019-02-05 09:13 - 2019-02-05 09:13 - 002433024 _____ (Farbar) C:\Users\Nicki A. Layman\Desktop\FRST64.exe
2019-02-05 09:13 - 2019-02-05 09:13 - 000000000 ____D C:\Users\Nicki A. Layman\Desktop\FRST-OlderVersion
2019-02-05 09:13 - 2019-02-05 09:13 - 000000000 ____D C:\FRST
2019-02-05 06:16 - 2019-02-05 06:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-05 01:44 - 2019-02-05 01:44 - 000000616 _____ C:\Users\Nicki A. Layman\Downloads\cc_20190205_014404.reg
2019-02-05 01:43 - 2019-02-05 01:43 - 000050070 _____ C:\Users\Nicki A. Layman\Downloads\cc_20190205_014326.reg
2019-02-05 01:35 - 2019-02-05 01:44 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 01:34 - 2019-02-05 01:34 - 019341880 _____ (Piriform Software Ltd) C:\Users\Nicki A. Layman\Downloads\ccsetup552.exe
2019-02-05 01:04 - 2019-02-05 01:04 - 007316688 _____ (Malwarebytes) C:\Users\Nicki A. Layman\Downloads\adwcleaner_7.2.7.0.exe
2019-02-03 00:55 - 2019-02-03 00:55 - 000340450 _____ C:\Users\Nicki A. Layman\Downloads\Statement_012019_4318.pdf
2019-02-03 00:10 - 2019-02-03 00:10 - 000121068 _____ C:\Users\Nicki A. Layman\Downloads\NTO_12019020305105700041597819323834E4ED98D14E5071612EDE5.pdf
2019-02-03 00:08 - 2019-02-03 00:08 - 001510171 _____ C:\Users\Nicki A. Layman\Downloads\Green Savings, January 2019 (1).pdf
2019-02-03 00:08 - 2019-02-03 00:08 - 001494670 _____ C:\Users\Nicki A. Layman\Downloads\One Deposit Checking, January 2019 (1).pdf
2019-02-03 00:07 - 2019-02-03 00:08 - 001512927 _____ C:\Users\Nicki A. Layman\Downloads\Green Savings, January 2019.pdf
2019-02-03 00:07 - 2019-02-03 00:07 - 001567449 _____ C:\Users\Nicki A. Layman\Downloads\One Deposit Checking, January 2019.pdf
2019-02-02 19:24 - 2019-02-02 19:24 - 000204388 _____ C:\Users\Nicki A. Layman\Downloads\cbablue_authreleaseinfo.pdf
2019-02-02 18:11 - 2019-02-02 18:11 - 000068685 _____ C:\Users\Nicki A. Layman\Downloads\download.html
2019-01-31 08:04 - 2019-01-31 08:04 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-31 08:04 - 2019-01-31 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-31 08:04 - 2019-01-31 08:04 - 000000000 ____D C:\Program Files\iPod
2019-01-31 08:03 - 2019-01-31 08:04 - 000000000 ____D C:\Program Files\iTunes
2019-01-31 07:57 - 2019-01-31 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-30 17:10 - 2019-01-30 17:11 - 000068679 _____ C:\Users\Nicki A. Layman\Downloads\Cale report card 01.30.19 1199059d-4c91-45b3-9f53-ab3e9a529ecc.pdf
2019-01-30 16:54 - 2019-01-30 16:54 - 000098662 _____ C:\Users\Nicki A. Layman\Downloads\Blog 17 ff.pdf
2019-01-30 16:54 - 2019-01-30 16:54 - 000098662 _____ C:\Users\Nicki A. Layman\Documents\Blog 17 ff.pdf
2019-01-29 20:36 - 2019-01-29 20:36 - 000206333 _____ C:\Users\Nicki A. Layman\Downloads\Brokerage Trade Transaction (2).pdf
2019-01-29 19:59 - 2019-01-29 19:59 - 000271679 _____ C:\Users\Nicki A. Layman\Downloads\instantpot-NEW.pdf
2019-01-28 23:33 - 2019-01-28 23:34 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\00-Temp TXFR Thumbdrive
2019-01-27 20:58 - 2019-01-27 20:58 - 000097162 _____ C:\Users\Nicki A. Layman\Downloads\statement-Dec-2018.pdf
2019-01-25 23:07 - 2019-01-25 23:07 - 000003400 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-01-25 23:06 - 2019-02-05 01:08 - 000002436 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-01-25 23:06 - 2019-02-05 01:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2019-01-25 22:39 - 2019-01-25 22:39 - 000003388 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-360536505-2673825806-2265472118-1001
2019-01-25 22:38 - 2019-01-25 22:38 - 000002438 _____ C:\Users\Nicki A. Layman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-21 23:47 - 2019-01-21 23:47 - 000640214 _____ C:\Users\Nicki A. Layman\Downloads\AMEX Statement_Jan 2019.pdf
2019-01-20 17:27 - 2019-01-20 17:27 - 000076365 _____ C:\Users\Nicki A. Layman\Downloads\Brokerage Trade Transaction (1).pdf
2019-01-20 11:52 - 2019-01-20 11:52 - 000000037 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2019-01-16 21:14 - 2019-01-16 21:14 - 000254431 _____ C:\Users\Nicki A. Layman\Downloads\AMERIPRISE Annual Statement 2018.pdf
2019-01-13 19:22 - 2019-01-13 19:22 - 000080253 _____ C:\Users\Nicki A. Layman\Downloads\Investment Suitability.pdf
2019-01-13 09:41 - 2019-01-13 09:41 - 000127875 _____ C:\Users\Nicki A. Layman\Downloads\CALE ACT ScoreReport.pdf
2019-01-13 09:38 - 2019-01-13 09:39 - 005084206 _____ C:\Users\Nicki A. Layman\Downloads\CALE PSATStudentScoreReport_1547390336303.pdf
2019-01-13 09:37 - 2019-01-13 09:38 - 001731399 _____ C:\Users\Nicki A. Layman\Downloads\CALE SATStudentScoreReport_1547390272424.pdf
2019-01-13 00:28 - 2019-01-13 00:28 - 000094278 _____ C:\Users\Nicki A. Layman\Documents\Ionic Bond Puzzle Pieces.pdf
2019-01-12 21:45 - 2019-01-12 21:45 - 000092027 _____ C:\Users\Nicki A. Layman\Downloads\statement-Nov-2018.pdf
2019-01-12 12:07 - 2019-01-12 12:07 - 000066080 _____ C:\Users\Nicki A. Layman\Downloads\ionic_bonding_activity.pdf
2019-01-09 23:06 - 2019-01-09 23:06 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\Dell Inc
2019-01-09 21:52 - 2019-01-09 21:52 - 000880758 _____ C:\Users\Nicki A. Layman\Downloads\ion_fit.pdf
2019-01-09 11:52 - 2019-01-09 11:52 - 003869110 _____ C:\Users\Nicki A. Layman\Downloads\K of C Scholastic Achievment Scholarship.pdf
2019-01-09 11:51 - 2019-01-09 11:51 - 003604525 _____ C:\Users\Nicki A. Layman\Downloads\Dennis Comai Scholarship.pdf
2019-01-09 11:49 - 2019-01-09 11:49 - 008406025 _____ C:\Users\Nicki A. Layman\Downloads\Vermont JCI Senate.pdf
2019-01-09 11:29 - 2019-01-02 14:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-09 11:29 - 2019-01-02 14:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-09 11:20 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 11:20 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 11:20 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 11:20 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 11:19 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 11:19 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 11:19 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 11:19 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 11:19 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 11:19 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 11:19 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 11:19 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 11:19 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 11:19 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 11:19 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 11:19 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 11:19 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 11:19 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 11:19 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 11:19 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 11:19 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 11:19 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 11:19 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 11:19 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 11:19 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 11:19 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 11:19 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 11:19 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 11:19 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 11:19 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 11:19 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 11:19 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 11:19 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 11:19 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 11:19 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 11:19 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 11:19 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 11:19 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 11:19 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 11:19 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 11:19 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 11:19 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 11:19 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 11:19 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 11:19 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 11:19 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 11:19 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 11:19 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 11:19 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 11:19 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 11:19 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 11:19 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 11:19 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 11:19 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 11:19 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 11:19 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 20:05 - 2019-01-08 20:05 - 000367153 _____ C:\Users\Nicki A. Layman\Documents\Cooper Harvey.pdf
2019-01-08 18:54 - 2019-01-08 19:01 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\2018.19 Boys Hockey
2019-01-08 18:54 - 2019-01-08 18:56 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\2018.19 Girls Hockey
2019-01-08 18:51 - 2019-01-08 18:51 - 003068084 _____ C:\Users\Nicki A. Layman\Downloads\IMG_5970.HEIC
2019-01-08 12:40 - 2019-01-08 12:40 - 007320272 _____ (Malwarebytes) C:\Users\Nicki A. Layman\Downloads\adwcleaner_7.2.6.0.exe
2019-01-08 11:30 - 2019-01-08 11:31 - 005435396 _____ C:\Users\Nicki A. Layman\Downloads\EX6100-V1.0.2.24_1.1.134.zip
2019-01-08 10:29 - 2019-01-08 10:30 - 003644744 _____ C:\Users\Nicki A. Layman\Downloads\BrMain488 (1).exe
2019-01-08 10:18 - 2019-01-08 10:18 - 003644744 _____ C:\Users\Nicki A. Layman\Downloads\BrMain488.exe
2019-01-08 10:16 - 2019-01-08 10:16 - 000002132 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2019-01-08 10:15 - 2016-10-17 11:11 - 000363520 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BRCOM13A.DLL
2019-01-08 10:10 - 2019-01-08 10:11 - 046950032 _____ (A.I.SOFT,INC.) C:\Users\Nicki A. Layman\Downloads\HL-L2360DW-inst-D1-US3.EXE
2019-01-08 09:45 - 2019-01-08 10:12 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\Install
2019-01-08 09:45 - 2019-01-08 09:45 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\rempnp
2019-01-08 09:44 - 2019-01-08 09:44 - 001110160 _____ (SOURCENEXT CORPORATION) C:\Users\Nicki A. Layman\Downloads\delinf_10390.EXE
2019-01-08 09:43 - 2019-01-08 09:44 - 214281024 _____ (SOURCENEXT CORPORATION) C:\Users\Nicki A. Layman\Downloads\Y17B_C1_ULWL-usa-inst-C1.EXE
2019-01-08 08:15 - 2019-01-08 08:15 - 000023055 _____ C:\Users\Nicki A. Layman\Downloads\Casella Waste 2019 Invoice document_0s796875.pdf
2019-01-07 15:32 - 2019-01-07 15:32 - 000122316 _____ C:\Users\Nicki A. Layman\Downloads\HELOC and MOrtgage Statement Dec 2018.pdf
2019-01-07 15:16 - 2019-01-07 15:16 - 000122268 _____ C:\Users\Nicki A. Layman\Downloads\NTO_120190107201559000705F6B00DADF9C44B39BF92AA12C2FF6387.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-05 09:07 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-05 07:51 - 2018-06-07 08:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-05 06:30 - 2018-10-13 13:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security Suite
2019-02-05 06:28 - 2018-04-06 18:01 - 000000000 ____D C:\Program Files (x86)\Dell Update
2019-02-05 06:28 - 2017-10-20 10:29 - 000000000 ____D C:\Program Files (x86)\Dell Customer Connect
2019-02-05 06:05 - 2015-12-02 16:02 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\Adobe
2019-02-05 06:02 - 2014-10-19 14:54 - 000000000 __SHD C:\Users\Nicki A. Layman\IntelGraphicsProfiles
2019-02-05 01:45 - 2018-06-07 08:51 - 000000000 ____D C:\Users\Nicki A. Layman
2019-02-05 01:37 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-05 01:37 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-05 01:12 - 2018-06-07 09:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-04 21:47 - 2015-01-30 11:13 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\03-Cale
2019-02-02 18:46 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-02 16:10 - 2015-01-30 11:15 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\00-Nicki
2019-02-01 15:45 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-31 20:38 - 2018-12-09 11:34 - 000018391 _____ C:\Users\Nicki A. Layman\NSL Time Log.xlsx
2019-01-31 17:35 - 2017-01-15 20:48 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-31 08:30 - 2017-05-23 10:16 - 000000000 ___RD C:\Users\Nicki A. Layman\iCloudDrive
2019-01-31 08:26 - 2018-04-11 16:04 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2019-01-31 08:24 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-28 19:34 - 2015-01-30 11:13 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\02-Colton
2019-01-28 17:08 - 2018-07-18 20:06 - 000000000 ____D C:\ProgramData\Packages
2019-01-25 23:07 - 2018-02-21 10:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-01-25 23:05 - 2014-11-04 10:39 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-25 23:05 - 2014-11-04 10:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-25 22:38 - 2015-05-06 15:01 - 000000000 ___RD C:\Users\Nicki A. Layman\OneDrive
2019-01-25 20:39 - 2015-01-30 11:07 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\04-Insurance, Investments and Taxes
2019-01-20 11:42 - 2018-11-21 11:53 - 000000000 _____ C:\WINDOWS\SysWOW64\SpyWareFolderstoFilter.txt
2019-01-17 17:07 - 2018-11-16 09:08 - 000000000 ____D C:\Program Files\rempl
2019-01-16 20:59 - 2018-10-21 18:02 - 000000132 _____ C:\Users\Nicki A. Layman\AppData\Roaming\Adobe PNG Format CC Prefs
2019-01-15 16:43 - 2014-11-04 10:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-11 11:35 - 2015-01-31 14:11 - 000073192 _____ C:\Users\Nicki A. Layman\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-10 06:12 - 2018-10-13 12:56 - 000353640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-09 23:30 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-09 23:30 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-09 23:11 - 2014-08-16 11:51 - 000000000 ____D C:\ProgramData\PCDr
2019-01-09 23:09 - 2014-08-16 11:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-01-09 23:06 - 2018-10-13 12:13 - 000000000 ____D C:\ProgramData\SupportAssist
2019-01-09 11:37 - 2014-10-19 16:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 11:30 - 2014-10-19 16:01 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-09 11:29 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-08 12:07 - 2018-06-07 09:35 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-08 12:07 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-08 12:07 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-08 10:36 - 2015-05-21 09:10 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\ElevatedDiagnostics
2019-01-08 10:19 - 2015-05-11 17:49 - 000000000 ____D C:\Program Files (x86)\Brother
2019-01-08 10:16 - 2016-08-29 11:54 - 000002215 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2019-01-08 10:15 - 2015-05-11 17:49 - 000000000 ____D C:\Program Files (x86)\Browny02

