Nicki
Posts: 210 +0
I think I picked up a search.yahoo virus. Use Firefox and default was/is set to Goggle however it defaults to yahoo no matter what the settings are and I cannot seem to locate anything yahoo to delete/uninstall.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Nicki (administrator) on HENRY (HP HP ENVY x360 Convertible 15-cn1xxx) (11-07-2020 22:12:58)
Running from C:\Users\Nicki\Desktop
Loaded Profiles: Nicki
Platform: Windows 10 Home Version 1903 18362.900 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(ELAN Microelectronics Corporation -> ELAN) C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.16.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\HpSystemManagement.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_0c50c5dc47ed0efe\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_34687bf44d0a152a\lib\SocketHeciServer.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.4.57\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\windows\System32\RtkAudUService64.exe [970528 2019-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7507624 2020-06-15] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [526856 2020-06-20] (HP Inc. -> HP Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [526856 2020-06-20] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Mozilla Firefox\firefox.exe -os-restarted -url hxxps://my.norton.com/PartnerDownload/Home/EmailDownload?partnerunitid=1215&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQRU5HUF9DTEFJT (the data entry has 378 more characters).
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\MountPoints2: {8ae3d9fd-bbb7-11e9-818f-5c879cbafe1d} - "F:\LaunchU3.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2019-08-10]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2019-08-10]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2019-08-10]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-08-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09BEEE25-93D4-4B55-A50C-0AD2ED427538} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0F8F0B9D-9594-4794-B41E-B559FD0278F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {21B1D9D2-C258-405F-BCA6-306088659477} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {272000D1-07C1-484B-B1FC-AAFFCE6A444E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-10] (Adobe Inc. -> Adobe)
Task: {292C83A7-82CC-4D4F-B85A-FD2B1DCE0608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {3242FFB1-E6AA-4BD9-978F-12D4C7232176} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {49B4CB26-5D97-47E1-BF7D-0AD36D4D5D42} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {4B4632BD-0115-4B1F-98BB-5A35CD1F6608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282240636-1967671034-2412643917-500 => C:\Users\Nicki\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {78EB442A-649E-47F4-94A4-37AAD86A42A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {7EBFFFA3-DCDF-4581-B206-BAC46CEAB08E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.4.57\WSCStub.exe [644472 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {81E59C33-9A4E-48BB-9D74-34B630D0A6A8} - System32\Tasks\Norton Security with Backup\Norton Security Online Autofix => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {86717D21-BEDE-4989-95DC-553520DDE34D} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Processor => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {9070A544-D8C5-4BC2-93E1-FEE36B7BF418} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-10] (Adobe Inc. -> Adobe)
Task: {B9F6249D-48B7-4FE1-A4DE-AEB17A63220B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {C1D90BA0-E816-4D05-A45C-E97679365E9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {D4FBB0C9-84F0-4F52-A1C7-827FB41EA31F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd -> Piriform Ltd)
Task: {E327E790-D5A3-4D64-B31B-994858062118} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {E748083A-80B1-4AFB-AF8C-BC4BA7EEDD6D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online\Upgrade.exe [2162728 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {E8A9B32E-2282-453D-8D72-8F07398537E0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63df01f0-50fb-4a1d-903f-3c62c404e66e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b332947e-406c-4b78-8c25-71ce0868b9c0}: [DhcpNameServer] 172.168.0.7
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {BFF249C9-3DBF-45D9-9369-5799E10BD69C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-282240636-1967671034-2412643917-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Edge:
======
Edge Profile: C:\Users\Nicki\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-28]
FireFox:
========
FF DefaultProfile: 4xxavejw.default
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\4xxavejw.default [2020-04-24]
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367 [2020-07-11]
FF Homepage: Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367 -> hxxps://www.google.com/
FF Extension: (Facebook Container) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\@contain-facebook.xpi [2020-04-14]
FF Extension: (Home Tab) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\hometab@ext.xpi [2020-07-09] [UpdateUrl:hxxps://web-context.com/hometab.json]
FF Extension: (Norton Password Manager) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\idsafe@norton.com.xpi [2020-07-07]
FF Extension: (RetailMeNot Deal Finder) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\retailmenot-genie@rmn.com.xpi [2020-07-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-10] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-10] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default [2020-07-11]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Slides) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-09]
CHR Extension: (Docs) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-09]
CHR Extension: (Google Drive) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-09]
CHR Extension: (YouTube) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-09]
CHR Extension: (Sheets) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-04]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-07-11]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\System Profile [2020-07-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-10] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\AppHelperCap.exe [515344 2020-03-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\NetworkCap.exe [514320 2020-03-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\SysInfoCap.exe [516880 2020-03-27] (HP Inc. -> HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [7407368 2020-06-15] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] (Intel(R) Wireless Connectivity Solutions -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe [344760 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.4.57\nsWscSvc.exe [1055960 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R2 SECOMNService; C:\windows\System32\SECOMN64.exe [161296 2019-07-31] (Sound Research Corporation -> Sound Research, Corp.)
