Solved Possible Malware from ccleaner issue

C

curlee729

Posts: 54   +0
Hello
My computer is showing the following problems:
-Intermittently not allowing me to click X to close Firefox browser (nor use minimize). Must close using File,exit. I can do searches and use other portions of the pages.
-Cannot click on anything in Malwarebytes program (although program did a scan this morning)
-Cannot click on manual updating for spywareblaster
-Can use Symantec and other programs (I.e.: itunes)​
Why I suspect it may be an issue from ccleaner:
-On 8/3/17 I updated ccleaner to V5.33.
-On Monday, 9/18/17 I received notification that I had a new ccleaner update waiting. I usually wait to update a few weeks and I can't remember if I clicked to save the file to my downloads or not.
-After the reboot that morning, I received malwarebytes notice that it cleaned "Trojan.nyeta" & I found info on web about how ccleaner v 5.33 from 8/15 to 9/11 had allowed malware to be loaded with their file. I didn't think my ccleaner was affected due to the installation date but I thought the one waiting to be downloaded was the issue.
-On Tuesday, 9/19,I began noticing issues with being unable to click X on many programs (symantec & other issues with the clicks not responding within the programs). I uninstalled ccleaner, ran scans, did some reboots, researched this issue but was unable to find anything.
-On Wed, 9/20, I did a system restore back to 9/14. After rebooting, symantec notified of quarantined "Bloodhound.MalPE" virus. Restore had reinstalled ccleaner. I uninstalled ccleaner as well as some other programs that had updated during this period (google chrome, dropbox). I could not manually update spywareblaster so I uninstalled and reinstalled. I am able to get to the page to manually update but am unable to click the manual update button. It stalls and I cannot get off the page until I load another entirely different program and then I can close out of the spywareblaster
-Thurs 9/21- I ran SFC to check if I had any corrupted system files. Everything is ok.​
Since my problems began immediately after the malware was found I am assuming the problems are related to it.

Would anyone be able to assist me in determining if I have any other problems with malware?
Thanks

System Info:
Lenovo ThinkPad W550s
Windows 7- all updates have been loaded
 
Well I just finished reading the Techspot post on CCleaner and I guess my problem may not be CCleaner as I have a 64 bit installation which I forgot to mention above.
 
Just Ran the Farbar per instructions

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by Nancy (administrator) on NANCY-LENPC (21-09-2017 11:13:59)
Running from C:\Users\Nancy\Desktop
Loaded Profiles: Nancy (Available Profiles: Nancy)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\nis.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Flux Software LLC) C:\Users\Nancy\AppData\Local\FluxSoftware\Flux\flux.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Lenovo) C:\Users\Nancy\AppData\Local\Apps\2.0\2JNCY2YV.V46\NE12DKB7.WJB\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Node.js) C:\Windows\Prey\versions\1.7.1\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-12-22] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2857712 2014-11-17] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [168152 2014-09-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2125944 2017-09-12] (Logitech, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-10] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296208 2014-11-03] (Intel Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\Run: [f.lux] => C:\Users\Nancy\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77256 2017-04-17] (Intuit Inc.)
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\MountPoints2: {159028de-d97c-11e5-95cb-48e3ae5432a4} - D:\DTLplus_Launcher.exe
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\MountPoints2: {4612392c-5a36-11e5-949f-48e3ae5432a4} - D:\DTLplus_Launcher.exe
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\MountPoints2: {4c856546-4183-11e5-9b36-806e6f6e6963} - Q:\LenovoQDrive.cmd
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\MountPoints2: {77d5bd11-599a-11e5-bbe3-48e3ae5432a4} - D:\DTLplus_Launcher.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [185816 2015-12-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164008 2015-12-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-03-12]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-07-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.1.1
Tcpip\..\Interfaces\{54C2A4FC-50E7-495D-BA20-34A0E905716C}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{F893CA99-8455-4208-AC91-7113972626E7}: [DhcpNameServer] 192.168.0.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=ns&chn=2600&geo=us&ver=22&locale=en_us&guid=82b6ee09-d5bd-49fa-bc4d-10b16f21a17a&doi=2016-09-01&o=APN11915
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=2600&geo=US&ver=22.10.1.10&locale=en_US&guid=82B6EE09-D5BD-49FA-BC4D-10B16F21A17A&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=2600&geo=US&ver=22.10.1.10&locale=en_US&guid=82B6EE09-D5BD-49FA-BC4D-10B16F21A17A&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000 -> {F22710B2-D736-4708-A2AE-C544B21F93BC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-08-15] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///D:/launch.ocx
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: kevlrxaj.default
FF ProfilePath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default [2017-09-21]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\kevlrxaj.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\kevlrxaj.default -> hxxps://mg.mail.yahoo.com/neo/launch?.partner=sbc&.rand=bsi5rmipk358b
hxxps://mail.google.com/mail/#category/updates
hxxps://outlook.live.com/owa/
hxxps://wsc.clubautomation.com/
hxxps://timeanddate.com
FF Extension: (DuckDuckGo Plus) - C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-09-14]
FF Extension: (uBlock Origin) - C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\Extensions\uBlock0@raymondhill.net.xpi [2017-09-14]
FF Extension: (Evernote Web Clipper) - C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2017-06-16]
FF SearchPlugin: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\searchplugins\norton-safe-search.xml [2015-11-10]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2017-07-28]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-02-06] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\itms.js [2017-07-05]

Chrome:
=======
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default [2017-09-20]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-19]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-03]
CHR Extension: (Norton Identity Safe) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-20]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-20]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3059440 2017-07-18] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-07-19] (Fork, Ltd.) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [122984 2014-10-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-12-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-23] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\NIS.exe [326144 2017-08-24] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3180176 2015-12-22] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38240 2016-02-01] (The OpenVPN Project)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-05] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [317224 2014-12-05] (Lenovo Group Limited)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [X]

