Solved Possible search.yahoo PUP and/or some other virus/malware

Nicki

Posts: 200   +0
I think I picked up a search.yahoo virus. Use Firefox and default was/is set to Goggle however it defaults to yahoo no matter what the settings are and I cannot seem to locate anything yahoo to delete/uninstall.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Nicki (administrator) on HENRY (HP HP ENVY x360 Convertible 15-cn1xxx) (11-07-2020 22:12:58)
Running from C:\Users\Nicki\Desktop
Loaded Profiles: Nicki
Platform: Windows 10 Home Version 1903 18362.900 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(ELAN Microelectronics Corporation -> ELAN) C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.16.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\HpSystemManagement.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_0c50c5dc47ed0efe\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_34687bf44d0a152a\lib\SocketHeciServer.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.4.57\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\RtkAudUService64.exe [970528 2019-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7507624 2020-06-15] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [526856 2020-06-20] (HP Inc. -> HP Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [526856 2020-06-20] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Mozilla Firefox\firefox.exe -os-restarted -url hxxps://my.norton.com/PartnerDownload/Home/EmailDownload?partnerunitid=1215&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQRU5HUF9DTEFJT (the data entry has 378 more characters).
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\MountPoints2: {8ae3d9fd-bbb7-11e9-818f-5c879cbafe1d} - "F:\LaunchU3.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2019-08-10]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2019-08-10]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2019-08-10]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-08-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09BEEE25-93D4-4B55-A50C-0AD2ED427538} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0F8F0B9D-9594-4794-B41E-B559FD0278F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {21B1D9D2-C258-405F-BCA6-306088659477} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {272000D1-07C1-484B-B1FC-AAFFCE6A444E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-10] (Adobe Inc. -> Adobe)
Task: {292C83A7-82CC-4D4F-B85A-FD2B1DCE0608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {3242FFB1-E6AA-4BD9-978F-12D4C7232176} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {49B4CB26-5D97-47E1-BF7D-0AD36D4D5D42} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {4B4632BD-0115-4B1F-98BB-5A35CD1F6608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282240636-1967671034-2412643917-500 => C:\Users\Nicki\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {78EB442A-649E-47F4-94A4-37AAD86A42A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {7EBFFFA3-DCDF-4581-B206-BAC46CEAB08E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.4.57\WSCStub.exe [644472 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {81E59C33-9A4E-48BB-9D74-34B630D0A6A8} - System32\Tasks\Norton Security with Backup\Norton Security Online Autofix => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {86717D21-BEDE-4989-95DC-553520DDE34D} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Processor => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {9070A544-D8C5-4BC2-93E1-FEE36B7BF418} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-10] (Adobe Inc. -> Adobe)
Task: {B9F6249D-48B7-4FE1-A4DE-AEB17A63220B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {C1D90BA0-E816-4D05-A45C-E97679365E9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {D4FBB0C9-84F0-4F52-A1C7-827FB41EA31F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd -> Piriform Ltd)
Task: {E327E790-D5A3-4D64-B31B-994858062118} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {E748083A-80B1-4AFB-AF8C-BC4BA7EEDD6D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online\Upgrade.exe [2162728 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {E8A9B32E-2282-453D-8D72-8F07398537E0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63df01f0-50fb-4a1d-903f-3c62c404e66e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b332947e-406c-4b78-8c25-71ce0868b9c0}: [DhcpNameServer] 172.168.0.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {BFF249C9-3DBF-45D9-9369-5799E10BD69C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-282240636-1967671034-2412643917-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)

Edge:
======
Edge Profile: C:\Users\Nicki\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-28]