R2 SynaAPOService; C:\windows\System32\SynAudSrv.exe [595176 2019-05-20] (Conexant Systems LLC -> Synaptics Incorporated.)
R2 SynaAudioService; C:\windows\System32\CxAudioSvc.exe [83464 2019-05-20] (Conexant Systems LLC -> Conexant Systems LLC.)
R2 SynTPEnhService; C:\windows\System32\SynTPEnhService.exe [383240 2019-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\windows\System32\drivers\Accelerometer.sys [54688 2020-06-04] (HP Inc. -> HP)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\BASHDefs\20200707.001\BHDrvx64.sys [1952136 2020-06-30] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614040.039\ccSetx64.sys [192376 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-08] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-07-11] (Symantec Corporation -> Symantec Corporation)
R3 EzTouchFilter; C:\windows\System32\drivers\EzTouchFilter.sys [50424 2019-06-21] (ELAN Microelectronics Corporation -> )
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R0 hpdskflt; C:\windows\System32\drivers\hpdskflt.sys [64928 2020-06-04] (HP Inc. -> HP)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\IPSDefs\20200710.061\IDSvia64.sys [1451016 2020-07-06] (Symantec Corporation -> Symantec Corporation)
S2 mrtRate; no ImagePath
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 psvolacc; C:\windows\system32\drivers\psvolacc.sys [34520 2018-12-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [49416 2019-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\windows\System32\drivers\NGCx64\1614040.039\SRTSP64.SYS [889648 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\windows\System32\drivers\NGCx64\1614040.039\SRTSPX64.SYS [50864 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614040.039\SYMEFASI64.SYS [1964552 2020-06-03] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\windows\System32\drivers\NGCx64\1614040.039\SymELAM.sys [25024 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2020-07-07] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.2.57\SymPlatform\SymEvnt.sys [712368 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\windows\System32\drivers\NGCx64\1614040.039\Ironx64.SYS [316656 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1614040.039\symnets.sys [575280 2020-06-03] (Symantec Corporation -> Symantec Corporation)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VirtualButtons; C:\windows\System32\drivers\VirtualButtons.sys [50344 2019-01-30] (Intel(R) Software -> Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [47496 2019-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [344288 2019-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [37176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1614040.039\wpCtrlDrv.sys [1013656 2020-06-03] (Symantec Corporation -> Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-11 22:12 - 2020-07-11 22:13 - 000028609 _____ C:\Users\Nicki\Desktop\FRST.txt
2020-07-11 22:12 - 2020-07-11 22:13 - 000000000 ____D C:\FRST
2020-07-11 22:11 - 2020-07-11 22:11 - 002292736 _____ (Farbar) C:\Users\Nicki\Desktop\FRST64.exe
2020-07-11 22:07 - 2020-07-11 22:07 - 003667192 _____ (Symantec Corporation) C:\Users\Nicki\Downloads\NSBUDownloader (1).exe
2020-07-11 22:03 - 2020-07-11 22:03 - 000000000 ____D C:\windows\system32\Tasks\Remediation
2020-07-11 21:30 - 2020-07-11 21:30 - 000012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2020-07-11 21:27 - 2020-07-11 21:27 - 008420016 _____ (Malwarebytes) C:\Users\Nicki\Downloads\adwcleaner_8.0.6.exe
