Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Malware, Computer Problems, or ???

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Sun Nov 01, 2015 10:05 am    Post subject: Malware, Computer Problems, or ??? Reply with quote

Been a long time since I was here. Looking for help. My HP desktop PC has been having problems over the last few months, gradually getting worse. Problems in order:

- IE 'jump list' (frequently visited sites) always empty, other than sites visited in current session.
- Frequently logged out of FB and Yahoo, particularly after Windows updates.
- Computer would not stay asleep. Would keep waking up at random times. No monitor display though. I associated this with pending Win 10 updates. I finally updated to Win 10 - like it! - and this isn't as frequent. (Caught one Win 10 "reminder" in the act here.)
- Computer when sleeping would lock up. Took hard reset to bring it back. Got blue screen of death on Win 7; required another start. With Win 10, less frequent and comes right back after hard reset.

Now with Win 10, (still?) getting:

- Very long times to access email: Outlook and Live
- First browser session from restart/wake-up is very slow.
- Norton IS is also slow. Usually takes a couple tries to Open it.
- Hard drive is frequently chattering away when nothing is really happening.
- During those browser, email, or other slow starts, computer overall is very slow. To the point of keystrokes lagging.
- Checks of Task Manager during these slow actions generally show nothing much happening.

NIS is up to date. Ran MalwareBytes; it zapped a few things like Badoo. Kapersky TDSSKiller found nothing.

Here is the DDS log. Any ideas? Thanks.

MaccDuff
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2015 7:12:51 PM
System Uptime: 11/1/2015 11:43:47 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz | CPU 1 | 2800/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 576.187 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.936 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Acrobat Reader DC
Adobe AIR
Adobe Flash Player 19 NPAPI
Adobe Refresh Manager
ANT Drivers Installer x64
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Audacity 1.3.11 (Unicode)
Bonjour
CDBurnerXP
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic VX
CyberLink DVD Suite Deluxe
D3DX10
Default Manager
DirectX for Managed Code Update (Summer 2004)
Elevated Installer
Enhanced Multimedia Keyboard Solution
Estate Planner 2.0
FL 2001 Registration
Free Mp3 Wma Converter V 1.81
Garmin Express
Garmin Express Tray
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hardware Diagnostic Tools
Hoyle Casino '98
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Remote Software
HP Remote Solution
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
iCloud
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iSEEK AnswerWorks English Runtime
iTunes
Java 8 Update 65
Java Auto Updater
Junk Mail filter update
KeePass Password Safe 1.17
LabelPrint
LAME v3.98.2 for Audacity
Lernout & Hauspie TruVoice American English TTS Engine
LG USB Modem driver
LightScribe System Software
Locked Programs
Malwarebytes Anti-Malware version 2.2.0.1024
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.11761.0_neutral_~_8wekyb3d8bbwe (x64)
Microsoft Live Search Toolbar
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 41.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN Music Assistant
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Management
Norton Safe Web Lite
PictureMover
Power2Go
PowerDirector
Python 2.6 pywin32-212
Python 2.6.1
Quicken Family Lawyer 2001
QuickTime 7
Realtek High Definition Audio Driver
Safari
Savings Bond Wizard
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3054987) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085544) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2986254) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085618) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3085615) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3055051) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3055052) 32-Bit Edition
Sierra Utilities
SpywareBlaster 5.2
Symantec Technical Support Web Controls
The Complete Idiot's Guide to Wills and Estates
The Plain-Language Law Dictionary
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wgaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wgaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 wgaiper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
TurboTax 2014
TurboTax 2014 wgaiper
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3085617) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
ViewSonic Monitor Drivers
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
Windows 7 Upgrade Advisor
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 14.0
Yahoo Search Set
.
==== Event Viewer Messages From Past Week ========
.
11/1/2015 8:36:42 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
11/1/2015 8:19:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
11/1/2015 11:55:37 AM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.
11/1/2015 11:51:51 AM, Error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
11/1/2015 11:44:27 AM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/1/2015 11:43:16 AM, Error: Service Control Manager [7031] - The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/31/2015 10:33:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
10/31/2015 10:33:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
10/27/2015 9:39:27 PM, Error: Service Control Manager [7031] - The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/27/2015 9:39:27 PM, Error: Service Control Manager [7031] - The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/27/2015 9:39:27 PM, Error: Service Control Manager [7031] - The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================
Cool Cool Cool [list=] Cool [/list]
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Mon Nov 02, 2015 5:52 pm    Post subject: Another Symptom? Reply with quote

When I started my computer today from hibernation, I initially started reading my email from LiveMail and Outlook. Everything worked great. Emails downloaded immediately. No hard drive chattering. A-OK. Then...

As soon as I opened IE11, here it comes again. Things slowing down. Was downloading several PDF forms; very slow. Hard drive chattering. Task Manager showing nothing.

After about 15-20 minutes, all is well. Computer running fine.

Note: Browser home page is Yahoo, and I have a Yahoo account including email.

Idears?

Cool
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 29 Apr 2017
Posts: 10182
Location: Yorkshire

PostPosted: Tue Nov 03, 2015 1:21 am    Post subject: Reply with quote

DDS is not compatible with Windows 10, so will not report accurately what it finds. Besides you have only posted the Attach.txt log, which is the least informative of the 2 logs DDS produces.

So, to get an idea of what is actually running on your machine I need you to run a different scan for me.


  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.

    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.


_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Tue Nov 03, 2015 5:10 pm    Post subject: Reply with quote

Okay...

Norton Internet Security does NOT like FRST64.exe. At first it was hard to tell because with the slow-reaction in play it's hard to tell anything. But eventually the Norton box popped up saying "FRST64.exe is not safe and has been removed."

I even tried downloading it directly to a flash drive (an approach some other threads suggested) on my (unaffected) laptop. Got the same result there.

I can't find anything out there about NIS and FRST64 being a problem, other than a few random threads.

Do I need to disable NIS to run FRST 64? Understandably one is reluctant to do so unless necessary. Boot in Safe Mode? (Never done that with Win 10.) Both?

Let me know. Thanks.

P.S. Mr. Chatterbox had at it for 20+ minutes before it finally settled down to allow normal computer operations. Irritating.

Cool
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 29 Apr 2017
Posts: 10182
Location: Yorkshire

PostPosted: Tue Nov 03, 2015 10:14 pm    Post subject: Reply with quote

You'll need to disable Norton so that you can run FRST.

Worst comes to worst we may need to uninstall it to make progress.

FRST is not malicious, I know its creator personally. It was designed to run in Normal Mode, so don't run it in Safe Mode. At a pinch it can be run from Recovery Environment, but it doesn't give us anywhere near as much information if it is, so we'll use that option only if everything else fails.

I've no idea why Norton is still detecting FRST as a threat, they've been notified by its creator that it's a tool on more than one occasion, but then Norton have a long, long history of causing problems for other people's tools, and not responding quickly (if at all) when informed about the matter.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Wed Nov 04, 2015 2:40 pm    Post subject: Reply with quote

Well, that was a chore.

First, NIS wouldn't let me disable it until I'd restarted due to a "pending remediation". But I restarted and disabled it, downloaded, and ran. Win10 itself didn't like FRST64, but I proceeded. All this took a lot longer than it should as everything is slow, particularly NIS.

But FRST64 ran and here are the logs.

Thanks for your help.

Cool
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Dan (administrator) on DAN-PC (04-11-2015 17:30:22)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
Failed to access process -> nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DSS] => C:\Windows\BBStore\DSS\dssagent.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-15] (Google Inc.)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-336444471-3341669084-2539979421-1002\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-336444471-3341669084-2539979421-1001\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1e39077d-a730-406b-8939-97290662044f}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {F15A2643-DCA9-498C-9843-A5B74A6BA1A7} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {F15A2643-DCA9-498C-9843-A5B74A6BA1A7} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {F15A2643-DCA9-498C-9843-A5B74A6BA1A7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL =
SearchScopes: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> {D61B46CC-AFCA-4282-A740-841A8C5C5415} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=chr-yset_ie_syc_oracle&type=orcl_default
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-20] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll [2015-09-24] (Microsoft Corporation)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {ED28050F-D713-43BA-A376-DCC5C35407D5} hxxp://entjs.msn.com/client/msnmusax9302.cab