FireFox:
========
FF DefaultProfile: 4xxavejw.default
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\4xxavejw.default [2020-04-24]
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367 [2020-07-11]
FF Homepage: Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367 -> hxxps://www.google.com/
FF Extension: (Facebook Container) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\@contain-facebook.xpi [2020-04-14]
FF Extension: (Home Tab) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\hometab@ext.xpi [2020-07-09] [UpdateUrl:hxxps://web-context.com/hometab.json]
FF Extension: (Norton Password Manager) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\idsafe@norton.com.xpi [2020-07-07]
FF Extension: (RetailMeNot Deal Finder™️) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\retailmenot-genie@rmn.com.xpi [2020-07-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-10] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-10] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default [2020-07-11]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Slides) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-09]
CHR Extension: (Docs) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-09]
CHR Extension: (Google Drive) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-09]
CHR Extension: (YouTube) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-09]
CHR Extension: (Sheets) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-04]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-07-11]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\System Profile [2020-07-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-10] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\AppHelperCap.exe [515344 2020-03-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\NetworkCap.exe [514320 2020-03-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\SysInfoCap.exe [516880 2020-03-27] (HP Inc. -> HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [7407368 2020-06-15] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] (Intel(R) Wireless Connectivity Solutions -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe [344760 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.4.57\nsWscSvc.exe [1055960 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R2 SECOMNService; C:\windows\System32\SECOMN64.exe [161296 2019-07-31] (Sound Research Corporation -> Sound Research, Corp.)
R2 SynaAPOService; C:\windows\System32\SynAudSrv.exe [595176 2019-05-20] (Conexant Systems LLC -> Synaptics Incorporated.)
R2 SynaAudioService; C:\windows\System32\CxAudioSvc.exe [83464 2019-05-20] (Conexant Systems LLC -> Conexant Systems LLC.)
R2 SynTPEnhService; C:\windows\System32\SynTPEnhService.exe [383240 2019-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\windows\System32\drivers\Accelerometer.sys [54688 2020-06-04] (HP Inc. -> HP)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\BASHDefs\20200707.001\BHDrvx64.sys [1952136 2020-06-30] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614040.039\ccSetx64.sys [192376 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-08] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-07-11] (Symantec Corporation -> Symantec Corporation)
R3 EzTouchFilter; C:\windows\System32\drivers\EzTouchFilter.sys [50424 2019-06-21] (ELAN Microelectronics Corporation -> )
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R0 hpdskflt; C:\windows\System32\drivers\hpdskflt.sys [64928 2020-06-04] (HP Inc. -> HP)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\IPSDefs\20200710.061\IDSvia64.sys [1451016 2020-07-06] (Symantec Corporation -> Symantec Corporation)
S2 mrtRate; no ImagePath
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 psvolacc; C:\windows\system32\drivers\psvolacc.sys [34520 2018-12-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [49416 2019-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\windows\System32\drivers\NGCx64\1614040.039\SRTSP64.SYS [889648 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\windows\System32\drivers\NGCx64\1614040.039\SRTSPX64.SYS [50864 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614040.039\SYMEFASI64.SYS [1964552 2020-06-03] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\windows\System32\drivers\NGCx64\1614040.039\SymELAM.sys [25024 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2020-07-07] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.2.57\SymPlatform\SymEvnt.sys [712368 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\windows\System32\drivers\NGCx64\1614040.039\Ironx64.SYS [316656 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1614040.039\symnets.sys [575280 2020-06-03] (Symantec Corporation -> Symantec Corporation)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VirtualButtons; C:\windows\System32\drivers\VirtualButtons.sys [50344 2019-01-30] (Intel(R) Software -> Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [47496 2019-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [344288 2019-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [37176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1614040.039\wpCtrlDrv.sys [1013656 2020-06-03] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-11 22:12 - 2020-07-11 22:13 - 000028609 _____ C:\Users\Nicki\Desktop\FRST.txt
2020-07-11 22:12 - 2020-07-11 22:13 - 000000000 ____D C:\FRST
2020-07-11 22:11 - 2020-07-11 22:11 - 002292736 _____ (Farbar) C:\Users\Nicki\Desktop\FRST64.exe
2020-07-11 22:07 - 2020-07-11 22:07 - 003667192 _____ (Symantec Corporation) C:\Users\Nicki\Downloads\NSBUDownloader (1).exe