See next post
 
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20170914.001\BHDrvx64.sys [1872032 2017-09-07] (Symantec Corporation)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-28] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-08-04] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [222664 2014-10-18] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20170920.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-09-20] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-09-20] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-20] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-21] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrfl.sys [41176 2014-10-31] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw04.sys [3441424 2016-07-24] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2599128 2014-09-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-17] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 11:13 - 2017-09-21 11:14 - 000032987 _____ C:\Users\Nancy\Desktop\FRST.txt
2017-09-21 11:13 - 2017-09-21 11:13 - 000000000 ____D C:\Users\Nancy\Desktop\FRST-OlderVersion
2017-09-21 11:05 - 2017-09-21 11:13 - 002399744 _____ (Farbar) C:\Users\Nancy\Desktop\FRST64.exe
2017-09-21 09:10 - 2017-09-21 09:10 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-09-20 23:18 - 2017-09-20 23:18 - 000001094 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2017-09-20 23:18 - 2017-09-20 23:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-09-20 23:18 - 2017-09-20 23:18 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-09-20 23:14 - 2017-09-20 23:15 - 004291320 _____ (BrightFort LLC ) C:\Users\Nancy\Downloads\spywareblastersetup55.exe
2017-09-20 22:52 - 2017-09-20 22:52 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-09-20 21:29 - 2017-09-20 21:31 - 000000000 ____D C:\Users\Nancy\AppData\Local\NPE
2017-09-20 18:24 - 2017-08-16 09:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-20 18:24 - 2017-08-15 09:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-20 18:24 - 2017-08-15 08:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-20 18:24 - 2017-08-13 13:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-20 18:24 - 2017-08-13 12:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-20 18:24 - 2017-08-13 11:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-20 18:24 - 2017-08-13 11:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-20 18:24 - 2017-08-13 11:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-20 18:24 - 2017-08-13 10:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-20 18:24 - 2017-08-13 10:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-20 18:24 - 2017-08-13 10:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-20 18:24 - 2017-07-07 10:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-20 18:23 - 2017-08-19 10:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-20 18:23 - 2017-08-19 10:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-20 18:23 - 2017-08-16 10:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-20 18:23 - 2017-08-16 10:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-20 18:23 - 2017-08-15 20:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-20 18:23 - 2017-08-15 19:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-20 18:23 - 2017-08-15 10:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-20 18:23 - 2017-08-15 10:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-20 18:23 - 2017-08-15 10:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-20 18:23 - 2017-08-15 10:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-20 18:23 - 2017-08-15 09:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-20 18:23 - 2017-08-15 09:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-20 18:23 - 2017-08-15 09:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-20 18:23 - 2017-08-14 12:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-20 18:23 - 2017-08-14 12:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-20 18:23 - 2017-08-14 12:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-20 18:23 - 2017-08-14 12:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-20 18:23 - 2017-08-14 12:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-20 18:23 - 2017-08-14 12:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-20 18:23 - 2017-08-14 12:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-20 18:23 - 2017-08-14 12:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-20 18:23 - 2017-08-13 16:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-20 18:23 - 2017-08-13 16:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-20 18:23 - 2017-08-13 12:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-20 18:23 - 2017-08-13 12:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-20 18:23 - 2017-08-13 12:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-20 18:23 - 2017-08-13 12:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-20 18:23 - 2017-08-13 12:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-20 18:23 - 2017-08-13 12:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-20 18:23 - 2017-08-13 12:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-20 18:23 - 2017-08-13 11:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-20 18:23 - 2017-08-13 11:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-20 18:23 - 2017-08-13 11:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-20 18:23 - 2017-08-13 11:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-20 18:23 - 2017-08-13 11:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-20 18:23 - 2017-08-13 11:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-20 18:23 - 2017-08-13 11:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-20 18:23 - 2017-08-13 11:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-20 18:23 - 2017-08-13 11:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-20 18:23 - 2017-08-13 11:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-20 18:23 - 2017-08-13 11:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-20 18:23 - 2017-08-13 11:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-20 18:23 - 2017-08-13 11:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-20 18:23 - 2017-08-13 11:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-20 18:23 - 2017-08-13 11:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-20 18:23 - 2017-08-13 11:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-20 18:23 - 2017-08-13 11:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-20 18:23 - 2017-08-13 11:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-20 18:23 - 2017-08-13 11:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-20 18:23 - 2017-08-13 11:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-20 18:23 - 2017-08-13 11:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-20 18:23 - 2017-08-13 11:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-20 18:23 - 2017-08-13 11:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-20 18:23 - 2017-08-13 11:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-20 18:23 - 2017-08-13 11:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-20 18:23 - 2017-08-13 11:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-20 18:23 - 2017-08-13 11:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-20 18:23 - 2017-08-13 11:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-20 18:23 - 2017-08-13 11:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-20 18:23 - 2017-08-13 11:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-20 18:23 - 2017-08-13 11:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-20 18:23 - 2017-08-13 11:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-20 18:23 - 2017-08-13 11:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-20 18:23 - 2017-08-13 11:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-20 18:23 - 2017-08-13 11:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-20 18:23 - 2017-08-13 11:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-20 18:23 - 2017-08-13 10:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-20 18:23 - 2017-08-13 10:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-20 18:23 - 2017-08-13 10:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-20 18:23 - 2017-08-13 10:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-20 18:23 - 2017-08-13 10:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-20 18:23 - 2017-08-13 10:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-20 18:23 - 2017-08-13 10:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-20 18:23 - 2017-08-13 10:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-20 18:23 - 2017-08-13 10:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-20 18:23 - 2017-08-13 10:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-20 18:23 - 2017-08-11 01:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-20 18:23 - 2017-08-11 01:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-20 18:23 - 2017-08-11 01:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-20 18:23 - 2017-08-11 01:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-20 18:23 - 2017-08-11 01:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-20 18:23 - 2017-08-11 01:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-20 18:23 - 2017-08-11 01:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-20 18:23 - 2017-08-11 01:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-20 18:23 - 2017-08-11 01:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-20 18:23 - 2017-08-11 01:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-09-20 18:23 - 2017-08-11 01:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-20 18:23 - 2017-08-11 01:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-20 18:23 - 2017-08-11 01:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 01:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-20 18:23 - 2017-08-11 01:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-20 18:23 - 2017-08-11 01:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-20 18:23 - 2017-08-11 01:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-20 18:23 - 2017-08-11 01:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-20 18:23 - 2017-08-11 01:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-20 18:23 - 2017-08-11 01:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-20 18:23 - 2017-08-11 01:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-20 18:23 - 2017-08-11 01:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-20 18:23 - 2017-08-11 01:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-20 18:23 - 2017-08-11 01:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-20 18:23 - 2017-08-11 01:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-20 18:23 - 2017-08-11 01:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-20 18:23 - 2017-08-11 00:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-20 18:23 - 2017-08-11 00:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-20 18:23 - 2017-08-11 00:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-20 18:23 - 2017-08-11 00:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-20 18:23 - 2017-08-11 00:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-20 18:23 - 2017-08-11 00:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-20 18:23 - 2017-08-11 00:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-20 18:23 - 2017-08-11 00:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-20 18:23 - 2017-08-11 00:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-20 18:23 - 2017-08-11 00:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-20 18:23 - 2017-08-11 00:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-20 18:23 - 2017-08-11 00:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-20 18:23 - 2017-08-11 00:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-20 18:23 - 2017-08-11 00:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 00:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 00:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-20 18:23 - 2017-08-11 00:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-20 18:23 - 2017-07-07 10:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-20 16:59 - 2017-09-20 16:59 - 000000000 ____D C:\Users\Nancy\AppData\Local\ENC Security Systems BV
2017-09-17 22:26 - 2017-09-17 22:27 - 007248018 _____ C:\Users\Nancy\Downloads\archive(1).zip
2017-09-17 22:25 - 2017-09-17 22:25 - 000932623 _____ C:\Users\Nancy\Downloads\archive.zip
2017-09-17 15:07 - 2017-09-19 11:10 - 000000000 ____D C:\Users\Nancy\Documents\Identity Theft
2017-09-17 14:07 - 2017-09-17 14:09 - 000000000 ____D C:\Users\Nancy\Documents\Litigation
2017-09-17 14:07 - 2017-09-17 14:07 - 000078016 _____ C:\Users\Nancy\Documents\Claim Form _ Reverse The Charge. for laptops-cell-camera-batteries.pdf
2017-09-14 13:56 - 2017-09-14 14:17 - 000041588 _____ C:\Users\Nancy\Downloads\all other expenses last 12 months.TXT
2017-09-14 13:49 - 2017-09-14 14:18 - 000003877 _____ C:\Users\Nancy\Downloads\costco last 12 months.TXT
2017-09-14 13:40 - 2017-09-14 13:52 - 000004232 _____ C:\Users\Nancy\Downloads\Visa spending Sept to Sept-Dining Out.TXT
2017-09-14 13:35 - 2017-09-14 13:45 - 000002789 _____ C:\Users\Nancy\Downloads\Visa spending Sept to Sept-Gas.TXT
2017-09-12 09:24 - 2017-09-18 13:15 - 000000000 ____D C:\Users\Nancy\Documents\Sirius
2017-09-07 12:23 - 2017-09-07 12:23 - 000000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2017-09-07 12:18 - 2017-09-07 12:18 - 000003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-09-04 12:36 - 2017-09-04 12:40 - 000805724 _____ C:\Users\Nancy\Downloads\15-Minute Recipe_ Tomato-Watermelon Salad With Feta, Olives and Pistachios - WSJ.pdf
2017-09-03 21:33 - 2017-09-03 21:33 - 000001290 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-09-03 21:33 - 2017-09-03 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

