Jump to content

Recommended Posts

Hello.  I continue to get notices from MWB of a fraud alert for domain: cmqr.fisasinren.club with IP address: 104.31.114.92 which related to the Chrome.Exe file.  I ran the MWB scan and it did not identify new treats.  I was going to run the Farbar Recovery Scan Tool  (64 bit) that was on bleepingcomputer but I got warnings about this file.  Since I am not getting a lot more pop ups I was leary about downloading and running this file.  Can you advise.  Also, I have attached the results of the MWB scan for you.  Please advise on the next steps.  Hopefully, I would like to have this fixed before my trial period ends.  Thanks JimG

Chrome_Fraud_Alert.JPG

Fraud Alert-MalwareBytes.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

Hello,  I have scanned my computer using Farbar Recovery Scan and the results follow.  The Addition.txt is also attached with this reply.  Thanks for your help, Jim

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by admin (administrator) on THNIKPAD-T530 (09-02-2019 16:29:20)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available Profiles: admin & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Corel Corporation) C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Amazon Services LLC) C:\Users\admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Users\admin\solitaire.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Lenovo Group Limited) C:\Users\admin\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(hxxp://www.ruby-lang.org/) C:\Users\admin\AppData\Local\Temp\ocrFF9.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\admin\AppData\Local\Temp\ocr71E9.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\AnvSoft\Syncios Data Transfer\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FreeFileSync.org) C:\Program Files\FreeFileSync\FreeFileSync.exe
(FreeFileSync.org) C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\MusicBrainz Picard\picard.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\admin\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-15] (Corel Corporation -> WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-15] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-15] (WinZip Computing LLC -> WinZip Computing, S.L.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-08-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2018-05-15] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (Canon Inc. -> CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\Run: [Amazon Music Helper] => C:\Users\admin\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-12-18] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\Run: [Amazon Music] => C:\Users\admin\AppData\Local\Amazon Music\Amazon Music.exe [19848632 2018-12-18] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\RunOnce: [Application Restart #0] => C:\Program Files\pia_manager\nwjs\pia_nw.exe [1827608 2018-06-18] (London Trust Media Inc -> The NWJS Community)
HKU\S-1-5-21-1502661332-3684748709-1017239072-1000\...\MountPoints2: {41788938-a96d-11e7-9dcc-3c970e03cf6a} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-07] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2018-10-09]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{0146c302-d39c-45c2-9a99-9f17ef8eb937}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c4b87d4c-0f2e-4026-85b1-950e87122c64}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{ce05a64b-da48-46fc-b733-f0ad5cf5036d}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2018-01-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-04] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1502661332-3684748709-1017239072-1000 -> hxxp://www.espn.com/watch/schedule/