2020-07-11 22:03 - 2020-07-11 22:03 - 000000000 ____D C:\windows\system32\Tasks\Remediation
2020-07-11 21:30 - 2020-07-11 21:30 - 000012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2020-07-11 21:27 - 2020-07-11 21:27 - 008420016 _____ (Malwarebytes) C:\Users\Nicki\Downloads\adwcleaner_8.0.6.exe
2020-07-10 14:25 - 2020-07-10 14:25 - 000000000 ____D C:\Users\Nicki\Desktop\Nicole
2020-07-09 10:47 - 2020-07-11 21:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-09 10:47 - 2020-07-09 10:47 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2020-07-07 12:53 - 2020-07-11 21:36 - 000000000 ____D C:\windows\system32\Tasks\Norton Security with Backup
2020-07-07 12:53 - 2020-07-11 21:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2020-07-07 12:53 - 2020-07-07 12:53 - 000003376 _____ C:\windows\system32\Tasks\Norton WSC Integration
2020-07-07 12:18 - 2020-07-11 21:31 - 000002375 _____ C:\Users\Public\Desktop\Norton Security.lnk
2020-07-07 12:18 - 2020-07-11 21:31 - 000002375 _____ C:\ProgramData\Desktop\Norton Security.lnk
2020-07-07 12:18 - 2020-07-07 12:18 - 000099848 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2020-07-07 12:18 - 2020-07-07 12:18 - 000008616 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2020-07-07 12:18 - 2020-07-07 12:18 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2020-07-07 12:16 - 2020-07-07 12:53 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2020-07-07 12:16 - 2020-07-07 12:16 - 000000000 ____D C:\Program Files\Norton Security
2020-07-07 12:16 - 2020-07-07 12:16 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2020-07-02 08:17 - 2020-07-09 08:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-06-27 20:07 - 2020-06-29 17:34 - 000000000 ____D C:\Users\Nicki\Desktop\Rice
2020-06-25 06:51 - 2020-07-10 14:18 - 000000000 ____D C:\Users\Nicki\Desktop\West Point
2020-06-20 20:05 - 2020-07-08 18:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-20 20:05 - 2020-06-21 07:12 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-20 20:05 - 2020-06-21 07:12 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-13 12:26 - 2020-06-13 12:26 - 000448512 _____ (OldTimer Tools) C:\Users\Nicki\Downloads\TFC.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-11 21:44 - 2019-08-09 07:31 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Mozilla
2020-07-11 21:37 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-11 21:31 - 2019-08-09 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-11 21:31 - 2019-08-09 00:46 - 000000000 __SHD C:\Users\Nicki\IntelGraphicsProfiles
2020-07-11 21:31 - 2019-04-15 11:38 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-07-11 21:31 - 2019-03-19 00:52 - 000000000 ___HD C:\windows\ELAMBKUP
2020-07-11 21:31 - 2019-03-19 00:52 - 000000000 ____D C:\windows\AppReadiness
2020-07-11 21:31 - 2019-03-18 23:34 - 000000000 ____D C:\Intel
2020-07-11 21:31 - 2019-03-18 23:32 - 000000024 _____ C:\windows\system32\Drivers\RtkR0Log.dat
2020-07-11 21:30 - 2019-03-19 00:37 - 000524288 _____ C:\windows\system32\config\BBI
2020-07-11 21:13 - 2019-03-19 00:50 - 000000000 ____D C:\windows\INF
2020-07-11 20:54 - 2019-04-15 11:38 - 000000000 ____D C:\windows\system32\SleepStudy
2020-07-11 13:32 - 2019-10-24 06:56 - 000000000 ____D C:\Users\Nicki\00Photos
2020-07-11 10:15 - 2019-08-10 16:23 - 000000000 ____D C:\Users\Nicki\AppData\Local\ElevatedDiagnostics
2020-07-10 16:09 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-10 14:18 - 2019-12-01 19:01 - 000000000 ____D C:\Users\Nicki\Desktop\Stuff
2020-07-09 17:15 - 2019-08-09 06:54 - 000000000 ____D C:\Users\Nicki\00Documents
2020-07-09 10:47 - 2019-08-09 07:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-09 08:06 - 2019-08-09 08:12 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-07-09 08:06 - 2019-08-09 08:11 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-07-07 16:03 - 2019-12-20 15:05 - 000001235 _____ C:\Users\Nicki\Desktop\Cook'n.lnk
2020-07-07 16:03 - 2019-08-09 06:45 - 000001257 _____ C:\Users\Nicki\Desktop\Windows Updates.lnk
2020-07-07 12:56 - 2019-08-10 11:20 - 000000000 ____D C:\Program Files\Common Files\AV
2020-07-07 12:26 - 2019-08-10 10:43 - 000000000 ____D C:\ProgramData\Norton
2020-07-07 12:19 - 2019-03-19 00:37 - 000032768 _____ C:\windows\system32\config\ELAM
2020-07-07 12:12 - 2019-08-10 10:44 - 000000000 ____D C:\ProgramData\NortonInstaller
2020-07-07 12:12 - 2019-08-09 06:22 - 000744808 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2020-07-07 12:10 - 2019-08-10 10:43 - 000000000 ____D C:\Users\Public\Downloads\Norton
2020-07-05 23:07 - 2019-08-09 00:46 - 000000000 ____D C:\Users\Nicki\AppData\Local\VirtualStore
2020-07-02 11:21 - 2019-08-09 07:38 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2020-06-29 17:27 - 2019-08-09 14:09 - 000000000 ____D C:\Users\Nicki\AppData\Roaming\vlc
2020-06-29 07:37 - 2019-10-13 16:44 - 000000883 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-06-29 07:37 - 2019-10-13 16:44 - 000000883 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-06-24 13:45 - 2019-08-09 07:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-20 15:20 - 2019-03-19 00:37 - 000000000 ____D C:\windows\CbsTemp
2020-06-16 15:55 - 2019-08-09 14:24 - 000000000 ____D C:\Users\Nicki\Documents\Cook'n Backups
2020-06-15 08:47 - 2019-08-09 00:44 - 000000000 ____D C:\Users\Nicki
2020-06-13 15:26 - 2019-04-15 11:38 - 000451728 _____ C:\windows\system32\FNTCACHE.DAT
2020-06-12 20:35 - 2019-05-03 12:33 - 000848226 _____ C:\windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories ========

