1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] Network intrusion

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by malopr, May 31, 2017.

  1. malopr

    malopr Established Techie7 Member

    Referred here by Digerati.
    New laptop installing Microsoft Office Code key did not take did it twice and still the same called number on screen and turned out to be a hacker said there were bad/junk files and wanted money to clean told him no, then he turned on web cam and I powered down the computer. I believe another computer was compromised also which was on at the time and started to act rather funny. Should I post a another thread for that pc

    and here are the FRST and Addition files:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
    Ran by David (administrator) on DAVES (30-05-2017 16:39:14)
    Running from C:\Users\David\Desktop
    Loaded Profiles: David (Available Profiles: defaultuser0 & David)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
    (HP) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Conexant Systems, Inc) C:\Windows\CxSvc\CxMonSvc.exe
    (Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe
    (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\n360.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
    (Conexant) C:\Windows\System32\MicTray64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    (HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
    (HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerSt.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
    (Conexant Systems, Inc) C:\Program Files\Conexant\Flow\Flow.exe
    (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
    (Farbar) C:\Users\David\Desktop\david.exe
    ==================== Registry (Whitelisted) ====================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
    HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerST.exe [133952 2016-09-28] (HP)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-03-30]
    ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico ()
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{6e93c534-5f9b-45a8-b180-22a2d7c99ea9}: [DhcpNameServer] 172.168.0.7
    Tcpip\..\Interfaces\{86ccf9dc-b378-4022-a479-927702f35c94}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-1499518019-2566608915-2627069529-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-1499518019-2566608915-2627069529-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    SearchScopes: HKLM -> {2C0F5308-6D23-4480-BF9C-6F013FDAB5AC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {2C0F5308-6D23-4480-BF9C-6F013FDAB5AC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1499518019-2566608915-2627069529-1001 -> {2C0F5308-6D23-4480-BF9C-6F013FDAB5AC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1499518019-2566608915-2627069529-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-30] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-30] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-1499518019-2566608915-2627069529-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2017-05-29]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-30] (Microsoft Corporation)
    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2017-05-29]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\Exts\Chrome.crx [2017-05-29]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
    R3 cphs; C:\windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
    R2 cplspcon; C:\windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
    R2 CxMonSvc; C:\windows\CxSvc\CxMonSvc.exe [31352 2017-04-21] (Conexant Systems, Inc)
    R2 CxUtilSvc; C:\windows\CxSvc\CxUtilSvc.exe [148600 2017-04-13] (Conexant Systems, Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-30] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-30] (Dropbox, Inc.)
    R2 esifsvc; C:\windows\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-05] (Intel Corporation)
    R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [894976 2016-08-04] (HP Inc.) [File not signed]
    R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3316576 2016-08-09] (HP Inc.)
    R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc.)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
    R2 hpsrv; C:\windows\system32\Hpservice.exe [38752 2016-09-26] (HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-08-04] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
    S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.3.13\N360.exe [326160 2017-05-11] (Symantec Corporation)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-04-26] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R3 Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [56168 2016-09-26] (HP)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170522.003\BHDrvx64.sys [1862784 2017-05-22] (Symantec Corporation)
    R1 ccSet_N360; C:\windows\system32\drivers\N360x64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
    R3 CnxtHdAudService; C:\windows\system32\drivers\CHDRT64ISST.sys [1668632 2017-05-14] (Conexant Systems Inc.)