See next post
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 11:13 - 2016-10-25 22:07 - 000000000 ____D C:\FRST
2017-09-21 10:42 - 2017-03-26 23:10 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-21 09:03 - 2009-07-13 23:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-21 09:03 - 2009-07-13 23:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-21 08:53 - 2016-11-25 08:55 - 000000000 ____D C:\Users\Nancy\AppData\LocalLow\Mozilla
2017-09-21 08:36 - 2015-09-13 15:54 - 000000000 ____D C:\ProgramData\Temp
2017-09-21 08:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2017-09-21 08:24 - 2016-02-22 11:16 - 000000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-09-21 00:08 - 2016-08-30 22:10 - 000007616 _____ C:\Users\Nancy\AppData\Local\Resmon.ResmonCfg
2017-09-21 00:03 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-21 00:03 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-09-21 00:01 - 2017-04-17 03:45 - 000000222 _____ C:\Windows\Tasks\Lenovo Active Protection System.job
2017-09-20 23:59 - 2017-03-26 23:10 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-20 23:59 - 2017-03-26 23:09 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-20 23:59 - 2017-03-26 23:09 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-20 23:59 - 2015-08-13 01:33 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-20 23:59 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-20 23:47 - 2016-02-15 20:54 - 000000000 ____D C:\Users\Nancy\AppData\Roaming\vlc
2017-09-20 23:44 - 2015-09-26 00:45 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-20 23:34 - 2016-02-06 12:30 - 000000000 ____D C:\ProgramData\Logishrd
2017-09-20 23:33 - 2016-02-06 12:46 - 000000000 ____D C:\Program Files\Logitech
2017-09-20 23:33 - 2016-02-06 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-09-20 23:32 - 2016-07-19 21:59 - 000000000 ____D C:\Windows\Prey
2017-09-20 23:19 - 2015-08-13 01:37 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-20 23:18 - 2015-09-13 23:12 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-09-20 23:01 - 2015-08-13 01:42 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-09-20 23:00 - 2016-12-30 02:35 - 000002521 _____ C:\Users\Public\Desktop\OverDrive for Windows.lnk
2017-09-20 23:00 - 2016-12-30 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2017-09-20 23:00 - 2016-12-30 02:35 - 000000000 ____D C:\Program Files (x86)\OverDrive for Windows
2017-09-20 22:59 - 2017-07-21 23:42 - 000001724 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-20 22:59 - 2017-07-21 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-20 22:55 - 2017-01-04 00:20 - 004676982 ____H C:\Users\Nancy\AppData\Local\IconCache.db.backup
2017-09-20 22:52 - 2016-10-31 22:56 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-20 22:52 - 2015-09-26 19:23 - 000000000 ____D C:\Program Files\Bonjour
2017-09-20 22:52 - 2015-09-26 19:23 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-09-20 22:51 - 2015-08-13 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2017-09-20 21:30 - 2015-09-13 11:48 - 000000000 ____D C:\ProgramData\Norton
2017-09-20 18:40 - 2009-07-13 23:45 - 000345584 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-20 18:31 - 2015-09-13 00:00 - 000000000 ____D C:\Windows\system32\MRT
2017-09-20 18:29 - 2015-09-13 00:00 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-20 18:26 - 2016-06-18 16:05 - 000000000 ____D C:\Program Files (x86)\Fitbit Connect
2017-09-20 18:26 - 2014-11-13 17:07 - 000774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-20 18:12 - 2017-01-05 15:14 - 000000000 ____D C:\Users\Nancy\AppData\Local\Deployment
2017-09-20 18:11 - 2015-09-27 14:00 - 000000000 ____D C:\Users\Nancy\AppData\Local\CrashDumps
2017-09-20 18:10 - 2015-08-29 18:38 - 000000000 ____D C:\Users\Nancy
2017-09-20 18:09 - 2017-03-26 23:10 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-20 18:07 - 2016-06-18 16:05 - 000000000 ____D C:\ProgramData\FitbitConnect
2017-09-20 18:07 - 2015-10-05 22:45 - 000000000 ____D C:\Windows\Minidump
2017-09-20 18:07 - 2015-09-27 19:18 - 000000000 ____D C:\ProgramData\Licenses
2017-09-20 18:07 - 2015-09-13 22:45 - 000000000 ____D C:\Users\Nancy\Documents\Financial
2017-09-20 18:07 - 2015-08-13 01:28 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2017-09-20 18:07 - 2015-08-13 01:22 - 000000000 ____D C:\Windows\System32\Tasks\Lenovo
2017-09-20 18:07 - 2014-11-14 14:29 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-09-20 18:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-09-20 18:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-20 18:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-09-20 18:07 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-09-20 16:01 - 2015-11-01 22:36 - 000000000 ____D C:\Users\Nancy\AppData\Local\ElevatedDiagnostics
2017-09-19 16:24 - 2015-09-13 22:45 - 000000000 ____D C:\Users\Nancy\Documents\Health
2017-09-19 13:19 - 2015-09-13 23:35 - 000000000 ____D C:\Users\Nancy\AppData\Roaming\KeePass
2017-09-19 10:19 - 2015-09-13 22:59 - 000127342 _____ C:\Users\Nancy\Documents\Pases4all.kdbx
2017-09-17 22:32 - 2015-09-13 22:50 - 000000000 ____D C:\Users\Nancy\Documents\Miscellaneous
2017-09-17 22:21 - 2015-09-13 22:59 - 000000000 ____D C:\Users\Nancy\Documents\Work
2017-09-17 15:07 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-09-12 19:59 - 2016-03-29 19:47 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-12 19:59 - 2016-03-29 19:47 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-12 19:59 - 2016-03-29 19:47 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-12 19:59 - 2016-01-02 10:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-12 19:59 - 2016-01-02 10:47 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-10 18:39 - 2015-09-13 22:50 - 000000000 ____D C:\Users\Nancy\Documents\Kim K
2017-09-10 11:15 - 2015-09-13 22:35 - 000000000 ____D C:\Users\Nancy\Documents\Quicken
2017-09-08 19:43 - 2017-05-12 00:30 - 000040924 __RSH C:\ProgramData\ntuser.pol
2017-09-07 22:27 - 2015-09-13 22:44 - 000000000 ____D C:\Users\Nancy\Documents\Computer Information and Related
2017-09-07 18:20 - 2015-12-09 22:46 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-07 12:18 - 2015-09-13 11:56 - 000002417 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-09-07 12:18 - 2015-09-13 11:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-09-07 12:18 - 2015-09-13 11:56 - 000000000 ____D C:\Windows\system32\Drivers\NISx64
2017-09-06 23:40 - 2015-09-27 12:42 - 000000767 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-09-06 21:38 - 2015-09-13 22:50 - 000000000 ____D C:\Users\Nancy\Documents\Pets
2017-09-06 21:26 - 2017-03-12 17:04 - 000000000 ____D C:\Users\Nancy\Documents\Garden and LandScape
2017-09-06 21:24 - 2015-09-26 19:23 - 000000000 ____D C:\Users\Nancy\AppData\Roaming\Apple Computer
2017-09-06 21:23 - 2017-04-28 15:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-06 21:23 - 2015-09-13 18:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-03 21:34 - 2016-07-19 22:05 - 000000000 ____D C:\ProgramData\Foxit Software
2017-09-03 21:29 - 2016-05-24 10:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-02-16 17:30 - 2017-02-16 16:07 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2015-11-09 23:46 - 2017-06-24 21:58 - 000075264 _____ () C:\Users\Nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-17 14:29 - 2017-06-17 14:29 - 000002306 _____ () C:\Users\Nancy\AppData\Local\recently-used.xbel
2016-08-30 22:10 - 2017-09-21 00:08 - 000007616 _____ () C:\Users\Nancy\AppData\Local\Resmon.ResmonCfg
2016-10-13 22:27 - 2016-10-13 22:27 - 000000000 _____ () C:\Users\Nancy\AppData\Local\{000B006C-BFFA-412D-A64E-F5070F216B9E}
2016-09-12 22:27 - 2016-09-12 22:28 - 000000000 _____ () C:\Users\Nancy\AppData\Local\{15994976-0C6D-4A2D-97D9-B6713F9020BB}
2016-11-12 22:52 - 2016-11-12 22:52 - 000000000 _____ () C:\Users\Nancy\AppData\Local\{9FDDCE4C-9CCC-48CD-A734-60F426801B25}
2016-09-12 22:27 - 2016-09-12 22:27 - 000000000 _____ () C:\Users\Nancy\AppData\Local\{E9DE0AD9-3FE2-4A39-A00D-0AAC1CB8BA49}
2015-08-13 01:31 - 2015-08-13 01:31 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-04 15:38 - 2017-01-15 20:35 - 000000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2017-09-12 13:37 - 2017-09-12 13:37 - 000552568 _____ (Logitech) C:\Users\Nancy\AppData\Local\Temp\LDeviceInstaller.exe
2017-09-20 23:33 - 2017-07-11 18:12 - 000058304 _____ (Logitech Inc.) C:\Users\Nancy\AppData\Local\Temp\LogiOptionsfileUninstaller.exe
2017-09-20 23:33 - 2017-07-11 18:19 - 000261384 _____ (Logitech Inc.) C:\Users\Nancy\AppData\Local\Temp\LogiOptionsUninstaller.exe
2017-09-12 13:39 - 2017-09-12 13:39 - 004238456 _____ (Logitech, Inc.) C:\Users\Nancy\AppData\Local\Temp\PlugInInstallerUtility.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-10 17:51