==================== Files in the root of some directories =======

2018-10-21 18:02 - 2019-01-16 20:59 - 000000132 _____ () C:\Users\Nicki A. Layman\AppData\Roaming\Adobe PNG Format CC Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 08:41

==================== End of FRST.txt ============================
 

Nicki

TS Booster
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Nicki A. Layman (05-02-2019 09:17:33)
Running from C:\Users\Nicki A. Layman\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-07 14:37:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-360536505-2673825806-2265472118-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-360536505-2673825806-2265472118-503 - Limited - Disabled)
Guest (S-1-5-21-360536505-2673825806-2265472118-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-360536505-2673825806-2265472118-1004 - Limited - Enabled)
Nicki A. Layman (S-1-5-21-360536505-2673825806-2265472118-1001 - Administrator - Enabled) => C:\Users\Nicki A. Layman
WDAGUtilityAccount (S-1-5-21-360536505-2673825806-2265472118-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 508.37430432.37421664.37430440 - Audible, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Cook'n (HKLM-x32\...\Cook'n) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\{E98E94E2-12D1-48E5-AC69-2C312F466136}) (Version: 3.1.0.142 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{5EF98E1C-3912-40EA-A8C1-25772D9F1762}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden
Garmin WebUpdater (HKLM-x32\...\{f1c8f03d-88bd-432d-80d1-782d4fac96b2}) (Version: 2.5.7 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Norton Security Suite (HKLM-x32\...\NGC) (Version: 22.16.3.21 - Symantec Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Quicken 2003 Basic (HKLM-x32\...\{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit) Hidden
Quicken 2003 Basic (HKLM-x32\...\InstallShield_{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.005 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
RootsMagic 7.0.11.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.11.0 - RootsMagic, Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
StatTrak Address Manager (HKLM-x32\...\StatTrak Address Manager) (Version: Patch 5.1.30 - All-Pro Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-360536505-2673825806-2265472118-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xE532B1218C2DD401078AB6218C2DD401010000003F00000000000000 => No File
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NavShExt.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NavShExt.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NavShExt.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10DF8A93-95CA-427E-B8E6-66740B1AB2A0} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {1DD5D3BA-1FE9-4EC6-BB16-4948EC442C50} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Leader Technologies Inc -> Aviata Inc)
Task: {29A4964D-1A47-4224-BA45-649EC323DD2D} - System32\Tasks\Norton Security Suite\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\SymErr.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {3226DCA9-F0D9-4285-BC28-0E3470488654} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\WSCStub.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3BEB6800-1B1E-473D-93FE-87A67D1693AB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-12-12] (Dell Inc. -> Dell Inc.)
Task: {44EA3486-FD6A-4816-9E50-0D6A3FB96153} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {5285BD54-F44A-4F37-8B66-B3C2C6E23AB7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] (Microsoft Windows -> )
Task: {671B92B6-482C-4D16-A13F-1C925E71BCE3} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-10-24] (Garmin International, Inc. -> )
Task: {73F5DD54-2C18-4EB5-8507-975CF3F27B30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-04] (Google Inc -> Google Inc.)
Task: {7A4C87E7-1A42-43D2-8986-331DA69D0CC3} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {87E585F6-5ADD-4548-97A1-432422F4EE80} - System32\Tasks\AdobeAAMUpdater-1.0-C3N01-Nicki-Nicki A. Layman => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8D87D34A-D70D-4305-BE4D-30C138A8CEC7} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Leader Technologies Inc -> Aviata Inc)
Task: {B2B62AC5-A121-48FB-907C-C33F376A293B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-04] (Google Inc -> Google Inc.)
Task: {B6DA6B21-A92F-4EA3-BFF5-C08F7C47E64D} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\SymErr.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {BAA9433F-28B0-40E6-96D9-931345F1F606} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {C0CAA1AD-F809-4A15-BCF5-8C1E9DA03F98} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {C7676DCB-74FA-4FC0-9B43-078953DD5B5F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D587CCCC-C635-4E60-8D79-E905F693524F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D6261E6D-6731-42A2-90A1-D1B79BBD0BD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {DF444D6F-4BA2-4A4D-8A4B-2DB2AB9FEF3C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {E39684F0-5967-480B-B71E-753C1941C6B2} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\SymErr.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {F3D452B2-3BE5-47EA-B780-A030B472CB98} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F6CF76D5-221A-4858-9E1A-286BC990C748} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {FA5402B9-E50B-475F-B046-0145B2CB748D} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Nicki A. Layman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5"

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-21 10:14 - 2010-03-15 18:04 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2019-01-09 23:10 - 2019-01-09 23:10 - 002587968 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\libprotobuf.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 20:21 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-22 15:58 - 2018-10-22 15:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-29 19:07 - 2019-01-29 19:07 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-29 19:07 - 2019-01-29 19:07 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-09 23:11 - 2019-01-09 23:11 - 017134080 _____ () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\SupportAssistClientUI.dll
2019-01-09 23:11 - 2019-01-09 23:11 - 000057200 _____ () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
2018-12-13 23:33 - 2018-12-12 00:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-13 23:33 - 2018-12-12 00:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2015-05-11 17:49 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2018-03-27 12:41 - 2018-03-27 12:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-08-13 13:46 - 000000734 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKCU\Environment\\Path: ;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Billminder.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Quicken Startup.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "Hudl Mercury"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "iCloudPhotos"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9A904E92-2A3B-4B56-AB96-B1462063A438}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AAE5C26F-ED51-4F29-9552-E201FCABB67D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C29C27D-C64B-47EA-A925-6171241133A8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9C709D81-2FC4-4A01-A0DD-5A73E368055D}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe] => (Block) C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe (DVO Enterprises Inc. -> )
FirewallRules: [TCP Query User{A98644A3-9729-455C-B6F9-EFB365318EF7}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe] => (Block) C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe (DVO Enterprises Inc. -> )
FirewallRules: [{AB3F0D87-480B-41E1-A16F-8491EDDC995F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2E0B0708-F969-464F-BCD5-13F48A0C321C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA4C9D02-4B80-4F36-93AA-9FF4141C9F6F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C25CDD12-1F54-42F0-B84F-9F08F399A921}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{03374841-6E68-4571-8142-7BF4A93EF238}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe] => (Allow) C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe (DVO Enterprises Inc. -> )
FirewallRules: [TCP Query User{AEA69FEC-1BBF-4181-AFDC-C103C134DF08}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe] => (Allow) C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe (DVO Enterprises Inc. -> )
FirewallRules: [{940A5833-498C-4E32-B826-17C9E17337DE}] => (Allow) LPort=54925
FirewallRules: [{FC2AEED0-1381-4166-BAAA-FF81BF6F5AE4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.)
FirewallRules: [{8C939E1F-D746-48F6-A51E-5B34FF6B6402}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.)
FirewallRules: [{FAFC47C5-903A-4594-A476-E7D058BC420C}] => (Allow) LPort=5353
FirewallRules: [{740C3859-A356-4D06-B143-1ECCCE591165}] => (Allow) LPort=3689
FirewallRules: [{E4128365-4165-419F-B3CE-F035ECCC946B}] => (Allow) LPort=1900
FirewallRules: [{503F7437-EA58-4838-B2EA-49235B4C948B}] => (Allow) LPort=2869
FirewallRules: [{2CFA9912-FD92-4BF4-ACD6-3C643A234150}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2D6051D-05F8-4E1D-9DC4-157AA00A4A57}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8A548696-FA27-4236-ACD4-3C3E6F75C67E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{F6D5A431-C7C2-4724-8FEB-4E120C0E1858}] => (Allow) C:\Users\Nicki A. Layman\Downloads\Install\wlan_wiz\.\wlan_assistant\waw.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{C47E800F-049B-41C1-B827-652795BF1DBF}] => (Allow) C:\Users\Nicki A. Layman\Downloads\Install\wlan_wiz\.\wlan_assistant\waw.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{E41608AD-4B11-46AD-95E8-F952BCBEDB03}] => (Allow) C:\Users\Nicki A. Layman\Downloads\Install\wlan_wiz\.\wlan_assistant\waw.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{C16D6CFF-90A1-469B-8B2D-31E195352B61}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

15-01-2019 16:38:25 Windows Update
24-01-2019 06:38:30 Scheduled Checkpoint
31-01-2019 07:19:24 Scheduled Checkpoint
05-02-2019 01:20:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2019 01:24:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.7.93, time stamp: 0x5bce2506
Faulting module name: DDVDataCollector.exe, version: 5.2.7.93, time stamp: 0x5bce2506
Exception code: 0xc0000409
Fault offset: 0x00000000001cd3cb
Faulting process id: 0x2f7c
Faulting application start time: 0x01d4bd1abf52cef7
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Report Id: 902fa66e-dea1-458b-9889-65cbac9203d2
Faulting package full name:
Faulting package-relative application ID:

Error: (02/05/2019 01:14:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname C3N01-Nicki.local already in use; will try C3N01-Nicki-2.local instead

Error: (02/05/2019 01:14:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 C3N01-Nicki.local. Addr 192.168.0.161

Error: (02/05/2019 01:14:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.161:5353 16 C3N01-Nicki.local. AAAA 2601:019B:C700:C63B:0000:0000:0000:50D5

Error: (02/05/2019 01:06:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17134.165, time stamp: 0x4031a9f8
Faulting module name: combase.dll, version: 10.0.17134.523, time stamp: 0x28000460
Exception code: 0xc0000005
Fault offset: 0x00000000000b5d10
Faulting process id: 0x26d0
Faulting application start time: 0x01d4bcd873bb1c3c
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 5d563c33-5aa1-4496-8215-220b9038a211
Faulting package full name:
Faulting package-relative application ID:

Error: (02/05/2019 12:57:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 71.0.3578.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3d3c

Start Time: 01d4bd175416096f

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: d8dced9c-67a8-40f5-a1aa-5e8c22511829

Faulting package full name:

Faulting package-relative application ID:

Error: (02/04/2019 05:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29245297

Error: (02/04/2019 05:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29245297


System errors:
=============
Error: (02/05/2019 09:10:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 09:08:56 AM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 09:01:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 08:03:12 AM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 07:51:51 AM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 06:05:42 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/05/2019 06:05:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 06:02:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-11-04 23:16:52.550
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-16 16:17:30.230
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-25 11:34:30.326
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-20 20:02:15.926
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20180720.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-10 17:58:10.196
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20180710.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-04 19:57:02.283
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20180704.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 22:06:18.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20180629.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 08:02:31.873
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20180628.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3530 @ 2.16GHz
Percentage of memory in use: 67%
Total physical RAM: 3979.2 MB
Available physical RAM: 1282.63 MB
Total Virtual: 5006.29 MB
Available Virtual: 1291.24 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.69 GB) (Free:248.96 GB) NTFS
Drive e: (QB BACKUPS) (Removable) (Total:3.68 GB) (Free:3.58 GB) FAT32
Drive x: (Booboo) (Fixed) (Total:6.88 GB) (Free:0.73 GB) NTFS

\\?\Volume{194d8c76-b8d3-445c-911d-286b191dd58a}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
\\?\Volume{ca483349-efe5-41cc-9027-22d4e1028923}\ () (Fixed) (Total:0.8 GB) (Free:0.33 GB) NTFS
\\?\Volume{90474468-a4d4-42d3-87bd-23f9d76e1928}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 72D27737)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Just to let you know that your computer doesn't have much RAM:
Total physical RAM: 3979.2 MB
With time it'll become slower and slower.


Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Nicki

TS Booster
Ah...Broni...We meet again!

While your instructions did not match 100% with the options presented to me. I beleive I have the logs files you requested. Each scan was performed in sequential order as listed in your instructions.

RogueKiller Log:

RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Nicki A. Layman [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/02/05 23:11:47 (Duration : 00:39:02)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{AEA69FEC-1BBF-4181-AFDC-C103C134DF08}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe -- [%localappdata%\DVO\cook'n11app\Cook'n.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{03374841-6E68-4571-8142-7BF4A93EF238}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe -- [%localappdata%\DVO\cook'n11app\Cook'n.exe] -> Deleted
[PUP.Gen0 (Potentially Malicious)] Honey -- bmnlcjabgnpnenekpadlanbbkooimhnj -> Deleted
 

Nicki

TS Booster
MalwareBytes Log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/5/19
Scan Time: 11:22 PM
Log File: ce48db1e-29c6-11e9-b336-000000000000.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9136
License: Trial

-System Information-
OS: Windows 10 (Build 17134.523)
CPU: x64
File System: NTFS
User: C3N01-Nicki\Nicki A. Layman

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 315588
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 9 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Nicki

TS Booster
ADWCleaner Log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-31.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-05-2019
# Duration: 00:00:33
# OS: Windows 10 Home
# Scanned: 31793
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1355 octets] - [09/06/2018 08:00:46]
AdwCleaner[C00].txt - [1467 octets] - [09/06/2018 08:01:10]
AdwCleaner[S01].txt - [1364 octets] - [09/06/2018 10:07:37]
AdwCleaner[C01].txt - [1550 octets] - [09/06/2018 10:08:55]
AdwCleaner[S02].txt - [1486 octets] - [09/06/2018 17:43:34]
AdwCleaner[C02].txt - [1672 octets] - [09/06/2018 17:43:51]
AdwCleaner[S03].txt - [1608 octets] - [11/07/2018 19:01:50]
AdwCleaner[C03].txt - [1794 octets] - [11/07/2018 19:02:16]
AdwCleaner[S04].txt - [1730 octets] - [11/07/2018 19:45:54]
AdwCleaner[S05].txt - [1791 octets] - [23/07/2018 22:15:19]
AdwCleaner[C05].txt - [1977 octets] - [23/07/2018 22:17:51]
AdwCleaner[S06].txt - [1913 octets] - [31/07/2018 18:07:19]
AdwCleaner[C06].txt - [2099 octets] - [31/07/2018 18:10:55]
AdwCleaner[S07].txt - [2074 octets] - [17/08/2018 09:57:22]
AdwCleaner[C07].txt - [2222 octets] - [17/08/2018 10:00:03]
AdwCleaner[S08].txt - [2157 octets] - [26/08/2018 23:19:13]
AdwCleaner[C08].txt - [2343 octets] - [26/08/2018 23:19:38]
AdwCleaner[S09].txt - [2400 octets] - [06/10/2018 13:53:24]
AdwCleaner[C09].txt - [2512 octets] - [06/10/2018 13:56:16]
AdwCleaner[S10].txt - [2508 octets] - [30/11/2018 00:16:40]
AdwCleaner[C10].txt - [2636 octets] - [30/11/2018 00:17:28]
AdwCleaner[S11].txt - [2531 octets] - [02/12/2018 21:42:42]
AdwCleaner[C11].txt - [2717 octets] - [02/12/2018 21:43:39]
AdwCleaner[S12].txt - [2653 octets] - [09/12/2018 22:00:13]
AdwCleaner[C12].txt - [2839 octets] - [09/12/2018 22:02:13]
AdwCleaner[S13].txt - [2775 octets] - [08/01/2019 12:44:52]
AdwCleaner[C13].txt - [2961 octets] - [08/01/2019 12:47:42]
AdwCleaner[S14].txt - [2897 octets] - [05/02/2019 01:05:48]
AdwCleaner[C14].txt - [3083 octets] - [05/02/2019 01:06:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S15].txt ##########
 

Broni

Malware Annihilator
Not much there...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Nicki

TS Booster
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 4.02.2019
Ran by Nicki A. Layman (administrator) on C3N01-NICKI (06-02-2019 06:09:39)
Running from C:\Users\Nicki A. Layman\Desktop
Loaded Profiles: Nicki A. Layman & (Available Profiles: Nicki A. Layman)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\nsWscSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\pcdrwi.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NortonSecurity.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NortonSecurity.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5776712 2013-11-25] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352450\...\Run: [] => [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352450\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352700\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352888\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\MountPoints2: {10195be0-f373-11e8-83dc-e74cf390b7f0} - "D:\LaunchU3.exe"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\MountPoints2: {10195be0-f373-11e8-83dc-e74cf390b7f0} - "D:\LaunchU3.exe"
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2015-06-12]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2015-06-12]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2015-06-12]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{04b62a43-b658-451d-bb8c-19a8be0592dd}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