    R3 dptf_acpi; C:\windows\System32\drivers\dptf_acpi.sys [71232 2016-09-05] (Intel Corporation)
    R3 dptf_cpu; C:\windows\System32\drivers\dptf_cpu.sys [66624 2016-09-05] (Intel Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-05] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-05] (Symantec Corporation)
    R3 esif_lf; C:\windows\system32\DRIVERS\esif_lf.sys [350272 2016-09-05] (Intel Corporation)
    R3 HID_PCI; C:\windows\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel)
    R0 hpdskflt; C:\windows\System32\DRIVERS\hpdskflt.sys [42344 2016-09-26] (HP)
    R3 iaLPSS2_GPIO2; C:\windows\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-29] (Intel Corporation)
    R3 iaLPSS2_I2C; C:\windows\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
    R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170526.001\IDSvia64.sys [1038024 2017-05-26] (Symantec Corporation)
    R3 igfx; C:\windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
    R3 IntcAudioBus; C:\windows\System32\drivers\IntcAudioBus.sys [225872 2016-10-07] (Intel(R) Corporation)
    R3 IntcOED; C:\windows\System32\drivers\IntcOED.sys [722512 2016-10-07] (Intel(R) Corporation)
    R3 ISH; C:\windows\System32\drivers\ISH.sys [143984 2016-08-18] (Intel)
    R3 ISH_BusDriver; C:\windows\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel)
    S3 NetAdapterCx; C:\windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 Netwtw04; C:\windows\System32\drivers\Netwtw04.sys [7237384 2016-07-24] (Intel Corporation)
    R3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realsil Semiconductor Corporation)
    S3 rtux64w10; C:\windows\System32\drivers\rtux64w10.sys [333824 2016-07-16] (Realtek )
    S3 SmbDrv; C:\windows\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-08-22] (Synaptics Incorporated)
    R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-04-26] (Synaptics Incorporated)
    R3 SRTSP; C:\windows\System32\Drivers\N360x64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
    R1 SRTSPX; C:\windows\system32\drivers\N360x64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
    R0 SymEFASI; C:\windows\System32\drivers\N360x64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
    S0 SymELAM; C:\windows\System32\drivers\N360x64\1609030.00D\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2017-05-29] (Symantec Corporation)
    R1 SymIRON; C:\windows\system32\drivers\N360x64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
    R3 SymNetS; C:\windows\System32\Drivers\N360x64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
    R3 VirtualButtons; C:\windows\System32\drivers\VirtualButtons.sys [40008 2016-10-02] (Intel Corporation)
    S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\windows\system32\DRIVERS\WirelessButtonDriver64.sys [32832 2016-07-31] (HP)
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170529.008\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170529.008\EX64.SYS [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-05-30 16:39 - 2017-05-30 16:39 - 00019825 _____ C:\Users\David\Desktop\FRST.txt
    2017-05-30 16:38 - 2017-05-30 16:39 - 00000000 ____D C:\FRST
    2017-05-30 16:38 - 2017-05-30 16:38 - 02429952 _____ (Farbar) C:\Users\David\Desktop\david.exe
    2017-05-30 12:29 - 2017-05-30 12:29 - 00000161 _____ C:\Users\David\Desktop\Commad prompt.txt
    2017-05-30 12:24 - 2017-05-30 12:24 - 00102608 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SY1
    2017-05-30 07:34 - 2017-05-30 07:34 - 00000000 ___HD C:\ProgramData\temp
    2017-05-29 16:56 - 2017-05-29 16:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
    2017-05-29 16:56 - 2017-05-29 09:58 - 00002374 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-05-29 16:56 - 2017-05-29 09:58 - 00000000 ___RD C:\Users\David\OneDrive
    2017-05-29 16:55 - 2017-05-29 16:55 - 00000000 ____D C:\Users\David\AppData\Local\DropboxOEM
    2017-05-29 16:55 - 2017-05-29 11:09 - 00000000 ____D C:\Users\David\AppData\Roaming\HP
    2017-05-29 16:55 - 2017-05-29 10:05 - 00000000 ____D C:\Users\David\AppData\Roaming\DropboxOEM
    2017-05-29 16:54 - 2017-05-30 16:29 - 00000000 __SHD C:\Users\David\IntelGraphicsProfiles