2020-07-10 14:25 - 2020-07-10 14:25 - 000000000 ____D C:\Users\Nicki\Desktop\Nicole
2020-07-09 10:47 - 2020-07-11 21:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-09 10:47 - 2020-07-09 10:47 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2020-07-07 12:53 - 2020-07-11 21:36 - 000000000 ____D C:\windows\system32\Tasks\Norton Security with Backup
2020-07-07 12:53 - 2020-07-11 21:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2020-07-07 12:53 - 2020-07-07 12:53 - 000003376 _____ C:\windows\system32\Tasks\Norton WSC Integration
2020-07-07 12:18 - 2020-07-11 21:31 - 000002375 _____ C:\Users\Public\Desktop\Norton Security.lnk
2020-07-07 12:18 - 2020-07-11 21:31 - 000002375 _____ C:\ProgramData\Desktop\Norton Security.lnk
2020-07-07 12:18 - 2020-07-07 12:18 - 000099848 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2020-07-07 12:18 - 2020-07-07 12:18 - 000008616 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2020-07-07 12:18 - 2020-07-07 12:18 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2020-07-07 12:16 - 2020-07-07 12:53 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2020-07-07 12:16 - 2020-07-07 12:16 - 000000000 ____D C:\Program Files\Norton Security
2020-07-07 12:16 - 2020-07-07 12:16 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2020-07-02 08:17 - 2020-07-09 08:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-06-27 20:07 - 2020-06-29 17:34 - 000000000 ____D C:\Users\Nicki\Desktop\Rice
2020-06-25 06:51 - 2020-07-10 14:18 - 000000000 ____D C:\Users\Nicki\Desktop\West Point
2020-06-20 20:05 - 2020-07-08 18:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-20 20:05 - 2020-06-21 07:12 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-20 20:05 - 2020-06-21 07:12 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-13 12:26 - 2020-06-13 12:26 - 000448512 _____ (OldTimer Tools) C:\Users\Nicki\Downloads\TFC.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-11 21:44 - 2019-08-09 07:31 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Mozilla
2020-07-11 21:37 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-11 21:31 - 2019-08-09 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-11 21:31 - 2019-08-09 00:46 - 000000000 __SHD C:\Users\Nicki\IntelGraphicsProfiles
2020-07-11 21:31 - 2019-04-15 11:38 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-07-11 21:31 - 2019-03-19 00:52 - 000000000 ___HD C:\windows\ELAMBKUP
2020-07-11 21:31 - 2019-03-19 00:52 - 000000000 ____D C:\windows\AppReadiness
2020-07-11 21:31 - 2019-03-18 23:34 - 000000000 ____D C:\Intel
2020-07-11 21:31 - 2019-03-18 23:32 - 000000024 _____ C:\windows\system32\Drivers\RtkR0Log.dat
2020-07-11 21:30 - 2019-03-19 00:37 - 000524288 _____ C:\windows\system32\config\BBI
2020-07-11 21:13 - 2019-03-19 00:50 - 000000000 ____D C:\windows\INF
2020-07-11 20:54 - 2019-04-15 11:38 - 000000000 ____D C:\windows\system32\SleepStudy
2020-07-11 13:32 - 2019-10-24 06:56 - 000000000 ____D C:\Users\Nicki\00Photos
2020-07-11 10:15 - 2019-08-10 16:23 - 000000000 ____D C:\Users\Nicki\AppData\Local\ElevatedDiagnostics
2020-07-10 16:09 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-10 14:18 - 2019-12-01 19:01 - 000000000 ____D C:\Users\Nicki\Desktop\Stuff
2020-07-09 17:15 - 2019-08-09 06:54 - 000000000 ____D C:\Users\Nicki\00Documents