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8s8t3sov.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: NoSquint - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8s8t3sov.default\Extensions\nosquint@urandom.ca.xpi [2015-09-06]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2015-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/","hxxp://www.macon.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-07]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-10-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation)
R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-10-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-10-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-10-28] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-10-28] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20151103.002\IDSvia64.sys [767224 2015-10-19] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-10-20] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151103.008\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151103.008\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek )
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:30 - 2015-11-04 17:34 - 00029130 _____ C:\Users\Dan\Desktop\FRST.txt
2015-11-04 17:27 - 2015-11-04 17:30 - 00000000 ____D C:\FRST
2015-11-04 17:25 - 2015-11-04 17:26 - 02198016 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2015-11-04 17:17 - 2015-11-04 17:17 - 00016148 _____ C:\WINDOWS\system32\DAN-PC_Dan_HistoryPrediction.bin
2015-11-03 19:26 - 2015-11-03 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{A345C298-C1F8-4107-9E21-084DB88CC78D}
2015-11-02 20:14 - 2015-11-02 20:14 - 00000000 ____D C:\Users\Dan\AppData\Local\CEF
2015-11-02 19:59 - 2015-11-02 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{0A9C3E1D-A267-44DB-97BB-627C46C50389}
2015-11-01 13:04 - 2015-11-01 13:10 - 00000000 ____D C:\Users\Dan\Desktop\Security
2015-11-01 12:35 - 2015-11-01 12:35 - 00000000 ____D C:\AdwCleaner
2015-11-01 12:05 - 2015-11-01 12:07 - 00002487 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\Acrobat Reader DC.lnk
2015-11-01 11:03 - 2015-11-03 20:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 11:02 - 2015-11-01 11:02 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-01 11:02 - 2015-11-01 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-01 11:02 - 2015-11-01 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-01 11:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-01 11:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-01 11:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-01 07:48 - 2015-11-01 07:48 - 00007601 _____ C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2015-11-01 07:44 - 2015-11-01 07:44 - 00000000 ____D C:\Users\Dan\AppData\Local\{AF2FE81D-92ED-48D1-930F-2A42D669446B}
2015-10-31 09:37 - 2015-10-31 09:37 - 00000000 ____D C:\Users\Dan\AppData\Local\{8B064D01-5120-4092-875B-9A68C840367D}
2015-10-29 19:15 - 2015-10-27 18:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-29 19:15 - 2015-10-27 18:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-29 19:15 - 2015-10-21 07:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-29 19:15 - 2015-10-21 07:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-29 19:15 - 2015-10-21 07:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-29 19:15 - 2015-10-21 07:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-29 19:15 - 2015-10-21 07:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-29 19:15 - 2015-10-21 07:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-29 19:15 - 2015-10-21 06:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-29 19:15 - 2015-10-21 06:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-29 19:15 - 2015-10-21 06:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-29 19:15 - 2015-10-21 06:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-29 19:15 - 2015-10-21 06:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-29 19:15 - 2015-10-21 06:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-29 19:15 - 2015-10-21 06:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-29 19:15 - 2015-10-21 06:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-29 19:15 - 2015-10-21 06:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-29 19:15 - 2015-10-21 06:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-29 19:15 - 2015-10-21 06:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-29 19:15 - 2015-10-21 06:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-29 19:15 - 2015-10-21 06:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-29 19:15 - 2015-10-21 06:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-29 19:15 - 2015-10-21 06:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-29 19:15 - 2015-10-21 00:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-29 19:15 - 2015-10-21 00:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-29 19:15 - 2015-10-21 00:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-29 19:15 - 2015-10-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-29 19:15 - 2015-10-21 00:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-29 19:15 - 2015-10-21 00:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-29 19:15 - 2015-10-21 00:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-29 19:15 - 2015-10-21 00:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-29 19:15 - 2015-10-20 23:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-29 19:15 - 2015-10-20 23:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-29 19:15 - 2015-10-20 23:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-29 18:59 - 2015-10-29 18:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{1121EC9A-F373-4295-B773-E1074D17E857}
2015-10-28 06:48 - 2015-10-28 06:48 - 03867040 _____ C:\WINDOWS\system32\PortChanger.exe
2015-10-28 06:48 - 2015-10-28 06:48 - 02398112 _____ (Hewlett Packard) C:\WINDOWS\system32\hppldcoi.dll
2015-10-28 06:48 - 2015-10-28 06:48 - 00151968 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4.sys
2015-10-28 06:48 - 2015-10-28 06:48 - 00049056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dot4usb.sys
2015-10-28 06:48 - 2015-10-28 06:48 - 00027040 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4Prt.sys
2015-10-27 20:38 - 2015-10-27 20:38 - 00000000 ____D C:\Users\Dan\AppData\Local\Apple Inc
2015-10-27 20:36 - 2015-10-27 20:36 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-27 20:36 - 2015-10-27 20:36 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\iTunes
2015-10-27 20:36 - 2015-10-27 20:36 - 00000000 ____D C:\Program Files\iPod
2015-10-27 19:54 - 2015-10-27 19:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{1A8B82F0-7490-4D22-BE41-5A1A4BD8CAD5}
2015-10-24 08:52 - 2015-10-24 08:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{169A625B-3878-4F52-9979-BCBF05E6EE7C}
2015-10-22 19:39 - 2015-11-01 08:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-22 18:59 - 2015-10-22 18:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{B692486D-7CA5-407E-AD12-17A5C90EBA3D}
2015-10-21 18:57 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-21 18:56 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-21 18:56 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-21 18:56 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-21 18:56 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-21 18:56 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-21 18:56 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-21 18:56 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-21 18:56 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-21 18:56 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-21 18:56 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-21 18:56 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-21 18:56 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-21 18:56 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-21 18:56 - 2015-09-17 01:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-21 18:56 - 2015-09-17 01:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-21 18:56 - 2015-09-17 01:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-21 18:56 - 2015-09-17 01:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-21 18:56 - 2015-09-17 01:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-21 18:56 - 2015-09-17 01:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-21 18:56 - 2015-09-17 01:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-21 18:56 - 2015-09-17 00:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-21 18:56 - 2015-09-17 00:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-21 18:56 - 2015-09-17 00:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-21 18:56 - 2015-09-17 00:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-21 18:56 - 2015-09-17 00:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-21 18:56 - 2015-09-17 00:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-21 18:56 - 2015-09-17 00:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-21 18:56 - 2015-09-17 00:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-21 18:56 - 2015-09-17 00:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-21 18:55 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-21 18:55 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-21 18:55 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-21 18:55 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-21 18:55 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-21 18:55 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-21 18:55 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-21 18:55 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-21 18:55 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-21 18:55 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-21 18:55 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-21 18:55 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-21 18:55 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-21 18:55 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-21 18:55 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-21 18:55 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-21 18:55 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-21 18:55 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-21 18:55 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-21 18:55 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-21 18:55 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-21 18:55 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-21 18:55 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-21 18:55 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-21 18:55 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-21 18:55 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-21 18:55 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-21 18:55 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-21 18:55 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-21 18:55 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-21 18:55 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-21 18:55 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-21 18:55 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-21 18:55 - 2015-09-19 00:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-21 18:55 - 2015-09-17 01:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-21 18:55 - 2015-09-17 01:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-21 18:55 - 2015-09-17 01:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-21 18:55 - 2015-09-17 01:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-21 18:55 - 2015-09-17 01:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-21 18:55 - 2015-09-17 01:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-21 18:55 - 2015-09-17 01:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-21 18:55 - 2015-09-17 01:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-21 18:55 - 2015-09-17 01:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-21 18:55 - 2015-09-17 01:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-21 18:55 - 2015-09-17 01:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-21 18:55 - 2015-09-17 01:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-21 18:55 - 2015-09-17 01:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-21 18:55 - 2015-09-17 01:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-21 18:55 - 2015-09-17 01:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-21 18:55 - 2015-09-17 01:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-21 18:55 - 2015-09-17 01:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-21 18:55 - 2015-09-17 01:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-21 18:55 - 2015-09-17 01:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-21 18:55 - 2015-09-17 01:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-21 18:55 - 2015-09-17 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-21 18:55 - 2015-09-17 01:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-21 18:55 - 2015-09-17 01:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-21 18:55 - 2015-09-17 01:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-21 18:55 - 2015-09-17 01:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-21 18:55 - 2015-09-17 01:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-21 18:55 - 2015-09-17 01:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-21 18:55 - 2015-09-17 01:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-21 18:55 - 2015-09-17 01:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-21 18:55 - 2015-09-17 01:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-21 18:55 - 2015-09-17 01:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-21 18:55 - 2015-09-17 01:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-21 18:55 - 2015-09-17 01:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-21 18:55 - 2015-09-17 01:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-21 18:55 - 2015-09-17 01:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-21 18:55 - 2015-09-17 01:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-21 18:55 - 2015-09-17 01:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-21 18:55 - 2015-09-17 00:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-21 18:55 - 2015-09-17 00:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-21 18:55 - 2015-09-17 00:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-21 18:55 - 2015-09-17 00:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-21 18:55 - 2015-09-17 00:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-21 18:55 - 2015-09-17 00:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-21 18:55 - 2015-09-17 00:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-21 18:55 - 2015-09-17 00:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-21 18:55 - 2015-09-17 00:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-21 18:55 - 2015-09-17 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-21 18:55 - 2015-09-17 00:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-21 18:55 - 2015-09-17 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-21 18:55 - 2015-09-17 00:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-21 18:55 - 2015-09-17 00:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-21 18:55 - 2015-09-17 00:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-21 18:55 - 2015-09-17 00:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-21 18:55 - 2015-09-17 00:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-21 18:55 - 2015-09-17 00:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-21 18:55 - 2015-09-17 00:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-21 18:55 - 2015-09-17 00:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-21 18:55 - 2015-09-17 00:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-21 18:55 - 2015-09-17 00:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-21 18:55 - 2015-09-17 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-21 18:55 - 2015-09-17 00:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-21 18:55 - 2015-09-17 00:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-21 18:55 - 2015-09-17 00:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-21 18:55 - 2015-09-17 00:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-21 18:55 - 2015-09-17 00:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-21 18:55 - 2015-09-17 00:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-21 18:55 - 2015-09-17 00:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-21 18:55 - 2015-09-17 00:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-21 18:55 - 2015-09-17 00:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-21 18:55 - 2015-09-17 00:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-21 18:55 - 2015-09-17 00:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-21 18:54 - 2015-09-17 01:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-21 18:54 - 2015-09-17 01:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-21 18:54 - 2015-09-17 01:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-21 18:54 - 2015-09-17 01:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-21 18:54 - 2015-09-17 01:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-21 18:54 - 2015-09-17 01:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-21 18:54 - 2015-09-17 00:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-21 18:54 - 2015-09-17 00:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-21 18:54 - 2015-09-17 00:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-21 18:54 - 2015-09-17 00:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-21 18:54 - 2015-09-17 00:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-21 18:54 - 2015-09-17 00:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-21 18:54 - 2015-09-17 00:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-21 18:54 - 2015-09-17 00:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-21 18:54 - 2015-09-17 00:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-21 18:54 - 2015-09-17 00:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-21 18:36 - 2015-10-21 18:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{8968DBCE-9DB9-467E-963C-70BA440FBD41}
2015-10-21 18:20 - 2015-10-21 18:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-20 21:31 - 2015-10-20 18:12 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-20 21:31 - 2015-10-20 17:37 - 00000000 __SHD C:\Recovery
2015-10-20 21:29 - 2015-10-20 21:29 - 00000000 ____D C:\Windows.old
2015-10-20 21:25 - 2015-10-20 21:25 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-10
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Wed Nov 04, 2015 2:40 pm    Post subject: Reply with quote