FireFox:
========
FF ProfilePath: C:\Users\Nicki A. Layman\AppData\Roaming\Mozilla\Firefox\Profiles\0149i8yj.default-1473871826246 [2019-02-05]
FF Homepage: Mozilla\Firefox\Profiles\0149i8yj.default-1473871826246 -> www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://sidelineswap.com/static/assets/src/images/icons/icon-32x32.png
CHR Profile: C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default [2019-02-05]
CHR Extension: (Slides) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-04]
CHR Extension: (Docs) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-04]
CHR Extension: (Google Drive) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-04]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-11-04]
CHR Extension: (YouTube) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-04]
CHR Extension: (Honey) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-05]
CHR Extension: (The EDGE) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonidcfgodikbmdhnjalkkgdeklncbgi [2018-11-04]
CHR Extension: (EasyBib) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe [2018-11-04]
CHR Extension: (SidelineSwap) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbihabkbniojnbhfhoganlkikmpfadnc [2018-11-04]
CHR Extension: (Google News) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2018-11-04]
CHR Extension: (Pandora) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2018-11-04]
CHR Extension: (Google Finance) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2018-11-04]
CHR Extension: (Sheets) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-04]
CHR Extension: (Little Alchemy) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2018-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-31]
CHR Extension: (Gmail) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Nicki A. Layman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc -> Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc -> Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe [1035072 2019-01-09] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Techporch Incorporated -> Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc -> Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] (Microsoft Windows -> )
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39384 2018-12-12] (Dell Inc. -> Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265640 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-05-21] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20190204.001\BHDrvx64.sys [1925104 2018-09-17] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-11-28] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-11-30] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20190205.061\IDSvia64.sys [1424904 2019-01-21] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-05] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-05] (Malwarebytes Corporation -> Malwarebytes)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [53880 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\SymPlatform\SymEvnt.sys [678616 2019-01-28] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-05] (Adlice -> )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-05 23:40 - 2019-02-05 23:40 - 000003019 _____ C:\Users\Nicki A. Layman\Desktop\AdwCleaner[S15].txt
2019-02-05 23:36 - 2019-02-05 23:36 - 007316688 _____ (Malwarebytes) C:\Users\Nicki A. Layman\Desktop\adwcleaner_7.2.7.0.exe
2019-02-05 23:34 - 2019-02-05 23:34 - 000001237 _____ C:\Users\Nicki A. Layman\Desktop\MB Scan Log.txt
2019-02-05 23:21 - 2019-02-05 23:21 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-05 23:21 - 2019-02-05 23:21 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-05 23:21 - 2019-02-05 23:21 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-05 23:21 - 2019-02-05 23:21 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-05 23:21 - 2019-02-05 23:21 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\mbamtray
2019-02-05 23:21 - 2019-02-05 23:21 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\mbam
2019-02-05 23:20 - 2019-02-05 23:20 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-05 23:20 - 2019-02-05 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-05 23:20 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-05 23:20 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-05 23:18 - 2019-02-05 23:18 - 064309056 _____ (Malwarebytes ) C:\Users\Nicki A. Layman\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.exe
2019-02-05 23:13 - 2019-02-05 23:13 - 000002584 _____ C:\Users\Nicki A. Layman\Desktop\RKreport.txt
2019-02-05 22:29 - 2019-02-05 22:29 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-02-05 22:29 - 2019-02-05 22:29 - 000003164 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-02-05 22:29 - 2019-02-05 22:29 - 000000905 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-02-05 22:27 - 2019-02-05 22:27 - 029333240 _____ (Adlice Software ) C:\Users\Nicki A. Layman\Desktop\RogueKiller_setup_ref3.exe
2019-02-05 20:45 - 2019-02-05 20:45 - 001797633 _____ C:\Users\Nicki A. Layman\Downloads\Test Poster Format.pdf
2019-02-05 18:54 - 2019-02-05 18:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-05 09:17 - 2019-02-05 09:19 - 000044823 _____ C:\Users\Nicki A. Layman\Desktop\Addition.txt
2019-02-05 09:13 - 2019-02-06 06:11 - 000026219 _____ C:\Users\Nicki A. Layman\Desktop\FRST.txt
2019-02-05 09:13 - 2019-02-06 06:09 - 000000000 ____D C:\FRST
 