2019-11-29 13:06 - 2019-11-29 13:06 - 000004608 _____ () C:\Users\Nicki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Nicki

Posts: 200   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by Nicki (11-07-2020 22:13:57)
Running from C:\Users\Nicki\Desktop
Windows 10 Home Version 1903 18362.900 (X64) (2019-08-09 04:38:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-282240636-1967671034-2412643917-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-282240636-1967671034-2412643917-503 - Limited - Disabled)
Guest (S-1-5-21-282240636-1967671034-2412643917-501 - Limited - Disabled)
Nicki (S-1-5-21-282240636-1967671034-2412643917-1001 - Administrator - Enabled) => C:\Users\Nicki
WDAGUtilityAccount (S-1-5-21-282240636-1967671034-2412643917-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Online (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
FW: Norton Security Online (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ArcSoft PhotoStudio 2000 (HKLM-x32\...\ArcSoft PhotoStudio 2000) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cook'n (HKLM-x32\...\Cook'n) (Version: - )
Dynamic Application Loader Host Interface Service (HKLM\...\{3252E69D-9075-40FD-A9EF-F6D96091B5BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.25 - ELAN microelectronics Crop.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{3d2240de-3c21-4e14-84b3-1c6cd02bfab4}) (Version: 10.1.17969.8134 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{94979CD2-0904-47DE-A4AC-04F1C4524650}) (Version: 17.2.8.1029 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
iTunes (HKLM\...\{013DB423-A8DE-4423-9E50-D45ED1041789}) (Version: 12.10.7.3 - Apple Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{D59877C2-0B8F-4ACC-AD29-C710FA69DBD0}) (Version: 7.2.4325 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.61 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Mozilla Firefox 78.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 78.0.2 (x64 en-US)) (Version: 78.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.8.0 - Mozilla)
Mozilla Thunderbird 68.10.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.10.0 (x86 en-US)) (Version: 68.10.0 - Mozilla)
Norton Security Online (HKLM-x32\...\NGC) (Version: 22.20.4.57 - Symantec Corporation)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Quicken 2003 Basic (HKLM-x32\...\{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit) Hidden
Quicken 2003 Basic (HKLM-x32\...\InstallShield_{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit)
RootsMagic 7.6.3.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.6.3.0 - RootsMagic, Inc.)
Spotify (HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Spotify) (Version: 1.1.22.633.g1bab253a - Spotify AB)
StatTrak Address Manager (HKLM-x32\...\StatTrak Address Manager) (Version: 5.1.25 - All-Pro Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)