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Roaming\Synaptics
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Roaming\Intel
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Local\TileDataLayer
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Local\Publishers
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Local\ConnectedDevicesPlatform
    2017-05-29 16:54 - 2017-05-29 16:54 - 00000000 ____D C:\Users\David\AppData\Local\Conexant
    2017-05-29 16:54 - 2017-05-29 12:59 - 00000000 ____D C:\Users\David\AppData\Local\Hewlett-Packard
    2017-05-29 16:54 - 2017-05-29 11:14 - 00000000 ____D C:\Users\David\AppData\Local\Packages
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000020 ___SH C:\Users\David\ntuser.ini
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 _SHDL C:\Users\David\My Documents
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 _SHDL C:\Users\David\Documents\My Videos
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 _SHDL C:\Users\David\Documents\My Pictures
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 _SHDL C:\Users\David\Documents\My Music
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\HP
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\DropboxOEM
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Hewlett-Packard
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\DropboxOEM
    2017-05-29 16:53 - 2017-05-29 16:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Conexant
    2017-05-29 16:53 - 2017-05-29 10:08 - 00000000 ____D C:\Users\David
    2017-05-29 16:53 - 2016-10-14 10:39 - 00000000 ___HD C:\Users\David\Documents\hp.system.package.metadata
    2017-05-29 16:53 - 2016-10-14 10:39 - 00000000 ___HD C:\Users\David\Documents\hp.applications.package.appdata
    2017-05-29 16:52 - 2017-05-29 16:52 - 00000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
    2017-05-29 16:52 - 2017-05-29 16:52 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Synaptics
    2017-05-29 16:52 - 2017-05-29 16:52 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Intel
    2017-05-29 16:52 - 2017-05-29 16:52 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
    2017-05-29 16:52 - 2017-05-29 16:52 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
    2017-05-29 16:52 - 2017-05-29 16:52 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
    2017-05-29 16:52 - 2017-05-29 16:52 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
    2017-05-29 16:47 - 2017-05-29 16:52 - 00000000 ____D C:\Users\defaultuser0
    2017-05-29 16:47 - 2017-05-29 16:47 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
    2017-05-29 16:47 - 2017-05-29 16:47 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
    2017-05-29 16:47 - 2017-05-29 16:47 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
    2017-05-29 16:47 - 2017-05-29 16:47 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
    2017-05-29 16:47 - 2017-05-29 16:47 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
    2017-05-29 16:47 - 2016-10-14 10:39 - 00000000 ___HD C:\Users\defaultuser0\Documents\hp.system.package.metadata
    2017-05-29 16:47 - 2016-10-14 10:39 - 00000000 ___HD C:\Users\defaultuser0\Documents\hp.applications.package.appdata
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Public\Documents\My Music
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Default\My Documents
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2017-05-29 16:46 - 2017-05-29 16:46 - 00000000 _SHDL C:\Documents and Settings
    2017-05-29 14:04 - 2017-05-30 07:41 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
    2017-05-29 12:59 - 2017-05-30 07:19 - 00000000 ____D C:\Users\David\AppData\Roaming\hpqLog
    2017-05-29 12:16 - 2017-05-29 12:16 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2017-05-29 11:56 - 2017-05-29 12:17 - 00000000 ____D C:\Users\David\AppData\Roaming\Apple Computer
    2017-05-29 11:56 - 2017-05-29 11:56 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-05-29 11:56 - 2017-05-29 11:56 - 00000000 ____D C:\Users\David\AppData\Local\Apple Computer
    2017-05-29 11:56 - 2017-05-29 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-05-29 11:56 - 2017-05-29 11:56 - 00000000 ____D C:\ProgramData\Apple Computer