==================== End of FRST.txt ============================
 
Additions Txt Post

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by Nancy (21-09-2017 11:14:23)
Running from C:\Users\Nancy\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-29 23:38:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3111028138-2455618344-1635019946-500 - Administrator - Disabled)
Guest (S-1-5-21-3111028138-2455618344-1635019946-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3111028138-2455618344-1635019946-1002 - Limited - Enabled)
Nancy (S-1-5-21-3111028138-2455618344-1635019946-1000 - Administrator - Enabled) => C:\Users\Nancy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Evernote v. 6.2.4 (HKLM-x32\...\{1F000A98-5FF1-11E6-8BF2-0050569584E9}) (Version: 6.2.4.3244 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\Flux) (Version: - )
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10291 - Realtek Semiconductor Corp.)
Intel(R) Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.4.1000 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{a3294ccc-6d01-43c2-9249-3f50bd113bb8}) (Version: 1.3.2.1030 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.2.54 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{3F5D407B-86F5-4CA5-8F83-7C00BBB69080}) (Version: 5.1.23.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1434.2) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{12415e07-c869-4438-9d99-b55261706671}) (Version: 19.1.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
KeePass Password Safe 2.36 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.36 - Dominik Reichl)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.85.03 - Lenovo)
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo QuickControl (HKLM-x32\...\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Service Bridge (HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0053 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4963.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.10.1.10 - Symantec Corporation)
NVIDIA 3D Vision Driver 354.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 354.45 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA WMI 2.22.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.22.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4963.1002 - Microsoft Corporation) Hidden
OpenVPN 2.3.10-I602 (HKLM\...\OpenVPN) (Version: 2.3.10-I602 - )
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (HKLM-x32\...\{D6E853EC-8960-4D44-AF03-7361BB93227C}) (Version: 10.0.1.3222 - CyberLink Corp.) Hidden
Prey Anti-Theft (HKLM-x32\...\{77285857-D328-4040-866E-CB892D361E25}) (Version: 1.6.1 - Prey, Inc.) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.12.2 - Intuit)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7329 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.27.14 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.14.1114.2014 - Lenovo)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WaveEditor (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.) Hidden
WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.)
Windows Driver Package - Intel (e1dexpress) Net (09/29/2014 12.12.80.19) (HKLM\...\C21EE380054A0326E432D9D924576C6518CBFB1E) (Version: 09/29/2014 12.12.80.19 - Intel)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
Windows Driver Package - Synaptics (SmbDrv) System (11/18/2014 18.1.27.14) (HKLM\...\706FA340710376D8FBA10CF75C37A24846787B52) (Version: 11/18/2014 18.1.27.14 - Synaptics)
Windows Driver Package - Synaptics (SynTP) Mouse (11/18/2014 18.1.27.14) (HKLM\...\04C8B1B4379AB123816C6F1849A5525D79A4A0DF) (Version: 11/18/2014 18.1.27.14 - Synaptics)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-12-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-11-05] (NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0245D650-C88F-4A0D-B580-75DA20686242} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {05CFAFF9-7372-4D6D-9CCC-5DAD22B69305} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {0AFFD78E-4F5C-434B-91A4-137C97935957} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-03] (Realtek Semiconductor)
Task: {0CF85C71-DAF8-4EF0-AE6D-0D5ED58F20F1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-08-24] (Symantec Corporation)
Task: {0EC1FD02-D9D0-4D4C-A2F1-A2BAF84780FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {0FD370B7-2B09-44AD-AA55-FBE01A031497} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-09-03] (Realtek Semiconductor)
Task: {1B2CFF74-DC6B-435D-80C6-59A49200CC24} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-06] (CyberLink)
Task: {358232DC-03BC-4592-955B-8534ACF56BAC} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {3746A607-46EE-4774-893A-E22DF0572C32} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe [2014-08-21] (TODO: <Company name>)
Task: {389B5EBA-2CC3-4AF6-BFA6-CCD701CBFA58} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\WSCStub.exe [2017-08-24] (Symantec Corporation)
Task: {4591AD8A-DC24-48F7-8A2A-D247AC2D2119} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {49643BC6-F9D3-40E1-8DF4-B44F98E3388F} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {4F305A6C-E882-485E-BBA6-D0966B8AA56A} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {663B9333-E1E2-46F3-845F-8927F98775AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {779BFE78-D2D8-48A9-90B4-914C2DF655F1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {81359E10-95BA-4D5E-805D-C13849DACE90} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {869645A0-4B1F-4A15-8005-6CCC44AFB902} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {92625095-EA64-461C-9490-831E45910274} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {93BB70D0-3081-4F52-B759-2B0668846A1E} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-03] (Realtek Semiconductor)
Task: {9C384B58-E1CF-41D6-BA09-B3EC2F749DEF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3111028138-2455618344-1635019946-1000
Task: {A2891ED3-1169-4BF1-BB1B-68E10CE185E6} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {A86E4AA1-BD1A-4EB5-AC3E-4B054E795CFE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {AF393497-B132-4425-8455-A97687F5C2F6} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [2017-03-21] (Lenovo.)
Task: {C5C34829-01CB-4D00-9688-B8E190ABB339} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {DC924E8A-5921-46B3-A9F7-8403FCD3CC32} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {F13231C3-E1A2-4B75-AB49-411FA3D886F9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {F23C7FE8-9C3F-455E-96EB-5B974DF16450} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3111028138-2455618344-1635019946-1000 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {F81529BA-D04E-4854-B57F-6D3E5EE917F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {FE2503DD-3208-4B7B-9772-F0EB5E04DE73} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-13 01:33 - 2015-12-22 11:38 - 003180176 _____ () C:\Windows\system32\nvwmi64.exe