Packages:
=========
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2019-03-18] (HP Inc.)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.7.194.0_x64__dt26b99r8h8gj [2020-01-11] (Realtek Semiconductor Corp)
HP Command Center -> C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6 [2020-07-07] (HP Inc.)
HP Impreza Pen -> C:\Program Files\WindowsApps\9FDF1AF1.HPImprezaPen_1.1.12.0_x64__g70az3e2cx9m2 [2019-11-22] (ELAN MICROELECTRONICS CORP.) [Startup Task]
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.5.1296.0_x64__v10z8vjag6ke6 [2020-01-15] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.5.0_x64__v10z8vjag6ke6 [2020-07-07] (HP Inc.)
HP Pen Control -> C:\Program Files\WindowsApps\AD2F1837.HPPenControl_3.0.23.0_x64__v10z8vjag6ke6 [2020-04-25] (HP Inc.) [Startup Task]
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.38.0_x64__v10z8vjag6ke6 [2019-11-06] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.6.598.0_x64__v10z8vjag6ke6 [2020-04-07] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.16.0_x64__v10z8vjag6ke6 [2020-06-20] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.2731.0_x64__8j3eq9eme6ctt [2020-06-10] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-04] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.10615.5289.0_x64__8wekyb3d8bbwe [2020-07-02] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-14] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-12] (Synaptics Incorporated)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-03-27] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.4.57\NavShExt.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.4.57\NavShExt.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-03-27] () [File not signed] [File is in use]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.4.57\buShell.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.4.57\NavShExt.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-08-10 11:41 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-05-13 17:06 - 2020-05-13 17:06 - 000138240 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4ecda042e9dca02a70ac5d199921f788\Interop.IWshRuntimeLibrary.ni.dll
2020-04-27 14:07 - 2010-03-15 19:04 - 000143360 _____ () [File not signed] C:\windows\system32\BrSNMP64.dll
2019-08-10 11:41 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-08-10 11:41 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2019-08-10 11:41 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2019-08-10 11:41 - 2013-10-10 21:55 - 002040320 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2019-08-10 12:11 - 2012-09-06 21:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2019-08-10 12:11 - 2012-07-06 13:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2019-08-10 12:11 - 2012-07-06 13:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2019-08-10 12:11 - 2012-07-17 13:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2019-08-10 12:11 - 2012-07-05 07:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\BrNetSti.dll
2020-05-13 16:56 - 2020-05-13 16:56 - 000134656 _____ (hardcodet.net) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\362f0e4fe935330657dd46b5dab17c49\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-06-20 21:38 - 2020-06-20 21:38 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.16.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2020-07-07 23:42 - 2020-07-07 23:42 - 024019968 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\HpSystemManagement.dll
2020-07-07 23:42 - 2020-07-07 23:42 - 000013312 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\NativeRpcClient.dll
2020-07-07 23:42 - 2020-07-07 23:42 - 000014848 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\Win32Process\NativeRpcClient.DLL
2019-03-27 18:29 - 2019-03-27 18:29 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2020-05-13 17:06 - 2020-05-13 17:06 - 001591808 _____ (Mark Heath) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\NAudio\b0ca039349ed8dbabf638b55e539b5ce\NAudio.ni.dll
2019-08-10 12:12 - 2019-08-10 12:12 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2020-05-13 17:06 - 2020-05-13 17:06 - 003127808 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\9efd7dbc4c6f079bb3329a850e53288f\Newtonsoft.Json.ni.dll
2020-05-13 16:56 - 2020-05-13 16:56 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\log4net\0eaa6936eb7be7b714b6dd84ad8d9435\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-11-16 08:13 - 000000826 _____ C:\windows\system32\drivers\etc\hosts