    2017-05-29 11:56 - 2017-05-29 11:56 - 00000000 ____D C:\Program Files\iTunes
    2017-05-29 11:56 - 2017-05-29 11:56 - 00000000 ____D C:\Program Files\iPod
    2017-05-29 11:55 - 2017-05-29 11:55 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-05-29 11:55 - 2017-05-29 11:55 - 00000000 ____D C:\windows\System32\Tasks\Apple
    2017-05-29 11:55 - 2017-05-29 11:55 - 00000000 ____D C:\Users\David\AppData\Local\Apple
    2017-05-29 11:55 - 2017-05-29 11:55 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-05-29 11:55 - 2017-05-29 11:55 - 00000000 ____D C:\Program Files\Bonjour
    2017-05-29 11:55 - 2017-05-29 11:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2017-05-29 11:55 - 2017-05-29 11:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-05-29 11:53 - 2017-05-29 11:53 - 259195720 _____ (Apple Inc.) C:\Users\David\Documents\iTunes64Setup.exe
    2017-05-29 11:42 - 2017-05-30 16:32 - 00004168 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F549964A-B83A-4B36-97B1-366C431199E6}
    2017-05-29 11:09 - 2017-05-30 07:04 - 00004084 _____ C:\windows\System32\Tasks\CRMTaskReminder
    2017-05-29 11:09 - 2017-05-29 11:09 - 00004098 _____ C:\windows\System32\Tasks\HPGenoobeReminder
    2017-05-29 11:09 - 2017-05-29 11:09 - 00000000 ____D C:\Users\David\AppData\Local\HP_Inc
    2017-05-29 10:24 - 2017-05-29 14:10 - 00000000 ____D C:\windows\System32\Tasks\Remediation
    2017-05-29 10:23 - 2017-05-29 10:23 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-05-29 10:15 - 2017-05-29 10:15 - 00000000 ____D C:\Users\David\AppData\Roaming\Hewlett-Packard
    2017-05-29 10:15 - 2017-05-29 10:15 - 00000000 ____D C:\Users\David\AppData\Local\Comms
    2017-05-29 10:11 - 2017-05-30 12:24 - 00008339 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
    2017-05-29 10:11 - 2017-05-30 12:24 - 00000000 ____D C:\windows\system32\Drivers\N360x64
    2017-05-29 10:11 - 2017-05-30 12:24 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
    2017-05-29 10:11 - 2017-05-29 13:58 - 00002420 _____ C:\Users\Public\Desktop\Norton 360.lnk
    2017-05-29 10:11 - 2017-05-29 13:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
    2017-05-29 10:11 - 2017-05-29 13:22 - 00100592 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    2017-05-29 10:11 - 2017-05-29 10:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2017-05-29 10:06 - 2017-05-29 10:06 - 00002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bang & Olufsen Audio Control Panel.lnk
    2017-05-29 10:06 - 2017-05-29 10:06 - 00000000 ____D C:\ProgramData\SRS Labs
    2017-05-29 10:06 - 2017-05-14 10:09 - 02758232 _____ (Conexant) C:\windows\system32\MicTray64.exe
    2017-05-29 10:06 - 2016-10-14 15:32 - 00002988 _____ C:\windows\system32\MicTray64.xml
    2017-05-29 10:06 - 2016-10-04 10:42 - 00007412 _____ C:\windows\system32\cxapo.prop
    2017-05-29 10:06 - 2016-10-04 10:41 - 00007412 _____ C:\windows\system32\cxapo2.prop
    2017-05-29 10:06 - 2016-04-19 13:46 - 00004664 _____ C:\windows\system32\Drivers\SSPTunePt.DAT
    2017-05-29 10:03 - 2017-05-29 10:03 - 00000000 ____D C:\ProgramData\NortonInstaller
    2017-05-29 10:03 - 2017-05-29 10:03 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
    2017-05-29 10:02 - 2017-05-29 10:14 - 00000000 ____D C:\ProgramData\Norton
    2017-05-29 10:02 - 2017-05-29 10:10 - 00001358 _____ C:\Users\David\Desktop\Norton Installation Files.lnk
    2017-05-29 10:02 - 2017-05-29 10:02 - 01100792 _____ (Symantec Corporation) C:\Users\David\Documents\Norton_Download_Manager.exe
    2017-05-29 10:02 - 2017-05-29 10:02 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2017-05-29 09:58 - 2017-05-29 09:58 - 00003290 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task v2
    2017-05-29 09:58 - 2017-05-29 09:58 - 00000000 ____D C:\Users\David\AppData\Roaming\Macromedia
    2017-05-29 09:57 - 2017-05-29 09:57 - 00000000 ____D C:\Users\David\AppData\Local\MicrosoftEdge
    2017-05-14 05:38 - 2017-05-14 05:38 - 04883840 _____ (Conexant Systems, Inc.) C:\windows\system32\UCI64A160.dll
    2017-05-14 05:38 - 2017-05-14 05:38 - 01618256 _____ (Conexant Systems Inc.) C:\windows\system32\CX64APO.dll