2020-07-09 10:47 - 2019-08-09 07:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-09 08:06 - 2019-08-09 08:12 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-07-09 08:06 - 2019-08-09 08:11 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-07-07 16:03 - 2019-12-20 15:05 - 000001235 _____ C:\Users\Nicki\Desktop\Cook'n.lnk
2020-07-07 16:03 - 2019-08-09 06:45 - 000001257 _____ C:\Users\Nicki\Desktop\Windows Updates.lnk
2020-07-07 12:56 - 2019-08-10 11:20 - 000000000 ____D C:\Program Files\Common Files\AV
2020-07-07 12:26 - 2019-08-10 10:43 - 000000000 ____D C:\ProgramData\Norton
2020-07-07 12:19 - 2019-03-19 00:37 - 000032768 _____ C:\windows\system32\config\ELAM
2020-07-07 12:12 - 2019-08-10 10:44 - 000000000 ____D C:\ProgramData\NortonInstaller
2020-07-07 12:12 - 2019-08-09 06:22 - 000744808 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2020-07-07 12:10 - 2019-08-10 10:43 - 000000000 ____D C:\Users\Public\Downloads\Norton
2020-07-05 23:07 - 2019-08-09 00:46 - 000000000 ____D C:\Users\Nicki\AppData\Local\VirtualStore
2020-07-02 11:21 - 2019-08-09 07:38 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2020-06-29 17:27 - 2019-08-09 14:09 - 000000000 ____D C:\Users\Nicki\AppData\Roaming\vlc
2020-06-29 07:37 - 2019-10-13 16:44 - 000000883 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-06-29 07:37 - 2019-10-13 16:44 - 000000883 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-06-24 13:45 - 2019-08-09 07:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-20 15:20 - 2019-03-19 00:37 - 000000000 ____D C:\windows\CbsTemp
2020-06-16 15:55 - 2019-08-09 14:24 - 000000000 ____D C:\Users\Nicki\Documents\Cook'n Backups
2020-06-15 08:47 - 2019-08-09 00:44 - 000000000 ____D C:\Users\Nicki
2020-06-13 15:26 - 2019-04-15 11:38 - 000451728 _____ C:\windows\system32\FNTCACHE.DAT
2020-06-12 20:35 - 2019-05-03 12:33 - 000848226 _____ C:\windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories ========
2019-11-29 13:06 - 2019-11-29 13:06 - 000004608 _____ () C:\Users\Nicki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Nicki (administrator) on HENRY (HP HP ENVY x360 Convertible 15-cn1xxx) (11-07-2020 22:12:58)
Running from C:\Users\Nicki\Desktop
Loaded Profiles: Nicki
Platform: Windows 10 Home Version 1903 18362.900 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(ELAN Microelectronics Corporation -> ELAN) C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.16.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\HpSystemManagement.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.6.15.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_0c50c5dc47ed0efe\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_34687bf44d0a152a\lib\SocketHeciServer.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.4.57\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\windows\System32\RtkAudUService64.exe [970528 2019-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7507624 2020-06-15] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [526856 2020-06-20] (HP Inc. -> HP Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [526856 2020-06-20] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Mozilla Firefox\firefox.exe -os-restarted -url hxxps://my.norton.com/PartnerDownload/Home/EmailDownload?partnerunitid=1215&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQRU5HUF9DTEFJT (the data entry has 378 more characters).