2020-04-19 20:58 - 2020-04-19 20:58 - 000000375 _____ C:\windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Billminder.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Quicken Startup.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{32F2A922-7239-418F-BB52-6632F0914D30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7B505800-E917-4363-BA9C-084DAA8DC9B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33F2DEB0-8A16-44F9-B118-ACFB58893F45}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{EAF4762A-FE55-4C58-9C82-A36CD8020CC7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2026F4A9-622B-47BA-8C5B-C173995E66EE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{875D6C6F-E41E-46B6-A227-6DF97F3F9257}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F2E4598-77EE-4308-ADE5-DFAA1E505844}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1BAEF3B6-5695-4CC7-876B-E973F769ADC5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2088A705-1768-4313-8E53-248857705F56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9B3D13B0-803E-441B-874A-5D2FF738A1C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{10CE0A85-6AA1-412D-A178-592D85BB6E89}C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe] => (Allow) C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe () [File not signed]
FirewallRules: [UDP Query User{B19A4E96-A17E-4959-A231-AC4522E719A7}C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe] => (Allow) C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe () [File not signed]
FirewallRules: [{4F27A9AC-2764-499E-A41B-B60075B80F64}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{93951AD3-20F2-488B-BF97-360CE5ED0E36}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{CBDA1D72-C17C-40AC-8A2B-22B848875F01}] => (Allow) LPort=54925
FirewallRules: [{DE6EBEB0-BDB9-44CD-8FDC-55A9248CBC7B}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{F7E1AB9F-7C18-4171-9F3F-C39ABE4BF6DF}] => (Allow) C:\windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BD0A0DC3-B7B3-455E-9CAA-E2BF520B0E18}] => (Allow) C:\windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{80E3512A-0341-4522-BFFA-C43A376B97F6}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{7FC277EC-5C78-4006-9FBE-B7CFB0B3F4D4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{4DAC619A-150F-4B5D-9453-14FDCA0D4C55}] => (Allow) LPort=54925
FirewallRules: [{208E80BD-5B3B-4368-BE33-3ADBA358F23C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{50D4341D-E3A6-40BA-875F-95A5135A1C0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

19-06-2020 09:51:05 Windows Update
26-06-2020 22:26:50 Scheduled Checkpoint
28-06-2020 23:52:48 JRT Pre-Junkware Removal
06-07-2020 12:08:24 Scheduled Checkpoint
11-07-2020 21:14:17 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/11/2020 09:31:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Henry.local already in use; will try Henry-2.local instead

Error: (07/11/2020 09:31:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Henry.local. Addr 192.168.0.226

Error: (07/11/2020 09:31:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.226:5353 16 Henry.local. AAAA 2601:019B:C701:5CB0:0000:0000:0000:65D9

Error: (07/08/2020 08:00:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHeciSvc.exe, version: 9.1.15.419, time stamp: 0x5db544c4
Faulting module name: IntelCpHeciSvc.exe, version: 9.1.15.419, time stamp: 0x5db544c4
Exception code: 0xc0000005
Fault offset: 0x000000000001e44f
Faulting process id: 0x1750
Faulting application start time: 0x01d65479cec92866
Faulting application path: C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
Faulting module path: C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
Report Id: b36858f6-21e0-4b31-bd00-e6459a466719
Faulting package full name:
Faulting package-relative application ID:

Error: (07/07/2020 12:27:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NortonSecurity.exe, version: 17.2.3.43, time stamp: 0x5e3caa6d
Faulting module name: SYMHTML.DLL, version: 10.8.0.15, time stamp: 0x5dc937fd
Exception code: 0xc000041d
Fault offset: 0x00000000000e6eaa
Faulting process id: 0x1e3c
Faulting application start time: 0x01d6547a55a0b509
Faulting application path: C:\Program Files\Norton Security\Engine\22.20.2.57\NortonSecurity.exe
Faulting module path: C:\Program Files\Norton Security\Engine\22.20.2.57\SYMHTML.DLL
Report Id: 329d4b98-3484-4db8-9037-a184f24399b5
Faulting package full name:
Faulting package-relative application ID:

Error: (07/07/2020 12:26:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NortonSecurity.exe, version: 17.2.3.43, time stamp: 0x5e3caa6d
Faulting module name: SYMHTML.DLL, version: 10.8.0.15, time stamp: 0x5dc937fd
Exception code: 0xc0000005
Fault offset: 0x00000000000e6eaa
Faulting process id: 0x1e3c
Faulting application start time: 0x01d6547a55a0b509
Faulting application path: C:\Program Files\Norton Security\Engine\22.20.2.57\NortonSecurity.exe
Faulting module path: C:\Program Files\Norton Security\Engine\22.20.2.57\SYMHTML.DLL
Report Id: 7aa5df32-f5f0-4041-9ba1-15f6bd8f8d74
Faulting package full name:
Faulting package-relative application ID:

Error: (07/07/2020 12:15:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Henry.local already in use; will try Henry-2.local instead

Error: (07/07/2020 12:15:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Henry.local. Addr 192.168.0.226


System errors:
=============
Error: (07/11/2020 09:31:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/11/2020 09:14:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/11/2020 09:14:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (07/11/2020 09:13:20 PM) (Source: DCOM) (EventID: 10000) (User: HENRY)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/07/2020 11:42:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9P92N00QV14J-AD2F1837.HPThermalControl.

Error: (07/07/2020 12:15:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/06/2020 07:04:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSysInfoCap service.

Error: (06/30/2020 08:59:09 PM) (Source: DCOM) (EventID: 10000) (User: HENRY)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}


CodeIntegrity:
===================================

Date: 2020-07-11 21:37:39.858
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-11 21:37:39.857
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-11 21:37:35.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-11 21:37:35.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-11 21:35:58.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-11 21:35:58.714
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-11 21:34:39.792
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-11 21:34:39.785
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.4.57\symamsi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.17 05/29/2019
Motherboard: HP 850C
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 12077.74 MB
Available physical RAM: 6718.71 MB
Total Virtual: 30509.74 MB
Available Virtual: 25347.75 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.78 GB) (Free:820.62 GB) NTFS
Drive e: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32

\\?\Volume{17cccd7f-1d41-4416-8c4a-130699692678}\ (Windows RE tools) (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS
\\?\Volume{c306a302-556e-4247-b7e7-ffc97f7d7d5e}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,798   +503
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Nicki

Posts: 200   +0
Rogue Killer Reports

RogueKiller Anti-Malware V14.6.1.0 (x64) [Jun 17 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : Nicki [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200706_123048, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/07/12 03:33:41 (Duration : 00:08:16)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O87 - Firewall
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{10CE0A85-6AA1-412D-A178-592D85BB6E89}C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe|Name=cook'n.exe|Desc=cook'n.exe|Defer=User| (C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B19A4E96-A17E-4959-A231-AC4522E719A7}C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe|Name=cook'n.exe|Desc=cook'n.exe|Defer=User| (C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Nicki

Posts: 200   +0
Second Rogue Killer Report

RogueKiller Anti-Malware V14.6.1.0 (x64) [Jun 17 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : Nicki [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200706_123048, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/07/12 04:29:27 (Duration : 00:08:16)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{10CE0A85-6AA1-412D-A178-592D85BB6E89}C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe -- [%localappdata%\DVO\cook'n10app\Cook'n.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B19A4E96-A17E-4959-A231-AC4522E719A7}C:\users\nicki\appdata\local\dvo\cook'n10app\cook'n.exe -- [%localappdata%\DVO\cook'n10app\Cook'n.exe] -> Deleted
 

Nicki

Posts: 200   +0
MB Report

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/12/20
Scan Time: 4:34 AM
Log File: 8e1f6978-c41a-11ea-9c39-5c879cbafe1d.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.979
Update Package Version: 1.0.26725
License: Trial