    2017-05-14 05:38 - 2017-05-14 05:38 - 01529136 _____ (Conexant Systems Inc.) C:\windows\system32\CX64Proxy.dll
    2017-05-14 05:38 - 2017-05-14 05:38 - 01049280 _____ (Conexant Systems Inc.) C:\windows\system32\CX64BP30.dll
    2017-05-14 05:38 - 2017-05-14 05:38 - 00419056 _____ (Conexant Systems, Inc.) C:\windows\system32\CSpkASExt64.dll
    2017-05-14 02:27 - 2017-05-14 02:27 - 00095509 _____ C:\windows\system32\Drivers\HWPID.ini
    2017-05-14 02:27 - 2017-05-14 02:27 - 00007423 _____ C:\windows\system32\Drivers\PASettings.ini
    2017-05-14 02:27 - 2017-05-14 02:27 - 00004285 _____ C:\windows\system32\Drivers\ForceDetectionTip.ini
    2017-05-14 02:27 - 2017-05-14 02:27 - 00002979 _____ C:\windows\system32\Drivers\SPKID.ini
    2017-05-14 02:27 - 2017-05-14 02:27 - 00002061 _____ C:\windows\system32\Drivers\RTD3.ini
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2017-05-30 12:36 - 2016-07-16 04:36 - 00000000 ____D C:\windows\CbsTemp
    2017-05-30 12:17 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-05-30 12:16 - 2016-10-14 10:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-05-30 07:38 - 2016-07-29 05:37 - 01268466 _____ C:\windows\system32\PerfStringBackup.INI
    2017-05-30 07:37 - 2016-10-14 10:41 - 00003186 _____ C:\windows\System32\Tasks\DropboxOEM
    2017-05-30 07:37 - 2016-10-14 10:41 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB.lnk
    2017-05-30 07:37 - 2016-10-14 10:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2017-05-30 07:33 - 2016-10-14 10:41 - 00000948 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
    2017-05-30 07:33 - 2016-10-14 10:41 - 00000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
    2017-05-30 07:33 - 2016-07-29 05:32 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2017-05-30 07:33 - 2016-07-15 23:04 - 00524288 _____ C:\windows\system32\config\BBI
    2017-05-30 07:31 - 2016-10-14 10:41 - 00004008 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
    2017-05-30 07:31 - 2016-10-14 10:41 - 00003776 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
    2017-05-30 07:16 - 2016-07-16 04:47 - 00000000 ___HD C:\windows\ELAMBKUP
    2017-05-30 07:07 - 2016-07-16 04:47 - 00000000 ____D C:\windows\system32\WinBioDatabase
    2017-05-30 07:03 - 2016-07-16 04:47 - 00000000 ____D C:\windows\appcompat
    2017-05-29 16:54 - 2016-08-23 12:10 - 00000000 ___HD C:\SYSTEM.SAV
    2017-05-29 16:54 - 2016-07-29 05:33 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-05-29 16:49 - 2016-07-16 04:47 - 00000000 ____D C:\windows\rescache
    2017-05-29 16:47 - 2017-03-30 13:54 - 00002252 _____ C:\windows\System32\Tasks\HPJumpStartProvider
    2017-05-29 16:47 - 2017-03-30 13:49 - 00003118 _____ C:\windows\System32\Tasks\Intel PTT EK Recertification
    2017-05-29 16:47 - 2016-10-14 10:41 - 00002488 _____ C:\windows\System32\Tasks\HPAudioSwitch
    2017-05-29 16:47 - 2016-10-14 10:40 - 00002502 _____ C:\windows\System32\Tasks\HPEA3JOBS
    2017-05-29 16:46 - 2016-07-29 06:23 - 00000000 ____D C:\windows\Panther
    2017-05-29 14:37 - 2016-07-29 05:32 - 00000000 ____D C:\windows\system32\SleepStudy
    2017-05-29 13:43 - 2016-07-16 04:45 - 00000000 ____D C:\windows\INF
    2017-05-29 13:22 - 2016-07-15 23:04 - 00032768 _____ C:\windows\system32\config\ELAM
    2017-05-29 11:55 - 2016-10-14 10:40 - 00000000 ____D C:\ProgramData\Apple
    2017-05-29 11:48 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-05-29 11:21 - 2016-07-16 04:47 - 00000000 ____D C:\windows\AppReadiness
    2017-05-29 10:15 - 2016-10-14 10:39 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2017-05-29 10:15 - 2016-10-14 10:38 - 00000000 ____D C:\windows\System32\Tasks\Hewlett-Packard
    2017-05-29 10:09 - 2017-03-30 14:02 - 00000000 ____D C:\ProgramData\McAfee
    2017-05-29 10:09 - 2017-03-30 14:02 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2017-05-29 10:06 - 2017-03-30 13:48 - 00000000 ____D C:\windows\CxSvc
    2017-05-29 10:06 - 2017-03-30 13:46 - 01705080 _____ (TODO: <Company name>) C:\windows\SysWOW64\RebootPrompt.exe
    2017-05-29 10:06 - 2017-03-30 13:45 - 00000000 ____D C:\ProgramData\Conexant
    2017-05-29 10:05 - 2017-03-30 13:46 - 00000000 ____D C:\windows\system32\SRSLabs