2015-08-13 01:32 - 2015-12-22 11:33 - 000020624 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-08-13 01:33 - 2015-11-05 06:51 - 000126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-24 14:45 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-23 18:58 - 2015-01-23 18:58 - 001795976 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-01-23 18:42 - 2015-01-23 18:42 - 000087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-01-23 18:58 - 2015-01-23 18:58 - 000357768 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2017-03-26 23:09 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-25 11:43 - 2017-01-31 07:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-13 01:33 - 2016-04-14 06:08 - 000107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-12 13:01 - 2017-09-12 13:01 - 000077824 _____ () C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2017-09-12 13:01 - 2017-09-12 13:01 - 000144896 _____ () C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2015-08-13 01:34 - 2011-08-02 22:58 - 002201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-08-13 01:34 - 2011-08-02 22:58 - 002085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-11-10 14:12 - 2014-11-10 14:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-13 01:32 - 2015-12-22 11:33 - 000020808 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-08-11 11:44 - 2016-08-11 11:44 - 000439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-08-11 11:44 - 2016-08-11 11:44 - 000321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-03-06 21:49 - 2013-03-06 21:49 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-06 21:52 - 2013-03-06 21:52 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
Posting last of Addition txt

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3111028138-2455618344-1635019946-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{AC746AB5-CD6C-455A-9517-AE1CD76DFE55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D9EF989-A788-4ABE-91FA-7197F041120B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE8600A0-3091-4638-BFF1-74EA3ED9647F}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{A46482CB-5BAA-44DB-A2B9-428C13C184BD}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{51984E6A-948C-4A51-9D09-B86701AA9C21}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{7C14D240-9B3C-4FD0-A5EA-7B791106CF96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6800D538-D27E-4B8C-AEA8-716A58F0473C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{07F473E0-8971-425B-A102-BA2BADEEAC10}] => (Allow) C:\Users\Nancy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F61F90C5-8642-4A58-8B9A-7810B2A1C60D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99328562-BBF3-4D2C-B675-94B240324177}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{36E93C53-0C6C-4BD4-B781-2F6FEDFA92CB}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{F36F65B4-2F07-499A-921B-98A15D8B8E82}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{02B9B402-69FA-4846-8CED-D97D4C1AEBF4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{798F46C3-4AE8-4782-8FBC-43CB50D18113}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{76990AE7-8D0F-4264-8A53-10EF0E9511B7}] => (Allow) %ProgramFiles%\iTunes\iTunes.exe
FirewallRules: [{CB83D1F6-F140-4A3E-AAA0-9FE025F17EE5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2099BE70-6EA9-4509-B633-ACE74462C57F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{4AB41C2B-36D6-41CF-A09B-CEBEFD5255E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{53E40989-C2D2-44E7-B0B5-122B5EB415ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BB04F2A4-2805-44C5-A630-A4DFB9E7709F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{126E0F7E-1495-47ED-8FBF-70EA77B23FE2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4796691E-0D1D-41A2-977E-5ACA7356AA3D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5558D79E-E14C-4508-9A1A-D8E993D4C2C9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{073DE6B4-4F57-412B-97C5-140658BC3188}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6F5B8D2F-EDAD-4E22-8BA1-5779B0750309}] => (Allow) C:\Windows\Prey\versions\1.7.1\bin\node.exe
FirewallRules: [{41846648-C34E-46F7-85DB-08D166E8F546}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8F8D791-DE23-441A-8D6E-13E7C6728EE6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85431052-4BAC-4CAC-AB45-C1352A00E465}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{803C9F47-229F-4E8F-8346-664E033E5D01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0A1FA06E-13AA-4DDD-8722-950AB74BC38D}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE

==================== Restore Points =========================

14-09-2017 12:32:07 Windows Update
20-09-2017 15:53:14 Windows Update
20-09-2017 16:04:48 Windows Update
20-09-2017 17:52:52 Restore Operation
20-09-2017 18:26:09 Windows Update
20-09-2017 22:36:16 Windows Update

==================== Faulty Device Manager Devices =============

Name: Lenovo Connect Device 1.0
Description: Lenovo Connect Device 1.0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2017 09:03:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpxsvc.exe, version: 1.0.0.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.23889, time stamp: 0x598d4c81
Exception code: 0xc00000fd
Fault offset: 0x0002df76
Faulting process id: 0x904
Faulting application start time: 0x01d3329661c9e2c5
Faulting application path: C:\Windows\Prey\wpxsvc.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: a66c61da-9ed5-11e7-b9e1-48e3ae5432a4

Error: (09/21/2017 12:09:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5616

Error: (09/21/2017 12:09:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5616

Error: (09/21/2017 12:09:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/21/2017 12:09:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4602

Error: (09/21/2017 12:09:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4602

Error: (09/21/2017 12:09:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/21/2017 12:09:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3261

Error: (09/21/2017 12:09:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3261

Error: (09/21/2017 12:09:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/21/2017 09:06:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cron Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/21/2017 07:42:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (09/20/2017 11:59:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/20/2017 11:59:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (09/20/2017 10:56:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/20/2017 10:56:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (09/20/2017 06:41:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/20/2017 06:40:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (09/20/2017 06:10:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper..