FireFox:
========
FF DefaultProfile: hzi3tr76.default
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzi3tr76.default [2019-02-09]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502661332-3684748709-1017239072-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-12-09] (Zoom Video Communications, Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://ofbglpclflpnhkghmmggbglkcbcadihj/newtab/slim_newtabpage.html", Not-active:"chrome-extension://ijifkdkjaioojhebgfgdifljkemifapl/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://uconnhuskies.com/favicon.ico
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Norton Password Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-02-04]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-31]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-11]
CHR Extension: (www.google.com) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkgbpjgflkdejfpppkcobnoomfhjofi [2019-01-28]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Split Tabs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamepagkigmnpoalafajabnljlkkocbk [2018-09-03]
CHR Extension: (Yahoo Web) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkfnlchoagpbhpmkcbfmklipabkfdin [2018-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (pia menu bar icon missing - Google Se...) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noclhcibekbfigkbpfnpoghehhphdnfk [2018-08-31]
CHR Extension: (Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okkolgldfknecfjnhhglfopimelbaceh [2019-01-28]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-31]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-02]
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-10-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc -> Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc -> Dell Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2017-08-30] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [120400 2017-04-03] (Lenovo -> Lenovo Group Limited)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711248 2017-04-01] (Lenovo -> Lenovo.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR TAIWAN CO., LTD -> NETGEAR)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc. -> Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-02] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-26] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-26] (Microsoft Corporation -> Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] (Corel Corporation -> )
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS Devices\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.14.0.54\Definitions\BASHDefs\20190206.002\BHDrvx64.sys [1934048 2019-02-05] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Techporch Incorporated -> Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [480040 2015-06-16] (Intel(R) Intel Network Drivers -> Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-11-27] (Symantec Corporation -> Symantec Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-01] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes Corporation -> Malwarebytes)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [62528 2018-01-03] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-11] (Intel Corporation - Client Components Group -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.14.0.54\Definitions\IPSDefs\20190208.061\IDSvia64.sys [1424904 2019-01-21] (Symantec Corporation -> Symantec Corporation)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [3811288 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [50160 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [463112 2016-06-10] (Intel Corporation - Client Components Group -> Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [38896 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
R3 LnvHIDHW; C:\WINDOWS\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo(Japan)Ltd. -> Lenovo)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-02-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-02-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S1 MpKsld45d0251; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C94B9EB-319E-457E-B77D-69E4E4C4DEE6}\MpKsld45d0251.sys [58120 2018-10-18] () [File not signed]
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2018-04-11] (Microsoft Windows -> Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RCUVCAVS; C:\WINDOWS\system32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
R3 risdxc; C:\WINDOWS\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42664 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-13] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.14.0.54\SymPlatform\SymEvnt.sys [678616 2019-01-28] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [124544 2015-10-20] (High Criteria Inc -> High Criteria inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-09-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [352424 2018-09-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-26] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 16:29 - 2019-02-09 16:31 - 000043204 _____ C:\Users\admin\Downloads\FRST.txt
2019-02-09 16:28 - 2019-02-09 16:29 - 000000000 ____D C:\FRST
2019-02-09 16:25 - 2019-02-09 16:25 - 002434048 _____ (Farbar) C:\Users\admin\Downloads\FRST64 (1).exe
2019-02-09 10:44 - 2019-02-09 14:37 - 000000000 ____D C:\Users\admin\AppData\Roaming\MusicBee
2019-02-09 10:42 - 2019-02-09 10:42 - 000000000 ____D C:\Users\admin\AppData\Local\MusicBee