    2017-05-29 10:04 - 2017-03-30 14:03 - 00000000 ____D C:\ProgramData\Intel Security
    2017-05-29 10:04 - 2017-03-30 13:45 - 00000000 ____D C:\ProgramData\UIU
    2017-05-14 05:38 - 2016-10-07 04:20 - 01668632 _____ (Conexant Systems Inc.) C:\windows\system32\Drivers\CHDRT64ISST.sys
    2017-05-14 05:38 - 2016-10-07 04:20 - 00558560 _____ (Conexant Systems, Inc.) C:\windows\system32\CX64APO2.dll
    Some files in TEMP:
    ====================
    2016-04-18 01:19 - 2016-04-18 01:19 - 0213072 _____ (McAfee, Inc.) C:\Users\David\AppData\Local\Temp\McCSPInstall.dll
    2017-05-29 10:06 - 2016-04-18 01:19 - 0186504 _____ (McAfee Inc.) C:\Users\David\AppData\Local\Temp\mccspuninstall.exe
    2017-05-29 10:07 - 2017-05-29 10:07 - 0000000 _____ () C:\Users\David\AppData\Local\Temp\{A931522F-E6FA-41CD-9578-4CB7F76E67CA}-DropboxUpdateSetup_1.3.59.1.exe
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
    LastRegBack: 2017-05-29 11:21
    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
    Ran by David (30-05-2017 16:40:05)
    Running from C:\Users\David\Desktop
    Windows 10 Home Version 1607 (X64) (2017-05-29 23:52:29)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-1499518019-2566608915-2627069529-500 - Administrator - Disabled)
    David (S-1-5-21-1499518019-2566608915-2627069529-1001 - Administrator - Enabled) => C:\Users\David
    DefaultAccount (S-1-5-21-1499518019-2566608915-2627069529-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-1499518019-2566608915-2627069529-1000 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-1499518019-2566608915-2627069529-501 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.140.1 - Conexant)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
    CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
    Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
    HP Audio Switch (HKLM-x32\...\{439BB4C2-432F-474A-9EAE-D933E4772FDC}) (Version: 1.0.137.0 - HP Inc.)
    HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{b0ebf7ff-6b1a-4a92-9c85-6915be1962b9}) (Version: 5.1.19895 - HP Inc.)
    HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.)
    HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
    HP Orbit (HKLM-x32\...\{94fe0719-8e44-4833-a106-b54ad117949f}) (Version: 1.0.0.191 - HP Inc.)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
    HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.3.32.23 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.5.32.11 - HP Inc.)
    HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.27 - HP Inc.)
    HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
    HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
    Intel(R) Chipset Device Software (x32 Version: 10.1.1.37 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
    Intel(R) PRO/Wireless Driver (HKLM\...\{3cf6ab50-085a-4bc6-bb96-0f6e68e07958}) (Version: 19.01.0000.4694 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
    Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
    Intel® Integrated Sensor Solution (HKLM-x32\...\{dd334b4b-1f2c-4218-b16c-ad011caa7fe1}) (Version: 3.0.30.1111 - Intel Corporation)
    ISS_Drivers_x64 (Version: 3.0.30.1111 - Intel Corporation) Hidden
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8067.2115 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1499518019-2566608915-2627069529-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Norton Security Suite (HKLM-x32\...\N360) (Version: 22.8.0.50 - Symantec Corporation)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.10 - Synaptics Incorporated)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0476207B-7B54-4F58-824B-472B82FB7C8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {04FC9DEC-B79E-45B7-93AA-600F228C6B83} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-05] (HP Inc.)
    Task: {0E00BAAB-1865-4021-9579-2BE1C078C8F3} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
    Task: {0FBA9CEA-AFB5-4185-A01B-86CADD41AAEB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
    Task: {1B4BA6FB-63F0-4CA5-85AF-F8A06CBB7396} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-05] (HP Inc.)