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\MountPoints2: {8ae3d9fd-bbb7-11e9-818f-5c879cbafe1d} - "F:\LaunchU3.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2019-08-10]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2019-08-10]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2019-08-10]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-08-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09BEEE25-93D4-4B55-A50C-0AD2ED427538} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0F8F0B9D-9594-4794-B41E-B559FD0278F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {21B1D9D2-C258-405F-BCA6-306088659477} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {272000D1-07C1-484B-B1FC-AAFFCE6A444E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-10] (Adobe Inc. -> Adobe)
Task: {292C83A7-82CC-4D4F-B85A-FD2B1DCE0608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {3242FFB1-E6AA-4BD9-978F-12D4C7232176} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {49B4CB26-5D97-47E1-BF7D-0AD36D4D5D42} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {4B4632BD-0115-4B1F-98BB-5A35CD1F6608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282240636-1967671034-2412643917-500 => C:\Users\Nicki\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {78EB442A-649E-47F4-94A4-37AAD86A42A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {7EBFFFA3-DCDF-4581-B206-BAC46CEAB08E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.4.57\WSCStub.exe [644472 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {81E59C33-9A4E-48BB-9D74-34B630D0A6A8} - System32\Tasks\Norton Security with Backup\Norton Security Online Autofix => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {86717D21-BEDE-4989-95DC-553520DDE34D} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Processor => C:\Program Files\Norton Security\Engine\22.20.4.57\SymErr.exe [117056 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {9070A544-D8C5-4BC2-93E1-FEE36B7BF418} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-10] (Adobe Inc. -> Adobe)
Task: {B9F6249D-48B7-4FE1-A4DE-AEB17A63220B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {C1D90BA0-E816-4D05-A45C-E97679365E9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {D4FBB0C9-84F0-4F52-A1C7-827FB41EA31F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-24] (Piriform Ltd -> Piriform Ltd)
Task: {E327E790-D5A3-4D64-B31B-994858062118} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {E748083A-80B1-4AFB-AF8C-BC4BA7EEDD6D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online\Upgrade.exe [2162728 2020-06-03] (Symantec Corporation -> Symantec Corporation)
Task: {E8A9B32E-2282-453D-8D72-8F07398537E0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63df01f0-50fb-4a1d-903f-3c62c404e66e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b332947e-406c-4b78-8c25-71ce0868b9c0}: [DhcpNameServer] 172.168.0.7
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {BFF249C9-3DBF-45D9-9369-5799E10BD69C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-282240636-1967671034-2412643917-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.4.57\coIEPlg.dll [2020-06-03] (Symantec Corporation -> Symantec Corporation)
Edge:
======
Edge Profile: C:\Users\Nicki\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-28]
FireFox:
========
FF DefaultProfile: 4xxavejw.default
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\4xxavejw.default [2020-04-24]
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367 [2020-07-11]
FF Homepage: Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367 -> hxxps://www.google.com/
FF Extension: (Facebook Container) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\@contain-facebook.xpi [2020-04-14]
FF Extension: (Home Tab) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\hometab@ext.xpi [2020-07-09] [UpdateUrl:hxxps://web-context.com/hometab.json]
FF Extension: (Norton Password Manager) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\idsafe@norton.com.xpi [2020-07-07]
FF Extension: (RetailMeNot Deal Finder) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\0t2q1zzw.default-release-1586776984367\Extensions\retailmenot-genie@rmn.com.xpi [2020-07-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-10] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-10] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default [2020-07-11]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Slides) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-09]
CHR Extension: (Docs) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-09]
CHR Extension: (Google Drive) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-09]
CHR Extension: (YouTube) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-09]
CHR Extension: (Sheets) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-04]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-07-11]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\System Profile [2020-07-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-10] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\AppHelperCap.exe [515344 2020-03-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\NetworkCap.exe [514320 2020-03-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\SysInfoCap.exe [516880 2020-03-27] (HP Inc. -> HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [7407368 2020-06-15] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] (Intel(R) Wireless Connectivity Solutions -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe [344760 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.4.57\nsWscSvc.exe [1055960 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R2 SECOMNService; C:\windows\System32\SECOMN64.exe [161296 2019-07-31] (Sound Research Corporation -> Sound Research, Corp.)
R2 SynaAPOService; C:\windows\System32\SynAudSrv.exe [595176 2019-05-20] (Conexant Systems LLC -> Synaptics Incorporated.)
R2 SynaAudioService; C:\windows\System32\CxAudioSvc.exe [83464 2019-05-20] (Conexant Systems LLC -> Conexant Systems LLC.)