Nicki

TS Booster
2019-02-05 09:13 - 2019-02-05 09:13 - 002433024 _____ (Farbar) C:\Users\Nicki A. Layman\Desktop\FRST64.exe
2019-02-05 09:13 - 2019-02-05 09:13 - 000000000 ____D C:\Users\Nicki A. Layman\Desktop\FRST-OlderVersion
2019-02-05 01:44 - 2019-02-05 01:44 - 000000616 _____ C:\Users\Nicki A. Layman\Downloads\cc_20190205_014404.reg
2019-02-05 01:43 - 2019-02-05 01:43 - 000050070 _____ C:\Users\Nicki A. Layman\Downloads\cc_20190205_014326.reg
2019-02-05 01:35 - 2019-02-05 01:44 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 01:34 - 2019-02-05 01:34 - 019341880 _____ (Piriform Software Ltd) C:\Users\Nicki A. Layman\Downloads\ccsetup552.exe
2019-02-05 01:04 - 2019-02-05 01:04 - 007316688 _____ (Malwarebytes) C:\Users\Nicki A. Layman\Downloads\adwcleaner_7.2.7.0.exe
2019-02-03 00:55 - 2019-02-03 00:55 - 000340450 _____ C:\Users\Nicki A. Layman\Downloads\Statement_012019_4318.pdf
2019-02-03 00:10 - 2019-02-03 00:10 - 000121068 _____ C:\Users\Nicki A. Layman\Downloads\NTO_12019020305105700041597819323834E4ED98D14E5071612EDE5.pdf
2019-02-03 00:08 - 2019-02-03 00:08 - 001510171 _____ C:\Users\Nicki A. Layman\Downloads\Green Savings, January 2019 (1).pdf
2019-02-03 00:08 - 2019-02-03 00:08 - 001494670 _____ C:\Users\Nicki A. Layman\Downloads\One Deposit Checking, January 2019 (1).pdf
2019-02-03 00:07 - 2019-02-03 00:08 - 001512927 _____ C:\Users\Nicki A. Layman\Downloads\Green Savings, January 2019.pdf
2019-02-03 00:07 - 2019-02-03 00:07 - 001567449 _____ C:\Users\Nicki A. Layman\Downloads\One Deposit Checking, January 2019.pdf
2019-02-02 19:24 - 2019-02-02 19:24 - 000204388 _____ C:\Users\Nicki A. Layman\Downloads\cbablue_authreleaseinfo.pdf
2019-02-02 18:11 - 2019-02-02 18:11 - 000068685 _____ C:\Users\Nicki A. Layman\Downloads\download.html
2019-01-31 08:04 - 2019-01-31 08:04 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-31 08:04 - 2019-01-31 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-31 08:04 - 2019-01-31 08:04 - 000000000 ____D C:\Program Files\iPod
2019-01-31 08:03 - 2019-01-31 08:04 - 000000000 ____D C:\Program Files\iTunes
2019-01-31 07:57 - 2019-01-31 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-30 17:10 - 2019-01-30 17:11 - 000068679 _____ C:\Users\Nicki A. Layman\Downloads\Cale report card 01.30.19 1199059d-4c91-45b3-9f53-ab3e9a529ecc.pdf
2019-01-30 16:54 - 2019-01-30 16:54 - 000098662 _____ C:\Users\Nicki A. Layman\Downloads\Blog 17 ff.pdf
2019-01-30 16:54 - 2019-01-30 16:54 - 000098662 _____ C:\Users\Nicki A. Layman\Documents\Blog 17 ff.pdf
2019-01-29 20:36 - 2019-01-29 20:36 - 000206333 _____ C:\Users\Nicki A. Layman\Downloads\Brokerage Trade Transaction (2).pdf
2019-01-29 19:59 - 2019-01-29 19:59 - 000271679 _____ C:\Users\Nicki A. Layman\Downloads\instantpot-NEW.pdf
2019-01-28 23:33 - 2019-01-28 23:34 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\00-Temp TXFR Thumbdrive
2019-01-27 20:58 - 2019-01-27 20:58 - 000097162 _____ C:\Users\Nicki A. Layman\Downloads\statement-Dec-2018.pdf
2019-01-25 23:07 - 2019-01-25 23:07 - 000003400 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-01-25 23:06 - 2019-02-05 01:08 - 000002436 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-01-25 23:06 - 2019-02-05 01:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2019-01-25 22:39 - 2019-01-25 22:39 - 000003388 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-360536505-2673825806-2265472118-1001
2019-01-25 22:38 - 2019-01-25 22:38 - 000002438 _____ C:\Users\Nicki A. Layman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-21 23:47 - 2019-01-21 23:47 - 000640214 _____ C:\Users\Nicki A. Layman\Downloads\AMEX Statement_Jan 2019.pdf
2019-01-20 17:27 - 2019-01-20 17:27 - 000076365 _____ C:\Users\Nicki A. Layman\Downloads\Brokerage Trade Transaction (1).pdf
2019-01-20 11:52 - 2019-01-20 11:52 - 000000037 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2019-01-16 21:14 - 2019-01-16 21:14 - 000254431 _____ C:\Users\Nicki A. Layman\Downloads\AMERIPRISE Annual Statement 2018.pdf
2019-01-13 19:22 - 2019-01-13 19:22 - 000080253 _____ C:\Users\Nicki A. Layman\Downloads\Investment Suitability.pdf
2019-01-13 09:41 - 2019-01-13 09:41 - 000127875 _____ C:\Users\Nicki A. Layman\Downloads\CALE ACT ScoreReport.pdf
2019-01-13 09:38 - 2019-01-13 09:39 - 005084206 _____ C:\Users\Nicki A. Layman\Downloads\CALE PSATStudentScoreReport_1547390336303.pdf
2019-01-13 09:37 - 2019-01-13 09:38 - 001731399 _____ C:\Users\Nicki A. Layman\Downloads\CALE SATStudentScoreReport_1547390272424.pdf
2019-01-13 00:28 - 2019-01-13 00:28 - 000094278 _____ C:\Users\Nicki A. Layman\Documents\Ionic Bond Puzzle Pieces.pdf
2019-01-12 21:45 - 2019-01-12 21:45 - 000092027 _____ C:\Users\Nicki A. Layman\Downloads\statement-Nov-2018.pdf
2019-01-12 12:07 - 2019-01-12 12:07 - 000066080 _____ C:\Users\Nicki A. Layman\Downloads\ionic_bonding_activity.pdf
2019-01-09 23:06 - 2019-01-09 23:06 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\Dell Inc
2019-01-09 21:52 - 2019-01-09 21:52 - 000880758 _____ C:\Users\Nicki A. Layman\Downloads\ion_fit.pdf
2019-01-09 11:52 - 2019-01-09 11:52 - 003869110 _____ C:\Users\Nicki A. Layman\Downloads\K of C Scholastic Achievment Scholarship.pdf
2019-01-09 11:51 - 2019-01-09 11:51 - 003604525 _____ C:\Users\Nicki A. Layman\Downloads\Dennis Comai Scholarship.pdf
2019-01-09 11:49 - 2019-01-09 11:49 - 008406025 _____ C:\Users\Nicki A. Layman\Downloads\Vermont JCI Senate.pdf
2019-01-09 11:29 - 2019-01-02 14:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-09 11:29 - 2019-01-02 14:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-09 11:20 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 11:20 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 11:20 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 11:20 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 11:19 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 11:19 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 11:19 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 11:19 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 11:19 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 11:19 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 11:19 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 11:19 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 11:19 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 11:19 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 11:19 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 11:19 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 11:19 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 11:19 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 11:19 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 11:19 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 11:19 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 11:19 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 11:19 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 11:19 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 11:19 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 11:19 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 11:19 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 11:19 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 11:19 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 11:19 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 11:19 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 11:19 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 11:19 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 11:19 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 11:19 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 11:19 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 11:19 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 11:19 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 11:19 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 11:19 