Well, that was a chore.

First, NIS wouldn't let me disable it until I'd restarted due to a "pending remediation". But I restarted and disabled it, downloaded, and ran. Win10 itself didn't like FRST64, but I proceeded. All this took a lot longer than it should as everything is slow, particularly NIS.

But FRST64 ran and here are the logs.

Thanks for your help.

Cool
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Dan (administrator) on DAN-PC (04-11-2015 17:30:22)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
Failed to access process -> nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [DSS] => C:\Windows\BBStore\DSS\dssagent.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-15] (Google Inc.)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-336444471-3341669084-2539979421-1002\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-336444471-3341669084-2539979421-1001\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1e39077d-a730-406b-8939-97290662044f}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-336444471-3341669084-2539979421-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {F15A2643-DCA9-498C-9843-A5B74A6BA1A7} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {F15A2643-DCA9-498C-9843-A5B74A6BA1A7} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {F15A2643-DCA9-498C-9843-A5B74A6BA1A7} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> {2A46F455-8226-40DA-9F4B-FEF9B5E5E280} URL =
SearchScopes: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> {D61B46CC-AFCA-4282-A740-841A8C5C5415} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=chr-yset_ie_syc_oracle&type=orcl_default
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-20] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-336444471-3341669084-2539979421-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll [2015-09-24] (Microsoft Corporation)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {ED28050F-D713-43BA-A376-DCC5C35407D5} hxxp://entjs.msn.com/client/msnmusax9302.cab