2019-02-09 10:35 - 2019-02-09 10:35 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2019-02-09 10:26 - 2019-02-09 10:27 - 012934387 _____ C:\Users\admin\Downloads\MusicBeeSetup_3_2_Update3.zip
2019-02-09 10:25 - 2019-02-09 10:36 - 000001098 _____ C:\Users\admin\Desktop\MusicBee.lnk
2019-02-09 10:25 - 2019-02-09 10:36 - 000000000 ____D C:\Program Files (x86)\MusicBee
2019-02-09 05:53 - 2019-02-09 09:37 - 000000000 ____D C:\Users\admin\Documents\Health
2019-02-09 05:38 - 2019-02-09 05:38 - 000060617 _____ C:\Users\admin\Downloads\Invoice 5396D822-0EA1-4432-A042-EF9580EB01DD.pdf
2019-02-09 05:38 - 2019-02-09 05:38 - 000060617 _____ C:\Users\admin\Downloads\Invoice 5396D822-0EA1-4432-A042-EF9580EB01DD (1).pdf
2019-02-08 14:46 - 2019-02-08 14:48 - 002434048 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2019-02-08 14:44 - 2019-02-08 14:44 - 000001219 _____ C:\Users\admin\Desktop\Fraud Alert-Malwarebytes.txt
2019-02-08 13:27 - 2019-02-08 13:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-08 11:22 - 2019-02-08 11:22 - 000232093 _____ C:\Users\admin\Downloads\Invoice A3831-1 Giger.pdf
2019-02-08 09:48 - 2019-02-08 11:09 - 000000000 ____D C:\Users\admin\Documents\Syncios Data Transfer
2019-02-08 09:48 - 2019-02-08 10:55 - 000000000 ____D C:\Users\admin\AppData\Roaming\Syncios Data Transfer
2019-02-08 08:57 - 2019-02-08 08:57 - 000000000 ____D C:\Users\admin\AppData\Roaming\iMobie
2019-02-08 08:57 - 2019-02-08 08:57 - 000000000 ____D C:\Users\admin\AppData\Local\iMobie_Inc
2019-02-08 08:56 - 2019-02-08 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2019-02-08 08:55 - 2019-02-08 08:55 - 000000000 ____D C:\Program Files (x86)\iMobie
2019-02-08 07:19 - 2019-02-08 07:19 - 000080762 _____ C:\Users\admin\Downloads\Feb_9_2019_New Britain Museum of American Art8198054.pdf
2019-02-08 07:19 - 2019-02-08 07:19 - 000080762 _____ C:\Users\admin\Downloads\Feb_9_2019_New Britain Museum of American Art8198054 (1).pdf
2019-02-07 11:07 - 2019-02-07 11:07 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-07 11:06 - 2019-02-09 16:30 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-07 11:06 - 2019-02-07 11:06 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-07 11:06 - 2019-02-07 11:06 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-07 10:43 - 2019-02-07 10:43 - 000001332 _____ C:\Users\admin\Desktop\Syncios Data Transfer.lnk
2019-02-07 10:43 - 2019-02-07 10:43 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
2019-02-07 10:43 - 2019-02-07 10:43 - 000000000 ____D C:\Program Files (x86)\AnvSoft
2019-02-06 12:22 - 2019-02-08 19:24 - 000000000 ____D C:\Users\admin\AppData\Roaming\MusicBrainz
2019-02-06 12:22 - 2019-02-06 12:22 - 000000000 ____D C:\Users\admin\AppData\Local\MusicBrainz
2019-02-06 12:20 - 2019-02-06 12:20 - 000001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2019-02-06 12:20 - 2019-02-06 12:20 - 000000000 ____D C:\Program Files\MusicBrainz Picard
2019-02-06 12:18 - 2019-02-06 12:19 - 027890949 _____ (MusicBrainz) C:\Users\admin\Downloads\picard-setup-2.1.2.exe
2019-02-06 09:31 - 2019-02-06 09:31 - 016307512 _____ (FreeFileSync.org ) C:\Users\admin\Downloads\FreeFileSync_10.8_Windows_Setup.exe
2019-02-05 15:23 - 2019-02-05 15:25 - 062672552 _____ (Amazon) C:\Users\admin\Downloads\AmazonMusicInstaller (1).exe
2019-02-05 08:22 - 2019-02-05 08:22 - 000000000 ___HD C:\OneDriveTemp
2019-02-04 10:10 - 2019-02-04 10:10 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-04 10:10 - 2019-02-04 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-02-01 17:34 - 2019-02-01 17:35 - 000561128 _____ C:\Users\admin\Downloads\REVISED Giger Quote C1810-1.pdf
2019-02-01 08:15 - 2019-02-01 08:15 - 000000000 ____D C:\Users\admin\AppData\Local\mbam
2019-02-01 08:14 - 2019-02-01 08:14 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-01 08:14 - 2019-02-01 08:14 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-01 08:14 - 2019-02-01 08:14 - 000000000 ____D C:\Users\admin\AppData\Local\mbamtray
2019-02-01 08:14 - 2019-02-01 08:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-01 08:14 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-01 08:13 - 2019-02-01 08:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-01 08:13 - 2019-02-01 08:13 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-01 08:12 - 2019-02-01 08:13 - 073103960 _____ (Malwarebytes ) C:\Users\admin\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.527-1.0.9052.exe
2019-02-01 06:43 - 2019-02-01 06:43 - 000257198 _____ C:\Users\admin\Downloads\20190108-statements-5321-.pdf
2019-01-31 18:57 - 2019-01-31 18:58 - 067236561 _____ C:\Users\admin\Downloads\Amazon-Music-Download_2019-01-31_15-57.zip
2019-01-31 18:14 - 2019-01-31 18:15 - 109848622 _____ C:\Users\admin\Downloads\Amazon-Music-Download_2019-01-31_15-14.zip
2019-01-31 17:59 - 2019-01-31 18:00 - 055260832 _____ C:\Users\admin\Downloads\Amazon-Music-Download_2019-01-31_14-59.zip
2019-01-30 17:04 - 2019-01-30 17:04 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-30 17:04 - 2019-01-30 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-30 17:04 - 2019-01-30 17:04 - 000000000 ____D C:\Program Files\iPod
2019-01-30 17:03 - 2019-01-30 17:04 - 000000000 ____D C:\Program Files\iTunes
2019-01-28 06:52 - 2019-01-28 06:52 - 000002969 _____ C:\Users\admin\Desktop\Google.lnk
2019-01-26 11:29 - 2019-01-26 11:29 - 000031744 _____ C:\Users\admin\Downloads\Mull Bros Giger proposal_2019.1.26.xls
2019-01-24 13:26 - 2019-01-24 13:26 - 000016144 _____ C:\Users\admin\Downloads\Daniels Giger - Trane 80% single stage furnace with Standard Blower.pdf
2019-01-24 13:26 - 2019-01-24 13:26 - 000016103 _____ C:\Users\admin\Downloads\Daniels Giger - Trane 2 stage heat with variable speed blower.pdf