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 11:19 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 11:19 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 11:19 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 11:19 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 11:19 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 11:19 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 11:19 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 11:19 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 11:19 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 11:19 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 11:19 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 11:19 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 11:19 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 11:19 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 11:19 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 11:19 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 11:19 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 11:19 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 11:19 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 11:19 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 11:19 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 11:19 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 20:05 - 2019-01-08 20:05 - 000367153 _____ C:\Users\Nicki A. Layman\Documents\Cooper Harvey.pdf
2019-01-08 18:54 - 2019-01-08 19:01 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\2018.19 Boys Hockey
2019-01-08 18:54 - 2019-01-08 18:56 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\2018.19 Girls Hockey
2019-01-08 18:51 - 2019-01-08 18:51 - 003068084 _____ C:\Users\Nicki A. Layman\Downloads\IMG_5970.HEIC
2019-01-08 12:40 - 2019-01-08 12:40 - 007320272 _____ (Malwarebytes) C:\Users\Nicki A. Layman\Downloads\adwcleaner_7.2.6.0.exe
2019-01-08 11:30 - 2019-01-08 11:31 - 005435396 _____ C:\Users\Nicki A. Layman\Downloads\EX6100-V1.0.2.24_1.1.134.zip
2019-01-08 10:29 - 2019-01-08 10:30 - 003644744 _____ C:\Users\Nicki A. Layman\Downloads\BrMain488 (1).exe
2019-01-08 10:18 - 2019-01-08 10:18 - 003644744 _____ C:\Users\Nicki A. Layman\Downloads\BrMain488.exe
2019-01-08 10:16 - 2019-01-08 10:16 - 000002132 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2019-01-08 10:15 - 2016-10-17 11:11 - 000363520 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BRCOM13A.DLL
2019-01-08 10:10 - 2019-01-08 10:11 - 046950032 _____ (A.I.SOFT,INC.) C:\Users\Nicki A. Layman\Downloads\HL-L2360DW-inst-D1-US3.EXE
2019-01-08 09:45 - 2019-01-08 10:12 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\Install
2019-01-08 09:45 - 2019-01-08 09:45 - 000000000 ____D C:\Users\Nicki A. Layman\Downloads\rempnp
2019-01-08 09:44 - 2019-01-08 09:44 - 001110160 _____ (SOURCENEXT CORPORATION) C:\Users\Nicki A. Layman\Downloads\delinf_10390.EXE
2019-01-08 09:43 - 2019-01-08 09:44 - 214281024 _____ (SOURCENEXT CORPORATION) C:\Users\Nicki A. Layman\Downloads\Y17B_C1_ULWL-usa-inst-C1.EXE
2019-01-08 08:15 - 2019-01-08 08:15 - 000023055 _____ C:\Users\Nicki A. Layman\Downloads\Casella Waste 2019 Invoice document_0s796875.pdf
2019-01-07 15:32 - 2019-01-07 15:32 - 000122316 _____ C:\Users\Nicki A. Layman\Downloads\HELOC and MOrtgage Statement Dec 2018.pdf
2019-01-07 15:16 - 2019-01-07 15:16 - 000122268 _____ C:\Users\Nicki A. Layman\Downloads\NTO_120190107201559000705F6B00DADF9C44B39BF92AA12C2FF6387.pdf
 

Nicki

TS Booster
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-06 06:02 - 2014-10-19 14:54 - 000000000 __SHD C:\Users\Nicki A. Layman\IntelGraphicsProfiles
2019-02-06 00:38 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-05 23:20 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-05 23:20 - 2014-10-19 16:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-05 23:03 - 2018-06-07 08:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-05 22:29 - 2017-01-09 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-02-05 22:29 - 2017-01-09 00:05 - 000000000 ____D C:\Program Files\RogueKiller
2019-02-05 22:09 - 2018-04-06 18:01 - 000000000 ____D C:\Program Files (x86)\Dell Update
2019-02-05 22:09 - 2017-10-20 10:29 - 000000000 ____D C:\Program Files (x86)\Dell Customer Connect
2019-02-05 21:44 - 2015-01-30 11:13 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\03-Cale
2019-02-05 19:06 - 2018-10-13 13:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security Suite
2019-02-05 06:05 - 2015-12-02 16:02 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\Adobe
2019-02-05 01:45 - 2018-06-07 08:51 - 000000000 ____D C:\Users\Nicki A. Layman
2019-02-05 01:37 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-05 01:37 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-05 01:12 - 2018-06-07 09:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-02 18:46 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-02 16:10 - 2015-01-30 11:15 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\00-Nicki
2019-02-01 15:45 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-31 20:38 - 2018-12-09 11:34 - 000018391 _____ C:\Users\Nicki A. Layman\NSL Time Log.xlsx
2019-01-31 17:35 - 2017-01-15 20:48 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-31 08:30 - 2017-05-23 10:16 - 000000000 ___RD C:\Users\Nicki A. Layman\iCloudDrive
2019-01-31 08:26 - 2018-04-11 16:04 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2019-01-31 08:24 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-28 19:34 - 2015-01-30 11:13 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\02-Colton
2019-01-28 17:08 - 2018-07-18 20:06 - 000000000 ____D C:\ProgramData\Packages
2019-01-25 23:07 - 2018-02-21 10:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-01-25 23:05 - 2014-11-04 10:39 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-25 23:05 - 2014-11-04 10:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-25 22:38 - 2015-05-06 15:01 - 000000000 ___RD C:\Users\Nicki A. Layman\OneDrive
2019-01-25 20:39 - 2015-01-30 11:07 - 000000000 ____D C:\Users\Nicki A. Layman\Documents\04-Insurance, Investments and Taxes
2019-01-20 11:42 - 2018-11-21 11:53 - 000000000 _____ C:\WINDOWS\SysWOW64\SpyWareFolderstoFilter.txt
2019-01-17 17:07 - 2018-11-16 09:08 - 000000000 ____D C:\Program Files\rempl
2019-01-16 20:59 - 2018-10-21 18:02 - 000000132 _____ C:\Users\Nicki A. Layman\AppData\Roaming\Adobe PNG Format CC Prefs
2019-01-15 16:43 - 2014-11-04 10:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-11 11:35 - 2015-01-31 14:11 - 000073192 _____ C:\Users\Nicki A. Layman\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-10 06:12 - 2018-10-13 12:56 - 000353640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-09 23:30 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-09 23:30 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-09 23:11 - 2014-08-16 11:51 - 000000000 ____D C:\ProgramData\PCDr
2019-01-09 23:09 - 2014-08-16 11:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-01-09 23:06 - 2018-10-13 12:13 - 000000000 ____D C:\ProgramData\SupportAssist
2019-01-09 11:37 - 2014-10-19 16:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 11:30 - 2014-10-19 16:01 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-09 11:29 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-08 12:07 - 2018-06-07 09:35 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-08 12:07 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-08 12:07 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-08 10:36 - 2015-05-21 09:10 - 000000000 ____D C:\Users\Nicki A. Layman\AppData\Local\ElevatedDiagnostics
2019-01-08 10:19 - 2015-05-11 17:49 - 000000000 ____D C:\Program Files (x86)\Brother
2019-01-08 10:16 - 2016-08-29 11:54 - 000002215 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2019-01-08 10:15 - 2015-05-11 17:49 - 000000000 ____D C:\Program Files (x86)\Browny02