Error: (09/20/2017 06:09:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


CodeIntegrity:
===================================
Date: 2017-04-17 03:44:43.694
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-17 03:44:43.694
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-17 03:42:33.912
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-17 03:42:33.912
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-17 03:41:35.028
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-17 03:41:35.028
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-03 22:02:24.962
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-03 22:02:24.961
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-27 20:10:30.509
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-27 20:10:30.508
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 16079.96 MB
Available physical RAM: 11288.83 MB
Total Virtual: 32158.1 MB
Available Virtual: 26675.44 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:222.2 GB) (Free:13.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:14.81 GB) (Free:4.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: DA51248D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Thanks Broni for getting back to me.
I do have a few questions after reading your instructions
  • Should I rerun FRST64 & repost results? Reason being: since I originally posted the first results I went to microsoft website to download a Win 7 ISO copy in case I had to reinstall but even though I was at a legit website (https://www.microsoft.com/en-us/software-download/windows7), the tech said my product key was used 7 times so it was now blocked but I could purchase a new one for $40. I said that is crazy. I have an OEM copy so he said he could show me an alternative way to get the copy and directed me to a website: PCRivers2.com where he had me begin a download of the copy. After the download began, I became suspicious of this and stopped the download. I deleted the copy and the software he used to connect to my computer. So... now I see I should not have made any changes to my system and therefore you may want to see a fresh copy?
  • For all the 4 programs: Close all running programs. Does this include Malwarebytes -(when I arrived home this evening & awakened the computer & I can now click on the items in malwarebytes???? so do I disable real time protection). Disable real time protection for Norton Antivirus?
  • For all 4 programs: Do I leave my computer connected to the internet during these scan?
Thanks again for your time!
 
We'll re-run FRST little bit later so no need to re-run it now.
BY closing all running programs you just need to close all open windows.
No reason to disconnect from the net.
 
Broni-
I ran Roguekiller but I was unable to post the results. I received the following message

"Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator."

Below is the top part of the scan. I am just testing if there is anything in this top part that is causing the issue. I am moving on to the next scan (Malwarebytes)



RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Nancy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/23/2017 20:05:59 (Duration : 00:18:54)
Switches : -refid
 
Broni
I tried to run Malwarebytes-Free. The install became stuck on the second screen. I could not click on anything. I had the premium program installed and I tried to open that but I could not click on anything in the program. I then tried a reboot but I had to force the uninstall to close after several minutes of waiting. Then screen stuck on logging off screen for more than 5 minutes. I finally forced a close. When I booted up again, I clicked on Malwarebytes program and my premium program was replaced with the free, but I cannot click on any thing to scan. I am moving on to adwcleaner. :(
 
Broni
Results from AdwCleaner

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 24 02:33:43 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\invalidprefs.js


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\TBDEn|SBOEM2


***** [ Firefox (and derivatives) ] *****

SearchProvider deleted: nortonsafe.search.ask.com - Norton Safe Search


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1848 B] - [2016/10/24 14:54:51]
C:/AdwCleaner/AdwCleaner[S0].txt - [1816 B] - [2016/10/24 14:54:31]
C:/AdwCleaner/AdwCleaner[S1].txt - [1298 B] - [2017/9/24 2:29:21]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
 
Broni
Results of Junkware removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by Nancy (Administrator) on Sat 09/23/2017 at 21:45:09.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 61

Successfully deleted: C:\Program Files (x86)\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\extensions\trash (Folder)
Successfully deleted: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\searchplugins\norton-safe-search.xml (File)
Successfully deleted: C:\Users\Nancy\Documents\my pagemanager (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HOK32F4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PTW8THX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UB11KGM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4G0SCYT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE9142OH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGZM6M28 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWZQGI6V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4E60Z7K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZIE3WI7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQV26VE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUDQIH73 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVYCF951 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBRU7432 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHU0CBF3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDC3D2Q5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9VZOD5V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFVMNM76 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO3WYXSW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDMPWCBO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMFC19J9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4WFU39D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9HWZ464 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YASMADUL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJDKZMNJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HOK32F4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PTW8THX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UB11KGM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4G0SCYT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE9142OH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGZM6M28 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWZQGI6V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4E60Z7K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZIE3WI7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQV26VE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUDQIH73 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVYCF951 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBRU7432 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHU0CBF3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDC3D2Q5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9VZOD5V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFVMNM76 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OO3WYXSW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDMPWCBO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMFC19J9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4WFU39D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9HWZ464 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YASMADUL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJDKZMNJ (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F22710B2-D736-4708-A2AE-C544B21F93BC} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/23/2017 at 21:47:35.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please attach RogueKiller log.
As for MBAM, reinstall it a nd try to run it again.
 
Broni
For MBAM: I uninstalled via control panel, Programs & Features. The version I uninstalled was V3.1.2.1733, 161 MB, installed on 7/5/17. I shutdown. Then installed MBAM V.3.2.202, 168 MB. When I opened, it is now the premium version and it indicates on the home dashboard that a scan was completed 2 hr ago, all protection is on BUT I cannot minimize, close with X, click on any tab on the side bar (Scan, Quarntine, Report, settings) nor "my account' to access any of the features. I can close the window by going to the task bar and clicking close. Soooo I cannot perform a scan using it at this time????

You said to attach the Rogue Killer file so I assume since I cannot paste it into this window you want me to use the upload feature. So here it is.

Thanks
 

Attachments

  • RogueKiller.report1.txt
    6.4 KB · Views: 1
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Broni
Below is the Combofix. I uninstalled Malwarebytes & rebooted. Then I was having trouble using Norton and of course the typical "not being able to click the X to close out of the browser". I waited and kept trying to open and click on different programs and then I was suddenly able to disable Norton but for only 15 minutes so I quickly ran the combofix.

By the way, I wanted to save a few photos of my current photos in case of a crash so I put in a new PNY 16G USB but I forgot it would install drivers so there has been a change to my drivers but I am sorry but I forgot that would happen.

Here is the log.