2019-01-24 13:26 - 2019-01-24 13:26 - 000016062 _____ C:\Users\admin\Downloads\Daniels Giger - Amana 80%+ 2 stage Propane Furnace.pdf
2019-01-23 16:53 - 2019-01-23 16:53 - 000040204 _____ C:\Users\admin\Downloads\Estimate [2].pdf
2019-01-23 16:53 - 2019-01-23 16:53 - 000040191 _____ C:\Users\admin\Downloads\Estimate [3].pdf
2019-01-23 16:53 - 2019-01-23 16:53 - 000040191 _____ C:\Users\admin\Downloads\Estimate [1] (1).pdf
2019-01-23 16:53 - 2019-01-23 16:53 - 000040187 _____ C:\Users\admin\Downloads\Estimate [4].pdf
2019-01-23 16:46 - 2019-01-23 16:46 - 000040191 _____ C:\Users\admin\Downloads\Estimate [1].pdf
2019-01-23 13:10 - 2019-01-23 13:10 - 000042241 _____ C:\Users\admin\Downloads\Country Wide Estimate [2].pdf
2019-01-23 13:10 - 2019-01-23 13:10 - 000042175 _____ C:\Users\admin\Downloads\Country Wide Estimate [1].pdf
2019-01-23 11:52 - 2019-01-23 11:52 - 000560797 _____ C:\Users\admin\Downloads\Giger Quote C1810-1.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 16:30 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-09 14:39 - 2018-05-15 05:34 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A71EF09-1BE3-4674-A7AF-B44CE5282760}
2019-02-09 14:36 - 2018-05-15 05:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-08 11:17 - 2018-01-18 10:09 - 000000000 ____D C:\Data
2019-02-08 09:49 - 2018-08-21 12:49 - 000000000 ____D C:\Users\admin\.android
2019-02-08 08:58 - 2018-07-27 12:46 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2019-02-08 07:46 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 07:46 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-08 07:45 - 2018-06-22 05:11 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 06:43 - 2018-10-18 13:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-02-07 11:10 - 2017-06-29 16:37 - 000000000 ___RD C:\Users\admin\OneDrive
2019-02-07 11:05 - 2018-05-15 05:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-07 11:05 - 2017-05-31 15:14 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2019-02-07 11:03 - 2018-04-11 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-02-07 05:31 - 2017-05-31 14:47 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-07 05:31 - 2017-05-31 14:47 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-06 13:04 - 2018-08-21 11:38 - 000000000 ____D C:\Users\admin\AppData\Local\Amazon Music
2019-02-06 09:34 - 2018-08-22 08:32 - 000000000 ____D C:\Users\admin\AppData\Roaming\FreeFileSync
2019-02-06 09:33 - 2018-08-22 08:32 - 000001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2019-02-06 09:33 - 2018-08-22 08:32 - 000001007 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2019-02-06 09:33 - 2018-08-22 08:32 - 000000995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2019-02-06 09:33 - 2018-08-22 08:32 - 000000983 _____ C:\Users\Public\Desktop\RealTimeSync.lnk
2019-02-06 09:33 - 2018-08-22 08:32 - 000000000 ____D C:\Program Files\FreeFileSync
2019-02-05 15:28 - 2018-08-21 11:39 - 000001306 _____ C:\Users\admin\Desktop\Amazon Music.lnk
2019-02-05 08:15 - 2018-08-22 09:21 - 000000000 ____D C:\Program Files\CCleaner
2019-02-04 10:08 - 2017-09-19 12:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-04 08:23 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-03 05:48 - 2017-10-10 10:26 - 000000000 ____D C:\ProgramData\WinZip
2019-02-02 06:54 - 2017-10-10 10:26 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2019-02-01 07:17 - 2018-05-15 05:34 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1502661332-3684748709-1017239072-1000
2019-02-01 07:16 - 2018-05-15 05:13 - 000002410 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-31 17:24 - 2018-02-27 10:18 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-01-30 21:34 - 2018-05-15 05:09 - 000932352 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-30 21:34 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-29 17:44 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-28 06:52 - 2018-08-31 18:13 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2019-01-27 13:20 - 2018-05-15 05:13 - 000000000 ____D C:\Users\ReportServer$SQLEXPRESS
2019-01-27 13:19 - 2018-05-15 05:13 - 000000000 ____D C:\Users\admin
2019-01-20 12:09 - 2018-05-27 16:23 - 000000000 ____D C:\ProgramData\Norton
2019-01-20 12:06 - 2019-01-09 08:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-01-20 12:06 - 2018-05-27 16:26 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-01-18 06:24 - 2018-11-15 20:34 - 000000000 ____D C:\Program Files\rempl
2019-01-17 08:28 - 2017-07-14 04:58 - 000000000 ____D C:\Users\admin\AppData\Local\LenovoServiceBridge

==================== Files in the root of some directories =======

2017-10-13 12:54 - 2017-04-14 12:02 - 000359936 _____ (Microsoft Corporation) C:\Users\admin\cards.dll
2017-10-13 12:54 - 2016-09-15 12:27 - 000056832 _____ (Microsoft Corporation) C:\Users\admin\solitaire.exe
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\admin\AppData\Local\setup.txt

Some files in TEMP:
====================
2019-02-08 09:48 - 2019-02-08 13:56 - 000000000 ____D () C:\Users\admin\AppData\Local\Temp\SynciosTransfer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-15 05:04

==================== End of FRST.txt ============================

 

Addition.txt

Link to post
Share on other sites

Hi,

Your logs are clean of malware.

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Let me know if the problem persists or if you have any other issues with this computer.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.