==================== Files in the root of some directories =======

2018-10-21 18:02 - 2019-01-16 20:59 - 000000132 _____ () C:\Users\Nicki A. Layman\AppData\Roaming\Adobe PNG Format CC Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 08:41

==================== End of FRST.txt ============================
 

Nicki

TS Booster
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Nicki A. Layman (06-02-2019 06:13:58)
Running from C:\Users\Nicki A. Layman\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-07 14:37:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-360536505-2673825806-2265472118-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-360536505-2673825806-2265472118-503 - Limited - Disabled)
Guest (S-1-5-21-360536505-2673825806-2265472118-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-360536505-2673825806-2265472118-1004 - Limited - Enabled)
Nicki A. Layman (S-1-5-21-360536505-2673825806-2265472118-1001 - Administrator - Enabled) => C:\Users\Nicki A. Layman
WDAGUtilityAccount (S-1-5-21-360536505-2673825806-2265472118-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 508.37430432.37421664.37430440 - Audible, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Cook'n (HKLM-x32\...\Cook'n) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\{E98E94E2-12D1-48E5-AC69-2C312F466136}) (Version: 3.1.0.142 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{5EF98E1C-3912-40EA-A8C1-25772D9F1762}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden
Garmin WebUpdater (HKLM-x32\...\{f1c8f03d-88bd-432d-80d1-782d4fac96b2}) (Version: 2.5.7 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Norton Security Suite (HKLM-x32\...\NGC) (Version: 22.16.3.21 - Symantec Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Quicken 2003 Basic (HKLM-x32\...\{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit) Hidden
Quicken 2003 Basic (HKLM-x32\...\InstallShield_{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.005 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
RogueKiller version 13.1.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.4.0 - Adlice Software)
RootsMagic 7.0.11.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.11.0 - RootsMagic, Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
StatTrak Address Manager (HKLM-x32\...\StatTrak Address Manager) (Version: Patch 5.1.30 - All-Pro Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xE532B1218C2DD401078AB6218C2DD401010000003F00000000000000 => No File
CustomCLSID: HKU\S-1-5-21-360536505-2673825806-2265472118-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xE532B1218C2DD401078AB6218C2DD401010000003F00000000000000 => No File
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NavShExt.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NavShExt.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\NavShExt.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10DF8A93-95CA-427E-B8E6-66740B1AB2A0} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {1DD5D3BA-1FE9-4EC6-BB16-4948EC442C50} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Leader Technologies Inc -> Aviata Inc)
Task: {3226DCA9-F0D9-4285-BC28-0E3470488654} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\WSCStub.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3BEB6800-1B1E-473D-93FE-87A67D1693AB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-12-12] (Dell Inc. -> Dell Inc.)
Task: {44EA3486-FD6A-4816-9E50-0D6A3FB96153} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {5285BD54-F44A-4F37-8B66-B3C2C6E23AB7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {592109E5-6D7D-4C7E-BE7A-D4508E2A56C0} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] (Microsoft Windows -> )
Task: {671B92B6-482C-4D16-A13F-1C925E71BCE3} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-10-24] (Garmin International, Inc. -> )
Task: {73F5DD54-2C18-4EB5-8507-975CF3F27B30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-04] (Google Inc -> Google Inc.)
Task: {7A4C87E7-1A42-43D2-8986-331DA69D0CC3} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {87E585F6-5ADD-4548-97A1-432422F4EE80} - System32\Tasks\AdobeAAMUpdater-1.0-C3N01-Nicki-Nicki A. Layman => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8B0C3865-0673-4EEE-B8B3-B86BB414395B} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [2019-02-04] (Adlice -> )
Task: {8D87D34A-D70D-4305-BE4D-30C138A8CEC7} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Leader Technologies Inc -> Aviata Inc)
Task: {97AE8237-C570-4EEB-B58E-E92D3D061A4E} - System32\Tasks\Norton Security Suite\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\SymErr.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {B2B62AC5-A121-48FB-907C-C33F376A293B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-04] (Google Inc -> Google Inc.)
Task: {B6DA6B21-A92F-4EA3-BFF5-C08F7C47E64D} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\SymErr.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {C0CAA1AD-F809-4A15-BCF5-8C1E9DA03F98} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {C7676DCB-74FA-4FC0-9B43-078953DD5B5F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D587CCCC-C635-4E60-8D79-E905F693524F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D6261E6D-6731-42A2-90A1-D1B79BBD0BD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {DF444D6F-4BA2-4A4D-8A4B-2DB2AB9FEF3C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {E39684F0-5967-480B-B71E-753C1941C6B2} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.16.3.21\SymErr.exe [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {F3D452B2-3BE5-47EA-B780-A030B472CB98} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F6CF76D5-221A-4858-9E1A-286BC990C748} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {FA5402B9-E50B-475F-B046-0145B2CB748D} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Nicki A. Layman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5"

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-21 10:14 - 2010-03-15 18:04 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2019-01-09 23:10 - 2019-01-09 23:10 - 002587968 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\libprotobuf.dll
2019-02-05 22:29 - 2019-02-04 10:32 - 033492536 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 20:21 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 11:19 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-29 19:07 - 2019-01-29 19:07 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-09 23:11 - 2019-01-09 23:11 - 017134080 _____ () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\SupportAssistClientUI.dll
2019-01-09 23:11 - 2019-01-09 23:11 - 000057200 _____ () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
2015-05-11 17:49 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2018-03-27 12:41 - 2018-03-27 12:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-08-13 13:46 - 000000734 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKCU\Environment\\Path: ;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352700\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352888\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Billminder.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Quicken Startup.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "Hudl Mercury"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\StartupApproved\Run: => "Hudl Mercury"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\StartupApproved\Run: => "iCloudPhotos"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9A904E92-2A3B-4B56-AB96-B1462063A438}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AAE5C26F-ED51-4F29-9552-E201FCABB67D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C29C27D-C64B-47EA-A925-6171241133A8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9C709D81-2FC4-4A01-A0DD-5A73E368055D}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe] => (Block) C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe (DVO Enterprises Inc. -> )
FirewallRules: [TCP Query User{A98644A3-9729-455C-B6F9-EFB365318EF7}C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe] => (Block) C:\users\nicki a. layman\appdata\local\dvo\cook'n11app\cook'n.exe (DVO Enterprises Inc. -> )
FirewallRules: [{AB3F0D87-480B-41E1-A16F-8491EDDC995F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2E0B0708-F969-464F-BCD5-13F48A0C321C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA4C9D02-4B80-4F36-93AA-9FF4141C9F6F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C25CDD12-1F54-42F0-B84F-9F08F399A921}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{940A5833-498C-4E32-B826-17C9E17337DE}] => (Allow) LPort=54925
FirewallRules: [{FC2AEED0-1381-4166-BAAA-FF81BF6F5AE4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.)
FirewallRules: [{8C939E1F-D746-48F6-A51E-5B34FF6B6402}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.)
FirewallRules: [{FAFC47C5-903A-4594-A476-E7D058BC420C}] => (Allow) LPort=5353
FirewallRules: [{740C3859-A356-4D06-B143-1ECCCE591165}] => (Allow) LPort=3689
FirewallRules: [{E4128365-4165-419F-B3CE-F035ECCC946B}] => (Allow) LPort=1900
FirewallRules: [{503F7437-EA58-4838-B2EA-49235B4C948B}] => (Allow) LPort=2869
FirewallRules: [{2CFA9912-FD92-4BF4-ACD6-3C643A234150}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2D6051D-05F8-4E1D-9DC4-157AA00A4A57}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8A548696-FA27-4236-ACD4-3C3E6F75C67E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{F6D5A431-C7C2-4724-8FEB-4E120C0E1858}] => (Allow) C:\Users\Nicki A. Layman\Downloads\Install\wlan_wiz\.\wlan_assistant\waw.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{C47E800F-049B-41C1-B827-652795BF1DBF}] => (Allow) C:\Users\Nicki A. Layman\Downloads\Install\wlan_wiz\.\wlan_assistant\waw.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{E41608AD-4B11-46AD-95E8-F952BCBEDB03}] => (Allow) C:\Users\Nicki A. Layman\Downloads\Install\wlan_wiz\.\wlan_assistant\waw.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{C16D6CFF-90A1-469B-8B2D-31E195352B61}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