ComboFix 17-09-14.01 - Nancy 09/24/2017 21:36:57.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16080.13018 [GMT -5:00]
Running from: c:\users\Nancy\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
FW: Norton Internet Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
SP: Norton Internet Security *Disabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Nancy\AppData\Roaming\Config
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2017-08-25 to 2017-09-25 )))))))))))))))))))))))))))))))
.
.
2017-09-25 03:02 . 2017-09-25 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-09-24 01:06 . 2017-09-24 01:06 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-09-24 01:02 . 2017-09-24 01:46 -------- d-----w- c:\programdata\RogueKiller
2017-09-24 01:01 . 2017-09-24 01:02 -------- d-----w- c:\program files\RogueKiller
2017-09-22 22:53 . 2017-09-22 22:53 -------- d-----w- c:\users\Nancy\AppData\Roaming\CyberLink
2017-09-22 17:12 . 2017-09-22 22:53 -------- d-----w- c:\users\Public\CyberLink
2017-09-21 04:18 . 2017-09-21 04:18 -------- d-----w- c:\program files (x86)\SpywareBlaster
2017-09-21 02:29 . 2017-09-21 02:31 -------- d-----w- c:\users\Nancy\AppData\Local\NPE
2017-09-20 23:24 . 2017-08-13 18:58 25730560 ----a-w- c:\windows\system32\mshtml.dll
2017-09-20 23:24 . 2017-08-15 14:06 15260160 ----a-w- c:\windows\system32\ieframe.dll
2017-09-20 23:24 . 2017-08-16 14:57 3224576 ----a-w- c:\windows\system32\win32k.sys
2017-09-20 23:24 . 2017-08-13 17:04 2899968 ----a-w- c:\windows\system32\iertutil.dll
2017-09-20 23:24 . 2017-08-13 16:51 5981696 ----a-w- c:\windows\system32\jscript9.dll
2017-09-20 23:24 . 2017-08-13 15:48 4547072 ----a-w- c:\windows\SysWow64\jscript9.dll
2017-09-20 23:24 . 2017-08-13 15:40 3241472 ----a-w- c:\windows\system32\wininet.dll
2017-09-20 23:24 . 2017-08-13 15:17 2767872 ----a-w- c:\windows\SysWow64\wininet.dll
2017-09-20 23:24 . 2017-07-07 15:29 1143296 ----a-w- c:\windows\system32\DXPTaskRingtone.dll
2017-09-20 21:59 . 2017-09-20 21:59 -------- d-----w- c:\users\Nancy\AppData\Local\ENC Security Systems BV
2017-09-05 13:30 . 2017-09-05 13:30 127440 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleHandler.dll
2017-08-31 20:31 . 2017-09-20 23:07 -------- d-----w- c:\windows\system32\drivers\NISx64\160A010.00A
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-20 23:29 . 2015-09-13 05:00 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-09-13 00:59 . 2016-03-30 00:47 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-09-13 00:59 . 2016-03-30 00:47 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-08-11 06:19 . 2017-09-20 23:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-07-29 14:56 . 2017-08-09 03:21 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-28 14:09 . 2015-09-13 16:56 102568 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2017-07-21 14:26 . 2017-08-09 03:21 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-09 03:21 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 03:21 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 03:21 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-09 03:21 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-09 03:21 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-09 03:21 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-09 03:21 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-09 03:21 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-09 03:21 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-09 03:21 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-09 03:21 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-09 03:21 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-09 03:21 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-09 03:21 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:29 . 2017-08-09 03:21 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:12 . 2017-08-09 03:21 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-09 03:21 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-09 03:21 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-09 03:21 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-09 03:21 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-09 03:21 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-09 03:21 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-09 03:21 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-09 03:21 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-09 03:21 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-09 03:21 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-09 03:21 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-09 03:21 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-09 03:21 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-09 03:21 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-09 03:21 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-09 03:21 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-09 03:21 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 03:21 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-09 03:21 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
2017-07-08 15:34 . 2017-08-09 03:21 370920 ----a-w- c:\windows\system32\clfs.sys
2017-07-07 15:33 . 2017-08-09 03:21 363752 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2017-07-07 15:29 . 2017-08-09 03:21 149504 ----a-w- c:\windows\system32\t2embed.dll
2017-07-07 15:11 . 2017-08-09 03:21 109568 ----a-w- c:\windows\SysWow64\t2embed.dll
2017-07-06 04:56 . 2017-07-11 22:31 119296 ----a-w- c:\windows\system32\drivers\bthpan.sys
2017-07-01 13:05 . 2017-08-09 03:21 616448 ----a-w- c:\windows\SysWow64\msrepl40.dll
2017-07-01 13:05 . 2017-08-09 03:21 475648 ----a-w- c:\windows\SysWow64\msxbde40.dll
2017-07-01 13:05 . 2017-08-09 03:21 375808 ----a-w- c:\windows\SysWow64\mspbde40.dll
2017-07-01 13:05 . 2017-08-09 03:21 343552 ----a-w- c:\windows\SysWow64\msrd3x40.dll
2017-07-01 13:05 . 2017-08-09 03:21 339968 ----a-w- c:\windows\SysWow64\msexcl40.dll
2017-07-01 13:05 . 2017-08-09 03:21 310272 ----a-w- c:\windows\SysWow64\msrd2x40.dll
2017-07-01 13:05 . 2017-08-09 03:21 240640 ----a-w- c:\windows\SysWow64\msltus40.dll
2017-07-01 13:05 . 2017-08-09 03:21 1311744 ----a-w- c:\windows\SysWow64\msjet40.dll
2017-07-01 13:05 . 2017-08-09 03:21 866816 ----a-w- c:\windows\SysWow64\mswdat10.dll
2017-07-01 13:05 . 2017-08-09 03:21 83968 ----a-w- c:\windows\SysWow64\msjter40.dll
2017-07-01 13:05 . 2017-08-09 03:21 641536 ----a-w- c:\windows\SysWow64\mswstr10.dll
2017-07-01 13:05 . 2017-08-09 03:21 144896 ----a-w- c:\windows\SysWow64\msjint40.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-20 05:39 1587912 ----a-w- c:\users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-20 05:39 1587912 ----a-w- c:\users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-20 05:39 1587912 ----a-w- c:\users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Nancy\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2015-10-28 4567720]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2017-04-17 77256]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2017-07-14 67384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-11-10 136992]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2016-04-14 6422696]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-11-04 296208]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-08-31 452272]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2017-06-09 3191728]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2015-10-28 4567720]
.
c:\users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2016-8-11 956600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2016-2-2 605400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LPlatSvc;Lenovo Platform Service;c:\windows\system32\LPlatSvc.exe;c:\windows\SYSNATIVE\LPlatSvc.exe [x]
R2 QuickControlMasterSvc;Lenovo QuickControl Master Service;c:\program files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe;c:\program files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [x]
R3 LenovoProdRegManager;PowerENGAGE Maintenance Service;c:\program files (x86)\Lenovo Registration\EngageService.exe;c:\program files (x86)\Lenovo Registration\EngageService.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ShareItSvc;ShareItSvc;c:\program files (x86)\Lenovo\SHAREit\Shareit.Service.exe;c:\program files (x86)\Lenovo\SHAREit\Shareit.Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\NISx64\160A010.00A\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\160A010.00A\SYMEFASI64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20170920.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20170920.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\160A010.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\160A010.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20170922.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20170922.001\IDSvia64.sys [x]
S1 ndisrd;Intel(R) Technology Access Filter Driver;c:\windows\system32\DRIVERS\ndisrfl.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrfl.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\160A010.00A\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\160A010.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\160A010.00A\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\160A010.00A\SYMNETS.SYS [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CronService;Cron Service;c:\windows\Prey\wpxsvc.exe;c:\windows\Prey\wpxsvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [x]
S2 iBtSiva;Intel Bluetooth Service;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) TechnologyAccessService;Intel(R) Technology Access Service;c:\program files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe;c:\program files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;c:\program files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe;c:\program files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\22.10.1.10\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\22.10.1.10\NIS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 QuickControlService;Lenovo QuickControl Service;c:\program files (x86)\Lenovo\QuickControl\QuickControlService.exe;c:\program files (x86)\Lenovo\QuickControl\QuickControlService.exe [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 rtsuvc;Integrated Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-07-31 22:31 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-20 05:39 1641664 ----a-w- c:\users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-20 05:39 1641664 ----a-w- c:\users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-20 05:39 1641664 ----a-w- c:\users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-08-15 12:27 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-08-15 12:27 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-08-15 12:27 2351920 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-06-27 7822136]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-12-22 1804432]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2014-08-07 295712]
"RtsCM"="RTSCM64.EXE" [2014-09-11 168152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2015-08-26 3113592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2017-07-14 303928]
"LogiOptions"="c:\program files\Logitech\LogiOptions\LogiOptions.exe" [2017-09-12 2125944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip bookmark - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
FF - ProfilePath - c:\users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\kevlrxaj.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MBAMService
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Belarc Advisor - c:\program files (x86)\Belarc\BelarcAdvisor\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\22.10.1.10\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\22.10.1.10\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\160A010.00A\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine32\22.10.1.10;c:\program files (x86)\Norton Internet Security\Engine\22.10.1.10"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-09-24 22:31:34
ComboFix-quarantined-files.txt 2017-09-25 03:31
.
Pre-Run: 30,094,712,832 bytes free
Post-Run: 29,904,928,768 bytes free
.
- - End Of File - - 7DF52A4D1412DF48EBA9372E6A86DA7D
05CAF6D09AEF7B95D7F9F037D8CB297E