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8s8t3sov.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: NoSquint - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8s8t3sov.default\Extensions\nosquint@urandom.ca.xpi [2015-09-06]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2015-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/","hxxp://www.macon.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-07]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-10-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation)
R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-10-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-10-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-10-28] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-10-28] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20151103.002\IDSvia64.sys [767224 2015-10-19] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-10-20] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151103.008\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151103.008\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek )
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:30 - 2015-11-04 17:34 - 00029130 _____ C:\Users\Dan\Desktop\FRST.txt
2015-11-04 17:27 - 2015-11-04 17:30 - 00000000 ____D C:\FRST
2015-11-04 17:25 - 2015-11-04 17:26 - 02198016 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2015-11-04 17:17 - 2015-11-04 17:17 - 00016148 _____ C:\WINDOWS\system32\DAN-PC_Dan_HistoryPrediction.bin
2015-11-03 19:26 - 2015-11-03 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{A345C298-C1F8-4107-9E21-084DB88CC78D}
2015-11-02 20:14 - 2015-11-02 20:14 - 00000000 ____D C:\Users\Dan\AppData\Local\CEF
2015-11-02 19:59 - 2015-11-02 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{0A9C3E1D-A267-44DB-97BB-627C46C50389}
2015-11-01 13:04 - 2015-11-01 13:10 - 00000000 ____D C:\Users\Dan\Desktop\Security
2015-11-01 12:35 - 2015-11-01 12:35 - 00000000 ____D C:\AdwCleaner
2015-11-01 12:05 - 2015-11-01 12:07 - 00002487 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\Acrobat Reader DC.lnk
2015-11-01 11:03 - 2015-11-03 20:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 11:02 - 2015-11-01 11:02 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-01 11:02 - 2015-11-01 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-01 11:02 - 2015-11-01 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-01 11:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-01 11:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-01 11:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-01 07:48 - 2015-11-01 07:48 - 00007601 _____ C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2015-11-01 07:44 - 2015-11-01 07:44 - 00000000 ____D C:\Users\Dan\AppData\Local\{AF2FE81D-92ED-48D1-930F-2A42D669446B}
2015-10-31 09:37 - 2015-10-31 09:37 - 00000000 ____D C:\Users\Dan\AppData\Local\{8B064D01-5120-4092-875B-9A68C840367D}
2015-10-29 19:15 - 2015-10-27 18:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-29 19:15 - 2015-10-27 18:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-29 19:15 - 2015-10-21 07:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-29 19:15 - 2015-10-21 07:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-29 19:15 - 2015-10-21 07:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-29 19:15 - 2015-10-21 07:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-29 19:15 - 2015-10-21 07:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-29 19:15 - 2015-10-21 07:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-29 19:15 - 2015-10-21 06:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-29 19:15 - 2015-10-21 06:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-29 19:15 - 2015-10-21 06:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-29 19:15 - 2015-10-21 06:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-29 19:15 - 2015-10-21 06:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-29 19:15 - 2015-10-21 06:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-29 19:15 - 2015-10-21 06:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-29 19:15 - 2015-10-21 06:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-29 19:15 - 2015-10-21 06:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-29 19:15 - 2015-10-21 06:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-29 19:15 - 2015-10-21 06:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-29 19:15 - 2015-10-21 06:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-29 19:15 - 2015-10-21 06:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-29 19:15 - 2015-10-21 06:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-29 19:15 - 2015-10-21 06:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-29 19:15 - 2015-10-21 00:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-29 19:15 - 2015-10-21 00:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-29 19:15 - 2015-10-21 00:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-29 19:15 - 2015-10-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-29 19:15 - 2015-10-21 00:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-29 19:15 - 2015-10-21 00:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-29 19:15 - 2015-10-21 00:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-29 19:15 - 2015-10-21 00:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-29 19:15 - 2015-10-20 23:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-29 19:15 - 2015-10-20 23:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-29 19:15 - 2015-10-20 23:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-29 18:59 - 2015-10-29 18:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{1121EC9A-F373-4295-B773-E1074D17E857}
2015-10-28 06:48 - 2015-10-28 06:48 - 03867040 _____ C:\WINDOWS\system32\PortChanger.exe
2015-10-28 06:48 - 2015-10-28 06:48 - 02398112 _____ (Hewlett Packard) C:\WINDOWS\system32\hppldcoi.dll
2015-10-28 06:48 - 2015-10-28 06:48 - 00151968 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4.sys
2015-10-28 06:48 - 2015-10-28 06:48 - 00049056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dot4usb.sys
2015-10-28 06:48 - 2015-10-28 06:48 - 00027040 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4Prt.sys
2015-10-27 20:38 - 2015-10-27 20:38 - 00000000 ____D C:\Users\Dan\AppData\Local\Apple Inc
2015-10-27 20:36 - 2015-10-27 20:36 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-27 20:36 - 2015-10-27 20:36 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\iTunes
2015-10-27 20:36 - 2015-10-27 20:36 - 00000000 ____D C:\Program Files\iPod
2015-10-27 19:54 - 2015-10-27 19:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{1A8B82F0-7490-4D22-BE41-5A1A4BD8CAD5}
2015-10-24 08:52 - 2015-10-24 08:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{169A625B-3878-4F52-9979-BCBF05E6EE7C}
2015-10-22 19:39 - 2015-11-01 08:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-22 18:59 - 2015-10-22 18:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{B692486D-7CA5-407E-AD12-17A5C90EBA3D}
2015-10-21 18:57 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-21 18:56 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-21 18:56 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-21 18:56 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-21 18:56 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-21 18:56 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-21 18:56 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-21 18:56 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-21 18:56 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-21 18:56 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-21 18:56 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-21 18:56 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-21 18:56 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-21 18:56 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-21 18:56 - 2015-09-17 01:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-21 18:56 - 2015-09-17 01:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-21 18:56 - 2015-09-17 01:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-21 18:56 - 2015-09-17 01:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-21 18:56 - 2015-09-17 01:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-21 18:56 - 2015-09-17 01:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-21 18:56 - 2015-09-17 01:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-21 18:56 - 2015-09-17 00:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-21 18:56 - 2015-09-17 00:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-21 18:56 - 2015-09-17 00:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-21 18:56 - 2015-09-17 00:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-21 18:56 - 2015-09-17 00:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-21 18:56 - 2015-09-17 00:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-21 18:56 - 2015-09-17 00:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-21 18:56 - 2015-09-17 00:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-21 18:56 - 2015-09-17 00:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-21 18:55 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-21 18:55 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-21 18:55 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-21 18:55 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-21 18:55 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-21 18:55 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-21 18:55 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-21 18:55 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-21 18:55 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-21 18:55 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-21 18:55 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-21 18:55 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-21 18:55 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-21 18:55 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-21 18:55 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-21 18:55 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-21 18:55 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-21 18:55 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-21 18:55 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-21 18:55 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-21 18:55 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-21 18:55 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-21 18:55 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-21 18:55 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-21 18:55 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-21 18:55 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-21 18:55 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-21 18:55 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-21 18:55 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-21 18:55 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-21 18:55 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-21 18:55 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-21 18:55 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-21 18:55 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-21 18:55 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-21 18:55 - 2015-09-19 00:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-21 18:55 - 2015-09-17 01:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-21 18:55 - 2015-09-17 01:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-21 18:55 - 2015-09-17 01:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-21 18:55 - 2015-09-17 01:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-21 18:55 - 2015-09-17 01:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-21 18:55 - 2015-09-17 01:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-21 18:55 - 2015-09-17 01:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-21 18:55 - 2015-09-17 01:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-21 18:55 - 2015-09-17 01:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-21 18:55 - 2015-09-17 01:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-21 18:55 - 2015-09-17 01:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-21 18:55 - 2015-09-17 01:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-21 18:55 - 2015-09-17 01:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-21 18:55 - 2015-09-17 01:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-21 18:55 - 2015-09-17 01:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-21 18:55 - 2015-09-17 01:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-21 18:55 - 2015-09-17 01:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-21 18:55 - 2015-09-17 01:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-21 18:55 - 2015-09-17 01:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-21 18:55 - 2015-09-17 01:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-21 18:55 - 2015-09-17 01:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-21 18:55 - 2015-09-17 01:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-21 18:55 - 2015-09-17 01:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-21 18:55 - 2015-09-17 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-21 18:55 - 2015-09-17 01:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-21 18:55 - 2015-09-17 01:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-21 18:55 - 2015-09-17 01:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-21 18:55 - 2015-09-17 01:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-21 18:55 - 2015-09-17 01:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-21 18:55 - 2015-09-17 01:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-21 18:55 - 2015-09-17 01:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-21 18:55 - 2015-09-17 01:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-21 18:55 - 2015-09-17 01:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-21 18:55 - 2015-09-17 01:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-21 18:55 - 2015-09-17 01:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-21 18:55 - 2015-09-17 01:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-21 18:55 - 2015-09-17 01:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-21 18:55 - 2015-09-17 01:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-21 18:55 - 2015-09-17 01:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-21 18:55 - 2015-09-17 01:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-21 18:55 - 2015-09-17 00:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-21 18:55 - 2015-09-17 00:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-21 18:55 - 2015-09-17 00:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-21 18:55 - 2015-09-17 00:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-21 18:55 - 2015-09-17 00:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-21 18:55 - 2015-09-17 00:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-21 18:55 - 2015-09-17 00:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-21 18:55 - 2015-09-17 00:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-21 18:55 - 2015-09-17 00:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-21 18:55 - 2015-09-17 00:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-21 18:55 - 2015-09-17 00:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-21 18:55 - 2015-09-17 00:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-21 18:55 - 2015-09-17 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-21 18:55 - 2015-09-17 00:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-21 18:55 - 2015-09-17 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-21 18:55 - 2015-09-17 00:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-21 18:55 - 2015-09-17 00:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-21 18:55 - 2015-09-17 00:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-21 18:55 - 2015-09-17 00:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-21 18:55 - 2015-09-17 00:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-21 18:55 - 2015-09-17 00:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-21 18:55 - 2015-09-17 00:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-21 18:55 - 2015-09-17 00:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-21 18:55 - 2015-09-17 00:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-21 18:55 - 2015-09-17 00:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-21 18:55 - 2015-09-17 00:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-21 18:55 - 2015-09-17 00:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-21 18:55 - 2015-09-17 00:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-21 18:55 - 2015-09-17 00:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-21 18:55 - 2015-09-17 00:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-21 18:55 - 2015-09-17 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-21 18:55 - 2015-09-17 00:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-21 18:55 - 2015-09-17 00:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-21 18:55 - 2015-09-17 00:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-21 18:55 - 2015-09-17 00:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-21 18:55 - 2015-09-17 00:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-21 18:55 - 2015-09-17 00:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-21 18:55 - 2015-09-17 00:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-21 18:55 - 2015-09-17 00:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-21 18:55 - 2015-09-17 00:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-21 18:55 - 2015-09-17 00:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-21 18:55 - 2015-09-17 00:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-21 18:54 - 2015-09-17 01:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-21 18:54 - 2015-09-17 01:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-21 18:54 - 2015-09-17 01:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-21 18:54 - 2015-09-17 01:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-21 18:54 - 2015-09-17 01:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-21 18:54 - 2015-09-17 01:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-21 18:54 - 2015-09-17 00:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-21 18:54 - 2015-09-17 00:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-21 18:54 - 2015-09-17 00:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-21 18:54 - 2015-09-17 00:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-21 18:54 - 2015-09-17 00:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-21 18:54 - 2015-09-17 00:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-21 18:54 - 2015-09-17 00:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-21 18:54 - 2015-09-17 00:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-21 18:54 - 2015-09-17 00:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-21 18:54 - 2015-09-17 00:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-21 18:36 - 2015-10-21 18:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{8968DBCE-9DB9-467E-963C-70BA440FBD41}
2015-10-21 18:20 - 2015-10-21 18:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-20 21:31 - 2015-10-20 18:12 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-20 21:31 - 2015-10-20 17:37 - 00000000 __SHD C:\Recovery
2015-10-20 21:29 - 2015-10-20 21:29 - 00000000 ____D C:\Windows.old
2015-10-20 21:25 - 2015-10-20 21:25 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-10
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 29 Apr 2017
Posts: 10182
Location: Yorkshire

PostPosted: Wed Nov 04, 2015 3:11 pm    Post subject: Reply with quote

As you can see, FRST logs are long, and unfortunately they have been cut short by the forum post size limiter.

Because of that I'm going to need you to post me things in sections.

No need to post again the section that you've already posted twice.

Please just post me the bottom section of FRST.txt starting from the line ....

2015-10-20 21:25 - 2015-10-20 21:25 - 00008192 _____ C:\WINDOWS\system32\config\userdiff

... then in a separate post (post not topic) post me the Addition.txt log (it's usually shorter so will probably fit into one post).
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Wed Nov 04, 2015 4:19 pm    Post subject: FRST Logs Reply with quote