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: HENRY\Nicki

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 292579
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Nicki

Posts: 200   +0
ADW Report ( Chose not to remove HP files found)

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-12-2020
# Duration: 00:00:10
# OS: Windows 10 Home
# Scanned: 31836
# Detected: 12


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A9B32E-2282-453D-8D72-8F07398537E0}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Nicki\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK


AdwCleaner[S00].txt - [3044 octets] - [13/03/2020 06:40:02]
AdwCleaner[C00].txt - [1677 octets] - [13/03/2020 06:40:45]
AdwCleaner[S01].txt - [3077 octets] - [13/03/2020 06:41:54]
AdwCleaner[C01].txt - [1730 octets] - [13/03/2020 06:42:04]
AdwCleaner[S02].txt - [2912 octets] - [30/03/2020 23:35:10]
AdwCleaner[S03].txt - [2973 octets] - [07/04/2020 21:50:52]
AdwCleaner[S04].txt - [3066 octets] - [23/04/2020 18:48:03]
AdwCleaner[C04].txt - [1974 octets] - [23/04/2020 18:48:16]
AdwCleaner[S05].txt - [3156 octets] - [25/04/2020 07:33:48]
AdwCleaner[S06].txt - [3249 octets] - [08/06/2020 12:56:14]
AdwCleaner[C06].txt - [2157 octets] - [08/06/2020 13:14:43]
AdwCleaner[S07].txt - [3339 octets] - [08/06/2020 13:16:03]
AdwCleaner[S08].txt - [3400 octets] - [10/06/2020 07:21:37]
AdwCleaner[S09].txt - [3461 octets] - [13/06/2020 12:14:40]
AdwCleaner[S10].txt - [3554 octets] - [28/06/2020 23:54:50]
AdwCleaner[C10].txt - [2462 octets] - [28/06/2020 23:55:04]
AdwCleaner[S11].txt - [3644 octets] - [11/07/2020 21:27:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S12].txt ##########
 

Nicki

Posts: 200   +0
The most recent thing downloaded was Norton Password Manger (Safe Search also downloaded even though I was only after the password manager. Thinking the problem could stem from this action. When Firefox is launched in safe mode, the problem does not occur. When launched in "normal" mode and safe search removed, problem still occurs. I reached out to Norton but did not receive much assistance at all : ( I thought this info might be helpful....but then again...maybe not : )
 

Broni

Posts: 55,798   +503
I don't see much there.
I suggest...

Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

If the above didn't help...

Uninstall Firefox completely using this manual: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer
NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy.
===============================================
Firefox in safe mode...
If you're using Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or higher go Help>Restart Firefox with Add-ons Disabled.
Same issue?
 

Nicki

Posts: 200   +0
I am running Firefox 78.02 (64 bit). When in safe mode all appears to be fine and responds faster. There is a never ending fan running - or at least that is what it sounds like. I do not have time at this very moment to tackle the Firefox uninstall/reinstall but will try to get to it later today or tomorrow. The fact that the fan is constanty running has me a bit worried that there is something burried deep causing this issue. With my previous computer, I recall you having me do something to find a rootkit...or something like that. I really do not know what that is exactly but am wondering if there is a diagnostic to test for that that I have not already done. Puzzled in Vermont...
 

Broni

Posts: 55,798   +503
Running fan may be a sign of some overheating. I doubt, running fan could be malware related.
Instead of reinstalling Firefox, try to reset it first.
 

Nicki

Posts: 200   +0
I did not word that correctly... malware overloading CPU, making things hot, causing the fan to run - not malware directly causing fan to run. Something is not right but I will attempt reseting firefox first.
 

Nicki

Posts: 200   +0
I reset Firefox and did NOT add the Norton Password Manager Add-on which is what seemed to start this whole mess. It *appears* to be okay. Can you recommend another password manager and can the items that I downloaded for this exercise simply be unistalled or deleted?
 

Broni

Posts: 55,798   +503
Good :)
I simply use Firefox own password manager.
FRST doesn't install. You can simply delete it. The others can be uninstalled.