R2 SynTPEnhService; C:\windows\System32\SynTPEnhService.exe [383240 2019-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\windows\System32\drivers\Accelerometer.sys [54688 2020-06-04] (HP Inc. -> HP)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\BASHDefs\20200707.001\BHDrvx64.sys [1952136 2020-06-30] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614040.039\ccSetx64.sys [192376 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-08] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-07-11] (Symantec Corporation -> Symantec Corporation)
R3 EzTouchFilter; C:\windows\System32\drivers\EzTouchFilter.sys [50424 2019-06-21] (ELAN Microelectronics Corporation -> )
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R0 hpdskflt; C:\windows\System32\drivers\hpdskflt.sys [64928 2020-06-04] (HP Inc. -> HP)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\IPSDefs\20200710.061\IDSvia64.sys [1451016 2020-07-06] (Symantec Corporation -> Symantec Corporation)
S2 mrtRate; no ImagePath
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 psvolacc; C:\windows\system32\drivers\psvolacc.sys [34520 2018-12-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [49416 2019-12-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\windows\System32\drivers\NGCx64\1614040.039\SRTSP64.SYS [889648 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\windows\System32\drivers\NGCx64\1614040.039\SRTSPX64.SYS [50864 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614040.039\SYMEFASI64.SYS [1964552 2020-06-03] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\windows\System32\drivers\NGCx64\1614040.039\SymELAM.sys [25024 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2020-07-07] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.2.57\SymPlatform\SymEvnt.sys [712368 2020-03-20] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\windows\System32\drivers\NGCx64\1614040.039\Ironx64.SYS [316656 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1614040.039\symnets.sys [575280 2020-06-03] (Symantec Corporation -> Symantec Corporation)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VirtualButtons; C:\windows\System32\drivers\VirtualButtons.sys [50344 2019-01-30] (Intel(R) Software -> Intel Corporation)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [47496 2019-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [344288 2019-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [37176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1614040.039\wpCtrlDrv.sys [1013656 2020-06-03] (Symantec Corporation -> Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-11 22:12 - 2020-07-11 22:13 - 000028609 _____ C:\Users\Nicki\Desktop\FRST.txt
2020-07-11 22:12 - 2020-07-11 22:13 - 000000000 ____D C:\FRST
2020-07-11 22:11 - 2020-07-11 22:11 - 002292736 _____ (Farbar) C:\Users\Nicki\Desktop\FRST64.exe
2020-07-11 22:07 - 2020-07-11 22:07 - 003667192 _____ (Symantec Corporation) C:\Users\Nicki\Downloads\NSBUDownloader (1).exe
2020-07-11 22:03 - 2020-07-11 22:03 - 000000000 ____D C:\windows\system32\Tasks\Remediation
2020-07-11 21:30 - 2020-07-11 21:30 - 000012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2020-07-11 21:27 - 2020-07-11 21:27 - 008420016 _____ (Malwarebytes) C:\Users\Nicki\Downloads\adwcleaner_8.0.6.exe
2020-07-10 14:25 - 2020-07-10 14:25 - 000000000 ____D C:\Users\Nicki\Desktop\Nicole
2020-07-09 10:47 - 2020-07-11 21:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-09 10:47 - 2020-07-09 10:47 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2020-07-07 12:53 - 2020-07-11 21:36 - 000000000 ____D C:\windows\system32\Tasks\Norton Security with Backup
2020-07-07 12:53 - 2020-07-11 21:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2020-07-07 12:53 - 2020-07-07 12:53 - 000003376 _____ C:\windows\system32\Tasks\Norton WSC Integration
2020-07-07 12:18 - 2020-07-11 21:31 - 000002375 _____ C:\Users\Public\Desktop\Norton Security.lnk
2020-07-07 12:18 - 2020-07-11 21:31 - 000002375 _____ C:\ProgramData\Desktop\Norton Security.lnk
2020-07-07 12:18 - 2020-07-07 12:18 - 000099848 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2020-07-07 12:18 - 2020-07-07 12:18 - 000008616 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2020-07-07 12:18 - 2020-07-07 12:18 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2020-07-07 12:16 - 2020-07-07 12:53 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2020-07-07 12:16 - 2020-07-07 12:16 - 000000000 ____D C:\Program Files\Norton Security