2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\Program Files\MSBuild
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-20 21:22 - 2015-10-20 21:22 - 00000000 ____D C:\inetpub
2015-10-20 21:22 - 2015-10-20 17:58 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-20 21:21 - 2015-06-17 21:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-10-20 21:21 - 2015-06-17 21:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-20 21:21 - 2015-06-17 21:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-10-20 21:21 - 2015-05-30 00:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-10-20 21:21 - 2015-05-30 00:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-20 21:21 - 2015-05-30 00:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-10-20 20:52 - 2015-10-20 20:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-20 20:22 - 2015-10-20 20:22 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-10-20 20:22 - 2015-10-20 20:22 - 00000000 ____D C:\Users\DefaultAppPool
2015-10-20 20:22 - 2015-10-20 17:55 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 20:22 - 2015-10-20 17:55 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-10-20 20:22 - 2015-10-20 17:55 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-10-20 20:22 - 2015-07-30 17:42 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-20 20:22 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-20 20:22 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-20 20:22 - 2015-07-30 17:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-20 20:22 - 2009-07-15 09:22 - 00001338 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2015-10-20 18:43 - 2015-10-20 18:43 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2015-10-20 18:42 - 2014-09-22 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALCK.DLL
2015-10-20 18:41 - 2015-10-20 18:41 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-10-20 18:41 - 2014-09-10 04:00 - 00406528 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCK.DLL
2015-10-20 18:38 - 2015-10-20 18:39 - 00000000 ____D C:\Users\Dan\AppData\Local\Comms
2015-10-20 18:28 - 2015-11-04 17:11 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52708362-8ED6-4C9B-B6DC-4070E3BC8F8A}
2015-10-20 18:26 - 2015-10-20 18:26 - 00000000 ____D C:\Users\Dan\AppData\Local\MicrosoftEdge
2015-10-20 18:24 - 2015-10-20 18:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{CA46175C-1C8D-4BDD-8D23-F46E5D721C09}
2015-10-20 18:23 - 2015-10-20 18:23 - 00001390 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\Windows Live Mail.lnk
2015-10-20 18:20 - 2015-10-26 18:41 - 00002330 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-20 18:20 - 2015-10-26 18:41 - 00000000 ___RD C:\Users\Dan\OneDrive
2015-10-20 18:17 - 2015-10-20 18:17 - 00000000 ____D C:\Users\Dan\AppData\Local\Publishers
2015-10-20 18:15 - 2015-10-20 18:15 - 00000000 ____D C:\Users\Dan\AppData\Local\NetworkTiles
2015-10-20 18:13 - 2015-10-21 18:59 - 00000000 ____D C:\Users\Dan\AppData\Local\Packages
2015-10-20 18:13 - 2015-10-20 18:13 - 00000632 __RSH C:\Users\Dan\ntuser.pol
2015-10-20 18:13 - 2015-10-20 18:13 - 00000020 ___SH C:\Users\Dan\ntuser.ini
2015-10-20 18:13 - 2015-10-20 18:13 - 00000000 ____D C:\Users\Dan\AppData\Local\TileDataLayer
2015-10-20 17:55 - 2015-10-20 17:55 - 00001606 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\Windows Media Player.lnk
2015-10-20 17:55 - 2015-10-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-10-20 17:55 - 2015-10-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-10-20 17:55 - 2015-10-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-10-20 17:55 - 2015-10-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-10-20 17:46 - 2015-10-20 17:46 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-10-20 17:39 - 2015-10-20 18:20 - 00000000 ____D C:\Users\Dan
2015-10-20 17:39 - 2015-10-20 18:13 - 00000000 ___RD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 17:39 - 2015-10-20 18:09 - 00000000 ____D C:\Users\Pam
2015-10-20 17:39 - 2015-10-20 18:09 - 00000000 ____D C:\Users\Kids
2015-10-20 17:39 - 2015-10-20 18:08 - 00000000 ____D C:\Users\AdMan
2015-10-20 17:39 - 2015-10-20 17:45 - 00000000 ___RD C:\Users\AdMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 17:39 - 2015-10-20 17:41 - 00000000 ___RD C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 17:39 - 2015-10-20 17:40 - 00000000 ___RD C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 __RSD C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 __RSD C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 __RSD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 __RSD C:\Users\AdMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\AdMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\AdMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-20 17:39 - 2015-07-30 17:42 - 00000000 ____D C:\Users\AdMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-20 17:38 - 2015-11-03 19:46 - 01009602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-20 17:38 - 2015-10-20 17:38 - 00961296 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-10-20 17:37 - 2015-10-20 17:38 - 00021209 _____ C:\WINDOWS\iis.log
2015-10-20 17:35 - 2015-10-20 17:35 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-20 17:35 - 2015-10-20 17:35 - 00000000 ____D C:\Program Files\Realtek
2015-10-20 17:34 - 2015-10-20 17:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-20 17:33 - 2015-10-20 17:34 - 00024087 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-10-20 17:03 - 2015-03-27 16:33 - 00000001 ___SH C:\BOOTNXT
2015-10-19 18:30 - 2015-10-19 18:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{03F40C57-0648-4ADF-91B4-3568B7B0E027}
2015-10-18 11:36 - 2015-10-18 11:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{C26F7A9D-2C2B-4E6B-AFB2-64CE8330E130}
2015-10-17 09:54 - 2015-10-17 09:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{B2B61335-7498-4F0D-A089-A3D0AC3CB828}
2015-10-16 13:12 - 2015-10-16 13:12 - 00000000 ____D C:\Users\Dan\AppData\Local\{EAF946D7-4403-46B9-9B11-A88ACD1BA60F}
2015-10-15 18:33 - 2015-10-15 18:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{16FB146B-4497-4CA4-AD74-3ED16FF5BBE0}
2015-10-14 18:45 - 2015-10-14 18:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{667DB3AF-BE09-4AFE-B40E-B75AD39FBF2F}
2015-10-13 21:19 - 2015-10-13 21:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{A41C999B-BF1E-402A-BBD5-11CEA716FBB8}
2015-10-13 14:53 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-10-13 14:53 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2015-10-13 14:53 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2015-10-13 14:52 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 14:51 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-12 17:27 - 2015-10-12 17:27 - 00000000 ____D C:\Users\Dan\AppData\Local\{FB994F75-3927-4E5F-AC7D-086773CA9C73}
2015-10-10 11:48 - 2015-10-10 11:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{88E9EF76-E544-41D3-A69B-F5EA1A57C085}
2015-10-09 19:33 - 2015-10-09 19:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{97CE4DD6-9A5A-44BE-B043-886CD676539A}
2015-10-08 18:22 - 2015-10-08 18:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{BE594D8B-2FAF-4D14-88A6-9C426B557591}
2015-10-08 00:21 - 2015-11-04 17:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-10-07 20:30 - 2015-10-07 20:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{25B8B810-7379-4B4E-8838-B4D2C0A5EFFE}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:32 - 2010-01-23 16:31 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-04 17:22 - 2010-02-26 09:35 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 17:22 - 2009-10-23 07:57 - 00003744 _____ C:\WINDOWS\System32\Tasks\HP Health Check
2015-11-04 17:18 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-04 17:17 - 2015-07-30 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-04 17:17 - 2010-02-26 09:35 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 17:16 - 2015-09-10 00:32 - 00008958 _____ C:\WINDOWS\PFRO.log
2015-11-04 17:16 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-04 17:15 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-04 17:12 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-03 22:00 - 2012-04-18 19:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-03 20:15 - 2015-08-25 19:56 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-03 20:15 - 2009-07-15 09:15 - 00000000 ____D C:\ProgramData\Temp
2015-11-03 20:14 - 2010-04-25 10:12 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-11-03 19:44 - 2015-07-30 16:50 - 00030337 _____ C:\WINDOWS\setupact.log
2015-11-02 20:14 - 2014-09-03 18:39 - 00000000 ____D C:\Users\Dan\AppData\Local\Adobe
2015-11-01 12:20 - 2010-01-17 12:10 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-11-01 12:05 - 2015-01-06 20:13 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-01 12:05 - 2010-01-15 17:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-01 12:04 - 2010-01-15 17:43 - 00000000 ____D C:\ProgramData\Adobe
2015-11-01 11:28 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\Vss
2015-11-01 08:58 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-01 08:20 - 2015-09-04 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-30 02:32 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-29 19:06 - 2015-07-30 17:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-27 20:38 - 2013-10-20 10:27 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\iCloud