    Task: {1D58DE31-D55B-474D-9507-3E1E0E193E01} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-30] ()
    Task: {212EC9B6-5507-419F-8B86-D34A4FEEBA6A} - System32\Tasks\HPEA3JOBS => C:\Program
    Task: {22A09A25-5912-4F79-BAC8-B6DE489764B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-08-04] (HP Inc.)
    Task: {3C8CD357-31F5-4A1E-B029-41F9BD9AEDA9} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-08-24] (HP Inc.)
    Task: {4D91B932-6A52-4E0F-A5FC-2313AF91D0AA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {52C3BAFD-B57C-4212-91F1-22AE167A63E7} - System32\Tasks\CRMTaskReminder => c:\Program Files (x86)\HP\HP Registration Service\RegDataUtil.exe [2016-07-12] (HP Inc.)
    Task: {6DEA876E-B097-4E6D-B790-FDC613CFCAAE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
    Task: {6EC799E3-33AD-487D-A92C-105DFC1C08CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-05] (HP Inc.)
    Task: {721E6E07-BC28-4DBF-862A-C65E1BE0F5AC} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\HP\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2016-07-12] (HP Inc.)
    Task: {73A5BF53-7351-402B-9325-0321D930AFD9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-30] (Dropbox, Inc.)
    Task: {811B3731-F998-4831-892E-B08178BDE297} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [2016-08-05] ()
    Task: {840BBE15-5902-4AEA-B94D-485E0C1C2334} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
    Task: {93548DB3-9819-420B-871F-E9DAC33714B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
    Task: {9A2BE4EB-776D-493B-8DBB-8ED0F2A8DC2A} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
    Task: {9AF3D04C-2AFE-4729-B646-CCFA10E205A2} - System32\Tasks\Microsoft\Windows\Conexant\FLOW => C:\Program Files\CONEXANT\FLOW\SACpl.exe [2016-12-01] (Conexant Systems, Inc.)
    Task: {9C6740CA-445B-4CC5-AE64-B65B9E4E22E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-08-05] (HP Inc.)
    Task: {B06B4EAF-6D35-48AC-9D03-F075660E9CBF} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
    Task: {B6418A13-0071-4E54-8A96-54A9A1273547} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
    Task: {B8883FEF-53DD-469A-B366-0926BB3E78CA} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-09-23] (Symantec Corporation)
    Task: {BAF0878A-D933-46AA-AE21-907651219517} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-30] ()
    Task: {DD8B7AED-260C-479C-97F1-82C599EDE18F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-30] (Dropbox, Inc.)
    Task: {F0A84857-B9DD-4BF1-9285-6C155A5FA4F1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
    Task: {F2964518-39A2-44FC-AEF2-6411D2A83B91} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2017-05-14] (Conexant)
    Task: {F4D4E55C-F225-4925-982D-40904BDAAE85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
    Task: {F81B000B-EB06-401D-A0CA-DF699086B708} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-05] (HP Inc.)
    Task: {FF608657-2338-4D1A-86E2-0E9ED9D258F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
    ==================== Loaded Modules (Whitelisted) ==============
    2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\windows\SYSTEM32\ism32k.dll
    2016-10-14 11:31 - 2016-10-14 11:31 - 02681200 _____ () C:\windows\System32\CoreUIComponents.dll
    2016-08-05 14:42 - 2016-08-05 14:42 - 00843800 _____ () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
    2016-10-14 10:42 - 2017-05-30 12:14 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-10-14 11:32 - 2016-10-14 11:32 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
    2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-03-30 13:54 - 2017-03-30 13:54 - 00133632 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\4416462b3a54ef2473cc832d5ed3304a\BRIDGECommon.ni.dll
    2017-03-30 13:54 - 2017-03-30 13:54 - 00110592 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BridgeExtension\96fd89505b3f5dce10e95613cb1c1e9b\BridgeExtension.ni.dll
    2017-03-30 13:54 - 2017-03-30 13:54 - 00068096 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\NativeInterop\4dc08d6c874f1c8fa1dd2154b05081f8\NativeInterop.ni.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2016-07-16 04:47 - 2016-07-16 04:45 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1499518019-2566608915-2627069529-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{E442CFDF-5309-44A0-82CD-A597E9CFB8BF}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
    FirewallRules: [{A0486321-75F4-4671-8AC2-39740D2AC895}] => (Allow) LPort=13148
    FirewallRules: [{4A1B456E-A3D7-402D-AE53-CDF40342543F}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{1DEDEFFB-E295-4A56-BBC7-2A8127E50834}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
    FirewallRules: [{A62FE372-496A-40BF-A5B5-354193B262B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{F67C07A2-2D03-4300-B068-CC32A6401862}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{456C29E4-F342-4722-A57E-B2491956733F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{E92A401E-4A9F-4C3C-B312-92F1299BB8CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{62841C03-0323-4732-AE74-A8B39599B76E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{9DA7BF7C-FDA9-47D2-A362-9A5445FC9B2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{96646DAC-D3F0-4AEC-8421-7E0D426E06AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BC7CB2F6-42CB-49B7-8B07-EEF1A749DB54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C9DD02FB-B87E-42D3-A812-A043B4AA478A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C1BD8B6B-DBE8-42C7-9E4A-BDFB4BA4DADF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    ==================== Restore Points =========================