2020-07-07 12:16 - 2020-07-07 12:16 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2020-07-02 08:17 - 2020-07-09 08:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-06-27 20:07 - 2020-06-29 17:34 - 000000000 ____D C:\Users\Nicki\Desktop\Rice
2020-06-25 06:51 - 2020-07-10 14:18 - 000000000 ____D C:\Users\Nicki\Desktop\West Point
2020-06-20 20:05 - 2020-07-08 18:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-20 20:05 - 2020-06-21 07:12 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-20 20:05 - 2020-06-21 07:12 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-13 12:26 - 2020-06-13 12:26 - 000448512 _____ (OldTimer Tools) C:\Users\Nicki\Downloads\TFC.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-11 21:44 - 2019-08-09 07:31 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Mozilla
2020-07-11 21:37 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-11 21:31 - 2019-08-09 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-11 21:31 - 2019-08-09 00:46 - 000000000 __SHD C:\Users\Nicki\IntelGraphicsProfiles
2020-07-11 21:31 - 2019-04-15 11:38 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-07-11 21:31 - 2019-03-19 00:52 - 000000000 ___HD C:\windows\ELAMBKUP
2020-07-11 21:31 - 2019-03-19 00:52 - 000000000 ____D C:\windows\AppReadiness
2020-07-11 21:31 - 2019-03-18 23:34 - 000000000 ____D C:\Intel
2020-07-11 21:31 - 2019-03-18 23:32 - 000000024 _____ C:\windows\system32\Drivers\RtkR0Log.dat
2020-07-11 21:30 - 2019-03-19 00:37 - 000524288 _____ C:\windows\system32\config\BBI
2020-07-11 21:13 - 2019-03-19 00:50 - 000000000 ____D C:\windows\INF
2020-07-11 20:54 - 2019-04-15 11:38 - 000000000 ____D C:\windows\system32\SleepStudy
2020-07-11 13:32 - 2019-10-24 06:56 - 000000000 ____D C:\Users\Nicki\00Photos
2020-07-11 10:15 - 2019-08-10 16:23 - 000000000 ____D C:\Users\Nicki\AppData\Local\ElevatedDiagnostics
2020-07-10 16:09 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-10 14:18 - 2019-12-01 19:01 - 000000000 ____D C:\Users\Nicki\Desktop\Stuff
2020-07-09 17:15 - 2019-08-09 06:54 - 000000000 ____D C:\Users\Nicki\00Documents
2020-07-09 10:47 - 2019-08-09 07:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-09 08:06 - 2019-08-09 08:12 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-07-09 08:06 - 2019-08-09 08:11 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-07-07 16:03 - 2019-12-20 15:05 - 000001235 _____ C:\Users\Nicki\Desktop\Cook'n.lnk
2020-07-07 16:03 - 2019-08-09 06:45 - 000001257 _____ C:\Users\Nicki\Desktop\Windows Updates.lnk
2020-07-07 12:56 - 2019-08-10 11:20 - 000000000 ____D C:\Program Files\Common Files\AV
2020-07-07 12:26 - 2019-08-10 10:43 - 000000000 ____D C:\ProgramData\Norton
2020-07-07 12:19 - 2019-03-19 00:37 - 000032768 _____ C:\windows\system32\config\ELAM
2020-07-07 12:12 - 2019-08-10 10:44 - 000000000 ____D C:\ProgramData\NortonInstaller
2020-07-07 12:12 - 2019-08-09 06:22 - 000744808 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2020-07-07 12:10 - 2019-08-10 10:43 - 000000000 ____D C:\Users\Public\Downloads\Norton
2020-07-05 23:07 - 2019-08-09 00:46 - 000000000 ____D C:\Users\Nicki\AppData\Local\VirtualStore
2020-07-02 11:21 - 2019-08-09 07:38 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2020-06-29 17:27 - 2019-08-09 14:09 - 000000000 ____D C:\Users\Nicki\AppData\Roaming\vlc
2020-06-29 07:37 - 2019-10-13 16:44 - 000000883 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-06-29 07:37 - 2019-10-13 16:44 - 000000883 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-06-24 13:45 - 2019-08-09 07:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-20 15:20 - 2019-03-19 00:37 - 000000000 ____D C:\windows\CbsTemp
2020-06-16 15:55 - 2019-08-09 14:24 - 000000000 ____D C:\Users\Nicki\Documents\Cook'n Backups
2020-06-15 08:47 - 2019-08-09 00:44 - 000000000 ____D C:\Users\Nicki
2020-06-13 15:26 - 2019-04-15 11:38 - 000451728 _____ C:\windows\system32\FNTCACHE.DAT
2020-06-12 20:35 - 2019-05-03 12:33 - 000848226 _____ C:\windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories ========
2019-11-29 13:06 - 2019-11-29 13:06 - 000004608 _____ () C:\Users\Nicki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================