2015-10-27 20:38 - 2010-11-15 20:52 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2015-10-27 20:36 - 2015-03-06 15:30 - 00000000 ____D C:\Program Files\iTunes
2015-10-27 20:36 - 2010-02-01 19:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-27 20:36 - 2010-01-15 09:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-22 05:57 - 2015-07-30 16:49 - 00363320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-22 02:36 - 2015-07-30 17:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-22 02:36 - 2015-07-30 17:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-22 02:36 - 2015-07-30 17:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-22 02:36 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-22 02:36 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-22 02:36 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-22 02:36 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-21 18:04 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-20 21:31 - 2015-07-30 17:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-20 21:22 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-20 21:22 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-20 21:22 - 2015-07-10 00:13 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-10-20 21:22 - 2015-07-10 00:02 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-10-20 21:22 - 2015-07-09 22:36 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-10-20 21:22 - 2015-07-09 22:36 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-10-20 21:22 - 2015-07-09 22:36 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-10-20 21:22 - 2015-07-09 22:36 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-10-20 21:22 - 2015-07-09 22:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-10-20 21:22 - 2015-07-09 22:36 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-10-20 21:22 - 2015-07-09 22:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-10-20 21:22 - 2015-07-09 22:26 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-10-20 21:22 - 2015-07-09 22:25 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-10-20 21:22 - 2015-07-09 22:25 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-10-20 21:22 - 2015-07-09 22:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-10-20 21:22 - 2015-07-09 22:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-10-20 21:22 - 2015-07-09 22:25 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-10-20 21:22 - 2015-07-09 22:25 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-10-20 21:22 - 2015-07-09 22:25 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-10-20 21:22 - 2015-07-09 22:25 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-10-20 21:22 - 2015-07-09 22:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-10-20 21:22 - 2015-07-09 22:20 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-10-20 18:50 - 2010-01-23 16:45 - 00104968 _____ C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-20 18:44 - 2013-10-20 10:15 - 00000000 ____D C:\ProgramData\Oracle
2015-10-20 18:43 - 2015-08-30 10:06 - 00000000 ____D C:\Users\Dan\.oracle_jre_usage
2015-10-20 18:43 - 2014-10-24 08:42 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-20 18:43 - 2010-01-25 19:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-20 18:10 - 2010-01-23 15:02 - 00023766 _____ C:\WINDOWS\diagerr.xml
2015-10-20 18:10 - 2010-01-23 15:02 - 00022845 _____ C:\WINDOWS\diagwrn.xml
2015-10-20 18:09 - 2015-09-15 21:42 - 00003664 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-10-20 18:09 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\Registration
2015-10-20 18:09 - 2015-02-20 11:00 - 00003434 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-20 18:09 - 2014-04-09 02:25 - 00003778 _____ C:\WINDOWS\System32\Tasks\Ad-Aware Update (Weekly)
2015-10-20 18:09 - 2013-04-01 19:37 - 00003298 _____ C:\WINDOWS\System32\Tasks\{507F457B-1CDE-45C5-9312-3803B7E41160}
2015-10-20 18:09 - 2013-01-20 11:15 - 00003282 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDan
2015-10-20 18:09 - 2012-04-18 19:12 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-20 18:09 - 2010-02-26 09:35 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-20 18:09 - 2010-02-26 09:35 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-20 18:09 - 2010-01-23 17:10 - 00003274 _____ C:\WINDOWS\System32\Tasks\DVDAgent
2015-10-20 18:09 - 2010-01-23 17:05 - 00003310 _____ C:\WINDOWS\System32\Tasks\CLMLSvc
2015-10-20 18:09 - 2010-01-23 16:24 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-10-20 18:09 - 2010-01-23 15:14 - 00012518 _____ C:\WINDOWS\comsetup.log
2015-10-20 18:08 - 2015-07-30 17:42 - 00000000 __RSD C:\WINDOWS\Media
2015-10-20 18:08 - 2015-07-30 17:42 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-20 18:02 - 2015-07-30 17:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-20 17:58 - 2015-09-15 21:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\Garmin
2015-10-20 17:58 - 2015-09-10 00:19 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-20 17:58 - 2015-06-06 11:30 - 00000000 ____D C:\Users\AdMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-20 17:58 - 2015-01-18 10:35 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\TurboTax 2014
2015-10-20 17:58 - 2014-01-25 12:10 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\TurboTax 2013
2015-10-20 17:58 - 2013-09-13 02:02 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\Microsoft Office
2015-10-20 17:58 - 2013-05-25 09:28 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\QuickTime
2015-10-20 17:58 - 2013-03-14 02:02 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K\Programs\Microsoft Silverlight
2015-10-20 17:58 - 2013-02-05 17:25 - 00000000 ____D C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-20 17:58 - 2013-01-21 09:44 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-20 17:58 - 2012-11-23 09:36 - 00000000 ___RD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\$R5EBS6K
2015-10-20 17:58 - 2012-04-18 17:58 - 00000000 ____D C:\WINDOWS\en
2015-10-20 17:58 - 2009-07-15 09:41 - 00000000 ____D C:\WINDOWS\SysWOW64\oem
2015-10-20 17:55 - 2015-07-30 17:43 - 00005306 _____ C:\WINDOWS\DtcInstall.log
2015-10-20 17:55 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 17:55 - 2015-07-30 17:42 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 17:55 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default.migrated
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-20 17:48 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-20 17:48 - 2012-07-28 12:18 - 00000000 ____D C:\WINDOWS\SysWOW64\Parsons
2015-10-20 17:48 - 2011-06-29 18:27 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-10-20 17:48 - 2010-01-16 15:05 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-10-20 17:48 - 2010-01-15 18:04 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-10-20 17:48 - 2009-07-26 23:58 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-10-20 17:48 - 2009-07-15 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\x64
2015-10-20 17:48 - 2009-07-15 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Lang
2015-10-20 17:48 - 2006-11-02 10:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Branding
2015-10-20 17:48 - 2006-11-02 08:34 - 00000000 ____D C:\WINDOWS\system32\RemInst
2015-10-20 17:47 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\schemas
2015-10-20 17:47 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-20 17:47 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-20 17:47 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\IME
2015-10-20 17:47 - 2006-11-02 10:15 - 00000000 ____D C:\WINDOWS\system32\Branding
2015-10-20 17:46 - 2015-07-30 17:47 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-10-20 17:46 - 2015-07-30 17:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-20 17:46 - 2015-07-30 17:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-20 17:46 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\Help
2015-10-20 17:46 - 2015-07-30 17:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-20 17:46 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-10-20 17:46 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-10-20 17:45 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-20 17:45 - 2006-11-02 08:34 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-20 17:44 - 2010-04-25 10:15 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security
2015-10-20 17:37 - 2015-07-10 04:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-20 17:33 - 2015-07-10 04:47 - 00000000 __RHD C:\Users\Default
2015-10-20 17:04 - 2009-07-15 09:09 - 00008192 __RSH C:\BOOTSECT.BAK
2015-10-20 16:52 - 2010-01-23 16:02 - 00019344 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-20 16:52 - 2010-01-23 16:02 - 00019344 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-20 16:48 - 2015-09-10 01:58 - 00000000 ___HD C:\$Windows.~BT
2015-10-20 06:13 - 2013-11-05 19:02 - 445836359 _____ C:\WINDOWS\MEMORY.DMP
2015-10-17 22:26 - 2013-08-15 02:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-17 22:15 - 2010-02-13 10:52 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-17 22:14 - 2010-01-13 16:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 22:10 - 2015-07-30 17:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 22:10 - 2015-07-30 17:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-08 00:21 - 2015-02-20 11:00 - 00002409 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-10-08 00:21 - 2015-02-20 10:59 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2015-10-08 00:09 - 2013-01-12 14:33 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDan.job