    29-05-2017 11:55:53 Installed iTunes
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/30/2017 04:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0x2610
    Faulting application start time: 0x01d2d99da3ac97fd
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: 3f55b31e-ea5a-4d53-a09a-7bf48a70fc5a
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 04:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0x1d3c
    Faulting application start time: 0x01d2d99d26574d11
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: cb92f8a3-d4a4-4c01-866f-57cc520caf34
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 04:33:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0x2840
    Faulting application start time: 0x01d2d99d24a9bcfb
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: cf692767-26d2-4af9-bafb-e5675599b074
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 04:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0x14d4
    Faulting application start time: 0x01d2d99cc13dafb9
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: 3faad239-e4fd-4a99-979a-afee7cf3c91e
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 04:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0x1a78
    Faulting application start time: 0x01d2d99cbffedbba
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: 2d78976f-5e6f-4f87-a259-522b4851cd6b
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 04:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0xa30
    Faulting application start time: 0x01d2d99ca858fb49
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: 7e6fcaa7-3d4c-4ffa-ba48-564bd71c4012
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 12:30:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x0000000000049531
    Faulting process id: 0x734
    Faulting application start time: 0x01d2d97b2a0e3407
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: a40f43bf-95a4-4ac2-98d4-a1e6cf42e2e3
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 12:30:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0x90c
    Faulting application start time: 0x01d2d97b2351b14f
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: c4f16585-66f4-4c99-b723-c4d1c7be20d8
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 07:52:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x0000000000049531
    Faulting process id: 0x202c
    Faulting application start time: 0x01d2d9544db11342
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: d8e40f03-3637-41b2-b4e7-8bb2bc5b97fa
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/30/2017 07:51:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.14393.0, time stamp: 0x5789999e
    Faulting module name: CX64APO2.dll, version: 7770.0.0.30034, time stamp: 0x57c3f451
    Exception code: 0xc0000005
    Fault offset: 0x000000000001916c
    Faulting process id: 0x1470
    Faulting application start time: 0x01d2d9543ee42381
    Faulting application path: C:\windows\system32\AUDIODG.EXE
    Faulting module path: C:\windows\system32\CX64APO2.dll
    Report Id: 22729ac9-fabf-4386-8fde-d015abd18671
    Faulting package full name:
    Faulting package-relative application ID:

    System errors:
    =============
    Error: (05/30/2017 04:29:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 04:29:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 04:29:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 12:32:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 12:32:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 12:32:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 12:13:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 12:13:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 12:13:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (05/30/2017 07:37:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    Incorrect function.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
    Percentage of memory in use: 20%
    Total physical RAM: 12160.66 MB
    Available physical RAM: 9705.34 MB
    Total Virtual: 14592.66 MB
    Available Virtual: 12046.28 MB
    ==================== Drives ================================
    Drive c: (Windows) (Fixed) (Total:917.24 GB) (Free:870.8 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:13.04 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
    Partition: GPT.
    ==================== End of Addition.txt ============================
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    Yes, one computer per topic please.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  3. malopr

    malopr Established Techie7 Member

    Sorry to say but the laptop froze. Had to power down and startup again froze again happen three times. So decided to return the laptop to the store for a refund .
    Thank you so much for all you do!!!!!!
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Thank you for letting me know :)