15-01-2019 16:38:25 Windows Update
24-01-2019 06:38:30 Scheduled Checkpoint
31-01-2019 07:19:24 Scheduled Checkpoint
05-02-2019 01:20:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2019 01:24:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.7.93, time stamp: 0x5bce2506
Faulting module name: DDVDataCollector.exe, version: 5.2.7.93, time stamp: 0x5bce2506
Exception code: 0xc0000409
Fault offset: 0x00000000001cd3cb
Faulting process id: 0x2f7c
Faulting application start time: 0x01d4bd1abf52cef7
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Report Id: 902fa66e-dea1-458b-9889-65cbac9203d2
Faulting package full name:
Faulting package-relative application ID:

Error: (02/05/2019 01:14:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname C3N01-Nicki.local already in use; will try C3N01-Nicki-2.local instead

Error: (02/05/2019 01:14:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 C3N01-Nicki.local. Addr 192.168.0.161

Error: (02/05/2019 01:14:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.161:5353 16 C3N01-Nicki.local. AAAA 2601:019B:C700:C63B:0000:0000:0000:50D5

Error: (02/05/2019 01:06:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17134.165, time stamp: 0x4031a9f8
Faulting module name: combase.dll, version: 10.0.17134.523, time stamp: 0x28000460
Exception code: 0xc0000005
Fault offset: 0x00000000000b5d10
Faulting process id: 0x26d0
Faulting application start time: 0x01d4bcd873bb1c3c
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 5d563c33-5aa1-4496-8215-220b9038a211
Faulting package full name:
Faulting package-relative application ID:

Error: (02/05/2019 12:57:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 71.0.3578.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3d3c

Start Time: 01d4bd175416096f

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: d8dced9c-67a8-40f5-a1aa-5e8c22511829

Faulting package full name:

Faulting package-relative application ID:

Error: (02/04/2019 05:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29245297

Error: (02/04/2019 05:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29245297


System errors:
=============
Error: (02/06/2019 06:06:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/06/2019 06:05:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/06/2019 06:02:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 11:41:37 PM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 11:35:17 PM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 11:17:04 PM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 11:16:51 PM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2019 09:44:27 PM) (Source: DCOM) (EventID: 10016) (User: C3N01-Nicki)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user C3N01-Nicki\Nicki A. Layman SID (S-1-5-21-360536505-2673825806-2265472118-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-02-05 23:30:43.186
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-05 23:30:30.323
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-05 23:30:27.832
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-05 23:30:25.804
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-05 23:30:25.414
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-05 23:30:25.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-05 23:30:20.083
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-05 23:30:19.020
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3530 @ 2.16GHz
Percentage of memory in use: 67%
Total physical RAM: 3979.2 MB
Available physical RAM: 1289.61 MB
Total Virtual: 5005.79 MB
Available Virtual: 1456.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.69 GB) (Free:247.4 GB) NTFS
Drive e: (QB BACKUPS) (Removable) (Total:3.68 GB) (Free:3.58 GB) FAT32
Drive x: (Booboo) (Fixed) (Total:6.88 GB) (Free:0.73 GB) NTFS

\\?\Volume{194d8c76-b8d3-445c-911d-286b191dd58a}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
\\?\Volume{ca483349-efe5-41cc-9027-22d4e1028923}\ () (Fixed) (Total:0.8 GB) (Free:0.33 GB) NTFS
\\?\Volume{90474468-a4d4-42d3-87bd-23f9d76e1928}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 72D27737)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Nicki

TS Booster
Fix result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Ran by Nicki A. Layman (06-02-2019 21:44:38) Run:1
Running from C:\Users\Nicki A. Layman\Desktop
Loaded Profiles: Nicki A. Layman (Available Profiles: Nicki A. Layman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352450\...\Run: [] => [X]
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\...\MountPoints2: {10195be0-f373-11e8-83dc-e74cf390b7f0} - "D:\LaunchU3.exe"
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\MountPoints2: {10195be0-f373-11e8-83dc-e74cf390b7f0} - "D:\LaunchU3.exe"
HKU\S-1-5-18\...\Run: [] => [X]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
2018-10-21 18:02 - 2019-01-16 20:59 - 000000132 _____ () C:\Users\Nicki A. Layman\AppData\Roaming\Adobe PNG Format CC Prefs
CustomCLSID: HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xE532B1218C2DD401078AB6218C2DD401010000003F00000000000000 => No File
CustomCLSID: HKU\S-1-5-21-360536505-2673825806-2265472118-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xE532B1218C2DD401078AB6218C2DD401010000003F00000000000000 => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {F3D452B2-3BE5-47EA-B780-A030B472CB98} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

*****************

HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060352450\...\Run: [] => [X] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-360536505-2673825806-2265472118-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10195be0-f373-11e8-83dc-e74cf390b7f0} => removed successfully
HKLM\Software\Classes\CLSID\{10195be0-f373-11e8-83dc-e74cf390b7f0} => not found
HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075\...\MountPoints2: {10195be0-f373-11e8-83dc-e74cf390b7f0} - "D:\LaunchU3.exe" => Error: No automatic fix found for this entry.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
C:\Users\Nicki A. Layman\AppData\Roaming\Adobe PNG Format CC Prefs => moved successfully
CustomCLSID: HKU\S-1-5-21-360536505-2673825806-2265472118-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02062019060353075_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xE532B1218C2DD401078AB6218C2DD401010000003F00000000000000 => No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-360536505-2673825806-2265472118-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3D452B2-3BE5-47EA-B780-A030B472CB98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3D452B2-3BE5-47EA-B780-A030B472CB98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found

==== End of Fixlog 21:44:53 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

Nicki

TS Booster
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
Windows Defender
Malwarebytes
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 32.0.0.114
Google Chrome (71.0.3578.98)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 

Nicki

TS Booster
Farbar Service Scanner Version: 27-01-2016
Ran by Nicki A. Layman (administrator) on 06-02-2019 at 22:16:29
Running from "C:\Users\Nicki A. Layman\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Nicki

TS Booster
Nothing detected during Sophos Scan. Says computer is clean. It is running better! Can you explain in simple terms what the problem was?
 

Broni

Malware Annihilator
There wasn't much there. Nothing malicious. Just general cleaning.

Your computer is clean https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg[/URL]]

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642
 

Nicki

TS Booster
Thanks...as always...for your assistance. Computer is running better - not lightening fast by any stretch of the imagination...but then again, I don't think it ever was THAT fast! Time to start thinking about a new laptop.