==================== Files in the root of some directories =======

2012-09-09 17:58 - 2012-12-04 07:40 - 0003584 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-01 07:48 - 2015-11-01 07:48 - 0007601 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2012-01-26 18:39 - 2015-01-18 10:36 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 10:05

==================== End of FRST.txt ============================
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Wed Nov 04, 2015 4:20 pm    Post subject: Addition.Txt Reply with quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by Dan (2015-11-04 17:36:19)
Running from C:\Users\Dan\Desktop
Windows 10 Home (X64) (2015-10-20 23:12:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

AdMan (S-1-5-21-336444471-3341669084-2539979421-1003 - Administrator - Enabled)
Administrator (S-1-5-21-336444471-3341669084-2539979421-500 - Administrator - Disabled)
Dan (S-1-5-21-336444471-3341669084-2539979421-1000 - Administrator - Enabled) => C:\Users\Dan
DefaultAccount (S-1-5-21-336444471-3341669084-2539979421-503 - Limited - Disabled)
Guest (S-1-5-21-336444471-3341669084-2539979421-501 - Limited - Disabled)
Kids (S-1-5-21-336444471-3341669084-2539979421-1002 - Limited - Enabled)
Pam (S-1-5-21-336444471-3341669084-2539979421-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 2.2.5 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}) (Version: 1.2.33.353 - ArcSoft)
Audacity 1.3.11 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
Estate Planner 2.0 (HKLM-x32\...\Estate Planner 2.0) (Version: - )
FL 2001 Registration (HKLM-x32\...\FL 2001 Registration) (Version: - )
Free Mp3 Wma Converter V 1.81 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: - )
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Hoyle Casino '98 (HKLM-x32\...\Hoyle Casino '9Cool (Version: - )
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3206 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{818ABC3C-635C-4651-8183-D0E9640B7DD1}) (Version: 5.002.001.004 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.17 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.17 - Dominik Reichl)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
LAME v3.98.2 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Locked Programs (HKLM-x32\...\Locked Programs) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSN Music Assistant (HKLM-x32\...\MSN Music Assistant) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.4.24 - Symantec Corporation)
Norton Management (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 1.2.0.6 - Symantec Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
Quicken Family Lawyer 2001 (HKLM-x32\...\Quicken Family Lawyer 2001) (Version: - )
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Savings Bond Wizard (HKLM-x32\...\Savings Bond Wizard) (Version: - )
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Symantec Technical Support Web Controls (HKLM-x32\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
The Complete Idiot's Guide to Wills and Estates (HKLM-x32\...\The Complete Idiot's Guide to Wills and Estates) (Version: - )
The Plain-Language Law Dictionary (HKLM-x32\...\The Plain-Language Law Dictionary) (Version: - )
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-336444471-3341669084-2539979421-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02859F28-E497-46CA-8A27-3B39766CA58A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {05486304-8EF3-481A-9670-26FFB0E87EBD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {064C09B1-9218-41AA-AC02-02081B707EBF} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {1AF0D6C6-4890-4CF3-B1B9-650AE8A9E965} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1FB59F77-4C08-4F52-A824-261B99FC395D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {23D2BE8B-800F-4191-8A83-95829E89FF0E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {2F4F4A53-FBD5-4ED0-A0E2-77C65481EBB5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {36096251-25CA-4322-B5C2-0E407E25A40C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {3B3B12AB-4DB5-4C5C-9263-7BA1627A786B} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {3B5E56EF-CDB0-4EDF-958D-534F6031263E} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {3FE9B074-7334-4DE8-8E88-D802B10736EF} - System32\Tasks\HPCeeScheduleForDan => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-24] (Hewlett-Packard)
Task: {41EBFFF1-E275-4B47-ACEB-F5B75306DAE9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {460C765D-C74E-488B-852F-1CC8110B0CB2} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {46B2364C-6940-416E-A2B8-E021DEF67AE5} - System32\Tasks\{507F457B-1CDE-45C5-9312-3803B7E41160} => pcalua.exe -a C:\Users\Dan\Favorites\Downloads\gimp_a0.exe -d C:\Users\Dan\Favorites\Downloads
Task: {484EE9C0-CC2F-4299-A4F1-D4140AF7088E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4D6B8F0D-15BB-405D-AFC6-B8EB0B1DFDD0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {4F8C0AD9-2752-45D5-9681-03E2A9B38B9D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5392A0D2-1D49-427B-94EE-31F36184EF6B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A678F51-02AC-4ECD-B6B7-0C6547635C1E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {6BBC3763-1781-423D-8080-8BBDAAC46BCC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6E95FFED-0191-4E6F-887C-3BFE23C6E4F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {83DB902F-7669-497D-A81E-569AE480CCAF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {8438532C-9E95-4D8C-904E-BF7BA602929A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8EC93D0E-344C-4832-AE5A-3FFB28D638EF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9A31C642-B1C1-4ECA-AD09-32A37AF1F5BE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9ABAE3DF-63A4-4954-BBCC-933B4AE2985A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A6522CF0-4EEA-48F6-88F1-A669F7DC4D80} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A6D7EF57-5D77-451C-9C8C-13CB2C41A23C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B862E75C-E9B4-4992-8C65-F3988C08FBAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B93E73FA-E26D-4BDE-B337-E79FBDF5232E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B97F7400-E28C-40B2-A2B8-BA5AE7593417} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BB51BDC6-3836-4F72-A02C-7BAA49B5E112} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {C07B1338-15BF-43B6-A5F8-5A596381719B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C0FBEA4A-F0B4-4789-B139-6F54A47157E1} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-03-26] ()
Task: {C57C17EE-4C7A-4821-B08A-A0F4D92E4D91} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {CA672FE1-8190-4A6D-8FC8-B4C8085B1B1A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D2805143-6383-42AA-BC19-27449BB0C83A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-06] (CyberLink)
Task: {D40A8EDD-FBD3-4A11-920F-A6AD5D90D1D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D9829FFB-A7DC-477F-BD49-DD7E140AC9CA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D993BBA4-BEAE-4E68-87B0-4BF54945DEBD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {DC054B64-1AF0-4183-BB91-EE43663CF08C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1F26C8A-FCD0-4F0E-901A-81E2F1FBD697} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E2A86E76-A2B9-4DF3-B05F-9946F6DB8082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {E70E9042-74A0-47FE-B3EF-18B4DF57282B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EA24677A-B4D2-4683-99E7-C1B0390A07D7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {ECBDF1CB-F425-4212-B3C0-5F2137A84D46} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F1A2B373-9FA9-42FA-B952-8EF353CA1242} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {F599260A-BA09-43AD-BC6D-F35599E31C16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F93CE046-A03A-4245-8250-A87D6A1E57B5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {FAAD9334-4402-4492-B2AC-4DE35410C949} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FECB6BFC-533C-4B41-83C0-BFBA6E8C2595} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FF6316DC-5B46-4BB5-A636-986BE9181C59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDan.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-21 18:56 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-21 18:55 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-21 18:56 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-21 18:54 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-21 18:55 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-21 18:56 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-02-06 15:11 - 2009-02-06 15:11 - 00172032 _____ () C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
2009-02-06 15:11 - 2009-02-06 15:11 - 00385024 _____ () C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2009-05-26 03:36 - 2009-05-26 03:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 02641760 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2009-08-06 03:08 - 2009-08-06 03:08 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-20 17:46 - 2015-10-20 17:46 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2015-10-20 17:46 - 2015-10-20 17:46 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2015-10-20 17:46 - 2015-10-20 17:46 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-336444471-3341669084-2539979421-1000\...\1001movie.com -> 1001movie.com

There are 6092 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-336444471-3341669084-2539979421-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\Pictures\Vacations\New England\IMG_0215.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{9F76EACA-EC2F-4676-B2B4-CBAAAD382AEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4B30A6A-DEE7-46A9-AC5D-14E469C60986}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{366B81FD-320C-4C79-9AE5-7570F13512DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE2D69E0-24E0-40C9-BEB9-D06ADAEAA782}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B635DD57-153E-4B86-866E-563532EFE50F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA334DF1-7459-4DC5-BC1C-C817D9DC262D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{592D0CD3-62D1-4102-9FEA-1D9C344C41DA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E81B2CD9-DC2A-4A93-BDD4-2D08FEB59F15}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2F95299A-13D0-4DE6-9290-6C9377CD9AC3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{92541E80-FB27-48DB-8109-5217F9CAA6F3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8E47FA74-A5EF-4026-8E12-C26638B0560B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C8E49FDC-CC63-4A3D-82E7-A5E455F68408}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{86C6C0B1-2551-4BFB-A9E8-E272ACE14DBB}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS40F3\hppiw.exe
FirewallRules: [{2FA7470F-7820-444E-9F7B-CCA22AF43E2B}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS40F3\hppiw.exe
FirewallRules: [{CF373461-E823-43E3-974D-06576939103A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS6411\HPDiagnosticCoreUI.exe
FirewallRules: [{3BCA41EE-69F9-4C2A-ABAA-F410C75ABE43}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS6411\HPDiagnosticCoreUI.exe
FirewallRules: [{A0B0527C-2FA4-47FD-A6C0-4F7777C91429}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS59DA\hppiw.exe
FirewallRules: [{CDA4E1BF-A980-4D00-997E-3066D90FFFC5}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS59DA\hppiw.exe
FirewallRules: [{DF755C52-5C6B-47F4-9B87-5BC661F67955}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS5951\hppiw.exe
FirewallRules: [{5AC65ABD-9B8C-4AF6-94D1-B7E05218F8A3}] => (Allow) C:\Users\Dan\AppData\Local\Temp\7zS5951\hppiw.exe
FirewallRules: [{FB983D4F-D124-4EC5-A24C-D228DCE57677}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{0A845444-FC6B-44FB-84BA-693761FF6400}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{0CFE16BA-4541-4165-82B3-B193A542985F}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{AFC6A5BC-3097-485A-B185-568406613884}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{2B4F1F4F-0294-48A0-A78E-6BE8A6527CA3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{8FAB7424-967D-4BF5-943C-256159554D9F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{88FEDD7E-A010-4814-8BB4-2F22EEAD7D96}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{E50E67B2-9858-4FFD-85D0-D743D02B0A02}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{1ADAE3D7-3EFB-4130-A263-6C6D43592134}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{92AE77E4-67DA-4A3A-A9D3-89DAC45B6383}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{C5941758-F596-4C66-91F2-AF546B624E5B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{94C2832C-244F-4CBD-89D4-7D928833EDDF}] => (Allow) LPort=1900
FirewallRules: [{224ADAA0-CA2E-4742-8F92-C4383B4C832D}] => (Allow) LPort=2869
FirewallRules: [{6732C28A-3B31-4744-8EF5-B729B4AA34E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F464FEF0-1FA2-45B4-BE4B-A29BC67BC15A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{A621B51D-A3E7-4A27-968F-DEB88AAEC26E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{DC08777B-A94F-4B6C-89FE-D63EDB04DCFD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E5549DAF-03DF-498D-9326-20C79E806AD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{B7972817-3280-43CC-8081-311F47DDEAC5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{58AFAA0A-3067-4305-B6F7-D0DACFB2048D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{12F6F045-CA9A-42E5-8000-5D6F964C9F9A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{59FD0644-DC02-4F83-93A0-3D95A57819F6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{4AA73709-3B6A-465B-84C3-935FC7B47FCE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{50CFFC75-4A7B-4AFB-8323-05F7C4C4966F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{A6C5DDF0-540F-4805-BA9D-DC4D8B1FC4A4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{B0662172-4207-4C18-A790-1A124FD83B20}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{E3D7D1BC-9501-44D2-B9BF-012E32D27F0A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{640AA7D9-762E-4C94-AAD8-8CE4C6BB9295}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{5B718C37-7CCC-4BE9-8B21-4B6A932C7312}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{9B875184-9623-4D45-A278-DF35AEE54CF1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{C15BEF64-C4D1-4800-91A7-F809C91BDEE9}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{EA61132E-B5DC-4A7D-A9A0-2BE36EBE36E7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{77A97C73-17C0-4225-936B-68D353EFC21B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{B2D1454F-D9A5-4E64-9D04-A40D9D73B915}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{1B1C90E7-10BA-4E37-8E9F-90A82533E103}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{0A0BBC65-323A-4F02-B4FA-91347CFC51C4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{9E6E0238-FCFE-491F-81ED-75E4810612AD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{CB6448DD-F7DB-47BE-8697-C099CAF7E534}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2332F0CC-6629-4F1E-9102-112D52326391}] => (Allow) svchost.exe
FirewallRules: [{348F6459-A677-4ABD-8B92-4C0D6C63900B}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{DEE2719B-B7E1-4B00-84E8-09A2413F20B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{397CFF2E-60F6-4A50-8E3E-E255A01C1696}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2015 05:36:22 PM) (Source: MsiInstaller) (EventID: 1024) (User: Dan-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6D00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/04/2015 05:26:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nis.exe version 13.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1404