Thanks for your help!
 
Broni
You said to keep you updated on how my system is working. It is all very random. Sometimes I believe something is hogging my system resources and that is why nothing reacts once I have opened up a program and then later, the program appears to respond. BUT then some programs never appear to get better. Last night I opened up most of my programs that have shortcuts on the desktop and some responded better. This morning I booted out of hibernate and have been checking how the programs are working again. Below is a list of the programs that are still having issues (meaning I can open but when I do some task within the program it freezes and I cannot click on any other tasks or click on x to close, I have to close by using right clicking on the program in the taskbar and closing):
  • Firefox -I can use the program but the minimize, maximize, x close button do not work.
  • Adobe - I can open a PDF but nothing else works...no printing, no clicks respond, can't x close. If try to click on the pages and move through them, nothing but if I minimize using the task bar and then open again it has moved through to the page I clicked on. When I minimize and return, I can use the x to close.
  • Audacity - Once I open a song to play, no response to any other clicks
  • VLC media - Can play a media but cannot edit after playing, but I CAN click x to close
The following programs appear to work.
  • Speccy
  • Norton
  • Itunes- although last night it would not work at all
  • Picasa3
  • Foxit reader
  • Gimp2
  • infranview
  • Evernote
  • Turbo tax (but no file was on my computer so nothing was tested further)
  • The following worked but I did not test further by opening the program with my password.
    • Quicken
    • Keepass
The canon quick menu icon shortcut does not open anymore but that is probably something taken off of my computer during the clean and I imagine I can reinstall that.

When testing the programs this morning Norton advised that it tested and found the following files to be ok. So these files were automatically downloaded
  • eme-adobe.dll (appears to be downloaded by firefox\profile\kevlrxas.default) V5.14.40673.0
  • widevinecdm.dll - a google file, (firefox is origen) V.1.4.8.903

Thanks for helping. And again I am sorry about installing the drivers for the USB Key. I just wasn't thinking about what would happen when I installed a new USB key. Let me know what else you think I should do. Thanks
 
Broni
Sorry but I forgot to add that I have not reinstalled malwarebytes and that the following program is still a problem

Spywareblaster- I can click on menu items on left but Cannot minimize, x close, autoupdate, can't enable protection. I have not tried manual update again as I didn't want to change my system.

For Norton also, It appears it did a live update this morning and updated the antispyware definitions this morning also. Scan 11 hr ago.
 
Broni
As a side note: I ran process explorer and there are four processes that VirusTotal has a virus count for as 1/64. Three days ago there were only two. I have read that if VirusTotal only shows 1/64, it is likely the files may well be good but I thought I would list for you just in case you see something that looks strange.
  • wpsxvc.exe Name: Execution service,Command line: C:\windows\Prey Company: Fork, LTD.
  • devmonsrv.exe Name: Bluetooth device monitor, Command Line: C:\Program Files(86)\Intel\Bluetooth. Company: Motorola Svs
  • vcamsvc.exe Name: Virtual camera controller, Command line: C:\Program Files\Lenovo\Communication utility
  • Cammute.exe Name: Camera Mute Control Service, Command line: C:\Program Files\Lenovo\Communication utility
In addition, in my event viewer I saw 40,000 events surrounding the operation of : "Launch process: "c:\windows\prey\\current\bin\node.exe" "lib\agent\cli.js", could not open PID #, Thread exited with a code 10, Process stopped: return code 1". The file node.exe is used with prey and I have been using prey since last year but all these exceptions began around 7/14/17. I have checked to see if I can see my laptop by logging into my phone Prey app and Prey is reporting the laptop location correctly. I am assuming the prey app is working but with all these exceptions I was wondering if possibly the cli.js file may be bad.

node.exe updated to a new version on 7/24 as well as the cli.js. It could just be a coincidence that these files for prey began to have an issue and the wpsxvc.exe Prey file is also reported as suspect.

Thanks.
 
Broni
It's me again. I just shutdown and rebooted. I received the following message...an "Application Install-Security Warning" Popup.

Your administrator has blocked this application because it potentially poses a security risk to your computer.

Lenovo Service Bridge
From: download.lenovo.com
Publisher: unknown
(Symbol: red shield with an x) Your security setting do not allow this application to be installed on your computer.​

I am pretty sure I didn't ask for it to be downloaded nor did I block it. Maybe some setting changed when I shutdown. ??
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
You must log in or register to reply here.

Similar threads

H
Legion 5 15ARH05H Type-C Video Output Stopped Working
Replies
0
Views
413
Hal19
H
N
Issue with Dark and Light settings in forums mode
Replies
4
Views
672
Neatfeatguy
N
A
AT&T wireless service outage is impacting many US customers
Replies
8
Views
234
Mark Fuller
M

Latest posts

Back