Start Time: 01d1174ec31e913d

Termination Time: 22

Application Path: C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe

Report Id: 0442cd43-8343-11e5-8d74-00248ca8f7fc

Faulting package full name:

Faulting package-relative application ID:

Error: (11/04/2015 05:15:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dan-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/04/2015 05:15:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nis.exe version 13.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2640

Start Time: 01d116997d4338fb

Termination Time: 8001

Application Path: C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe

Report Id: 800d87f2-8341-11e5-8d73-00248ca8f7fc

Faulting package full name:

Faulting package-relative application ID:

Error: (11/03/2015 07:40:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nis.exe version 13.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 11ac

Start Time: 01d114c4a344052a

Termination Time: 93

Application Path: C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe

Report Id: aa7cb14b-828c-11e5-8d73-00248ca8f7fc

Faulting package full name:

Faulting package-relative application ID:

Error: (11/02/2015 08:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dan-PC)
Description: Activation of app Microsoft.WindowsFeedback_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/02/2015 08:18:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20069.28170 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 225c

Start Time: 01d115d5508f91d2

Termination Time: 9680

Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Report Id: acde157c-81c8-11e5-8d73-00248ca8f7fc

Faulting package full name:

Faulting package-relative application ID:

Error: (11/02/2015 08:10:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10240.16412 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 12e4

Start Time: 01d115d445d06521

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: a8152b86-81c7-11e5-8d73-00248ca8f7fc

Faulting package full name:

Faulting package-relative application ID:

Error: (11/02/2015 08:09:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10240.16412 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1e14

Start Time: 01d115d42805b158

Termination Time: 38

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 7cbe0aea-81c7-11e5-8d73-00248ca8f7fc

Faulting package full name:

Faulting package-relative application ID:

Error: (11/01/2015 12:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Dan-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.


System errors:
=============
Error: (11/04/2015 05:33:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/04/2015 05:20:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (11/04/2015 05:17:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (11/04/2015 05:15:27 PM) (Source: DCOM) (EventID: 10010) (User: Dan-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (11/04/2015 05:15:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/02/2015 09:01:26 PM) (Source: DCOM) (EventID: 10010) (User: Dan-PC)
Description: App

Error: (11/01/2015 11:55:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (11/01/2015 11:51:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intuit Update Service service hung on starting.

Error: (11/01/2015 11:44:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (11/01/2015 11:43:16 AM) (Source: DCOM) (EventID: 10010) (User: Dan-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca


CodeIntegrity:
===================================
Date: 2015-10-31 11:23:26.368
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:23:26.315
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:23:26.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:23:26.191
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:23:26.157
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:23:26.123
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:23:25.029
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:23:24.869
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:09:56.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-10-31 11:09:56.578
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz
Percentage of memory in use: 23%
Total physical RAM: 8182.22 MB
Available physical RAM: 6227.62 MB
Total Virtual: 16374.22 MB
Available Virtual: 14448.99 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:684.82 GB) (Free:575.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.81 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: BB67A34B)
Partition 1: (Active) - (Size=684.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Wed Nov 04, 2015 4:23 pm    Post subject: Logs Reply with quote

Voila!

Interesting little side note: The flash drive that I attempted to download FRST64 onto directly would not work in either computer afterwards. I attributed it to being a cheap drive that I've had for years but never used. But when I tried again, it worked. Odd.

I saved FRST64 to a separate flash drive should it be needed again.

Thanks.

Cool
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Wed Nov 04, 2015 6:36 pm    Post subject: Apparently Not Malware Reply with quote

Brian:

Googling around, this appears to be a Windows 10 issue unrelated to malware.

I noticed the disk usage was regularly going to 100%. Many have reported with Win 8 and Win 10. There doesn't seem to be a good single fix. You have to hunt down whatever is causing it. BITS, SuperFetch, pagination sizes, NIS, scheduled tasks, etc. etc. All hard to do when things are running so slow.

I may revert back to Win 7. I'm pretty computer savvy, but I just don't have time to mess with this.

Thanks.

Cool
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Wed Nov 04, 2015 8:37 pm    Post subject: Win 7 - And Still There Reply with quote

I reverted to Windows 7 - but that doesn't seem to have solved things.

However, it looks like NIS itself is a major contributor. I've had Resource Monitor on, opening various programs. Open IE11, and disk usage quickly goes to 100%. Eventually it will settle down. Only program showing serious disk usage is NIS. Chrome and Firefox don't seem to do this.

This is very frustrating.

Brick wall
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 29 Apr 2017
Posts: 10182
Location: Yorkshire

PostPosted: Wed Nov 04, 2015 9:48 pm    Post subject: Reply with quote

If you've reverted back to Windows 7, can you run a new scan with FRST, since the one you've posted only tells me what the setup was when you were running Windows 10.

It's no use to me now you're running W7.

You'll need to check the Addition.txt option in the FRST interface this time, otherwise that log will not be produced (it's only produced automatically the first time).
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Thu Nov 05, 2015 2:32 pm    Post subject: More Info Reply with quote

Gary:

The more I look at this, the more I think it's a coding defect as opposed to malware.

I turned on Resource Monitor and watched the disk usage as I opened various apps. IE11 and LiveMail both sent disk usage soaring. The main contributing process was NIS itself. Among other things, it seemed to be constantly writing to some Rprt.dat file. Close the apps and disk usage/NIS went back to normal. Chrome, FireFox, and Outlook didn't seem to cause problems.

Some googling revealed that others had experienced similar issues. Several recommended a Remove & Reinstall of NIS. I started this, but the Reinstall kept failing. I started a chat session with Norton to resolve it. I got nowhere, so I turned on Windows Defender (better than nothing) headed to work. Later I tried another Norton chat.

This next part is great.

Norton rep told me I couldn't install NIS because it was a one PC setup. However, this was one of a 3-PC install version. Even the Norton site showed I had it installed on three devices. The rep said that that was because of a "glitch", which they'd since repaired. A product acting as advertised is a glitch? WTH?

I removed the install from the PC of interest on the Norton site, thinking this would allow me to reinstall. Nope, the rep said, I needed to remove all three, then I could install the one their site said I was allowed. I kept pointing out that my subscription HAD to allow more than one device allowed because it even their site showed three installs. (Two after I removed one.) The rep just didn't get it. Oh, and if I did remove the other two then NIS would stop working on those computers. I guess I'd need to procure another multi-install package (without glitches) to cover those.

Eventually the rep offered to continue my install, but as I wasn't at the PC of interest couldn't do it. I ended up telling them maybe I just needed to do so new installs myself - of something other than NIS.

Any recommendations on a effective but not burdensome internet security suite? Kaspersky or Avast?

I still need to verify that the PC is running normally now that NIS is gone. Thanks.

Cool
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Thu Nov 05, 2015 5:43 pm    Post subject: Smooth Sailing Reply with quote

When I got home I tried my computer without NIS installed.

Super

I'd forgotten how fast and quiet my computer could be. NIS was clearly the problem. I don't think I'll be getting with Norton about the reinstall.

I downloaded Avast AV since Defender isn't supposed to be great. Down the road, Avast IS may be the solution. And I guess I can go back to Win 10.

Any other recommendations are welcome.

Thanks for your help.

Cool
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 29 Apr 2017
Posts: 10182
Location: Yorkshire

PostPosted: Thu Nov 05, 2015 9:49 pm    Post subject: Reply with quote

I'm not a great fan of Norton myself, I've seen too many people having problems with their products.

For a Windows 7 machine, Avast is a good choice, or if you want something that's light on resources then try Microsoft Security Essentials .... https://www.microsoft.com/en-gb/download/details.aspx?id=5201

However, if you're upgrading to Windows 10 again, then just switch on Windows Defender.

The Windows Defender on W10 is not the same as the Windows Defender on W7, and is in fact essentially the same as Microsoft Security Essentials.

Why they chose to stay using the name Defender, when it has such a poor reputation rather than use the name of the more well regarded MSE is beyond me, but the truth is that Defender on W10 actually offers quite good protection.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
MaccDuff
Warrior


Joined: 17 Jun 2005
Last Visit: 07 Nov 2015
Posts: 78
Location: USA

PostPosted: Fri Nov 06, 2015 7:09 am    Post subject: Thanks! Reply with quote

Thanks for the insight, Gary. I will definitely consider your recommendations. No cost is always nice too. Smile

It's one thing when a company's products work poorly. But changing the rules on the consumer is unacceptable. What would just giving me a one-year license to NIS cost them? $8? Geez.

I'll be sending the Warriors some support. It's great to know you guys are out there should help be needed.

Cool
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 29 Apr 2017
Posts: 10182
Location: Yorkshire

PostPosted: Fri Nov 06, 2015 3:19 pm    Post subject: Reply with quote

You're welcome. Very Happy

Thanks for the donation it is much appreciated.

As your problems now seem to have been resolved ....

This topic is closed


Keep safe. Big Thumb Up
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group