Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01 Ran by natco_000 (administrator) on STUART (12-12-2015 18:14:01) Running from C:\Users\natco_000\Desktop Loaded Profiles: natco_000 (Available Profiles: natco_000 & QBDataServiceUser25) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\MountPoints2: {9696226d-fe74-11e4-8261-34689524aa14} - "F:\SISetup.exe" IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe IFEO\AdAwareService.exe: [Debugger] svchost.exe IFEO\AdAwareTray.exe: [Debugger] svchost.exe IFEO\AgentSvc.exe: [Debugger] svchost.exe IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe IFEO\avpmapp.exe: [Debugger] svchost.exe IFEO\av_task.exe: [Debugger] svchost.exe IFEO\Bav.exe: [Debugger] svchost.exe IFEO\bavhm.exe: [Debugger] svchost.exe IFEO\BavSvc.exe: [Debugger] svchost.exe IFEO\BavTray.exe: [Debugger] svchost.exe IFEO\BavUpdater.exe: [Debugger] svchost.exe IFEO\BavWebClient.exe: [Debugger] svchost.exe IFEO\BDSSVC.EXE: [Debugger] svchost.exe IFEO\BgScan.exe: [Debugger] svchost.exe IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe IFEO\BullGuarScanner.exe: [Debugger] svchost.exe IFEO\capinfos.exe: [Debugger] svchost.exe IFEO\CONSCTLX.EXE: [Debugger] svchost.exe IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe IFEO\coreServiceShell.exe: [Debugger] svchost.exe IFEO\dragon_updater.exe: [Debugger] svchost.exe IFEO\dumpcap.exe: [Debugger] svchost.exe IFEO\econceal.exe: [Debugger] svchost.exe IFEO\econser.exe: [Debugger] svchost.exe IFEO\editcap.exe: [Debugger] svchost.exe IFEO\escanmon.exe: [Debugger] svchost.exe IFEO\escanpro.exe: [Debugger] svchost.exe IFEO\fcappdb.exe: [Debugger] svchost.exe IFEO\FCDBlog.exe: [Debugger] svchost.exe IFEO\FCHelper64.exe: [Debugger] svchost.exe IFEO\fmon.exe: [Debugger] svchost.exe IFEO\FortiClient.exe: [Debugger] svchost.exe IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe IFEO\FortiESNAC.exe: [Debugger] svchost.exe IFEO\FortiFW.exe: [Debugger] svchost.exe IFEO\FortiProxy.exe: [Debugger] svchost.exe IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe IFEO\FortiTray.exe: [Debugger] svchost.exe IFEO\freshclamwrap.exe: [Debugger] svchost.exe IFEO\FSHDLL64.exe: [Debugger] svchost.exe IFEO\fshoster32.exe: [Debugger] svchost.exe IFEO\fsorsp.exe: [Debugger] svchost.exe IFEO\GdBgInx64.exe: [Debugger] svchost.exe IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe IFEO\GDSC.exe: [Debugger] svchost.exe IFEO\GDScan.exe: [Debugger] svchost.exe IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe IFEO\iptray.exe: [Debugger] svchost.exe IFEO\K7AVScan.exe: [Debugger] svchost.exe IFEO\K7CrvSvc.exe: [Debugger] svchost.exe IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe IFEO\K7FWSrvc.exe: [Debugger] svchost.exe IFEO\K7PSSrvc.exe: [Debugger] svchost.exe IFEO\K7RTScan.exe: [Debugger] svchost.exe IFEO\K7SysMon.Exe: [Debugger] svchost.exe IFEO\K7TSecurity.exe: [Debugger] svchost.exe IFEO\K7TSMain.exe: [Debugger] svchost.exe IFEO\K7TSMngr.exe: [Debugger] svchost.exe IFEO\LittleHook.exe: [Debugger] svchost.exe IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe IFEO\MCShieldCCC.exe: [Debugger] svchost.exe IFEO\MCShieldDS.exe: [Debugger] svchost.exe IFEO\MCShieldRTM.exe: [Debugger] svchost.exe IFEO\mergecap.exe: [Debugger] svchost.exe IFEO\MWAGENT.EXE: [Debugger] svchost.exe IFEO\MWASER.EXE: [Debugger] svchost.exe IFEO\nanoav.exe: [Debugger] svchost.exe IFEO\nanosvc.exe: [Debugger] svchost.exe IFEO\nfservice.exe: [Debugger] svchost.exe IFEO\njeeves2.exe: [Debugger] svchost.exe IFEO\nnf.exe: [Debugger] svchost.exe IFEO\NS.exe: [Debugger] svchost.exe IFEO\nseupdatesvc.exe: [Debugger] svchost.exe IFEO\nvcsvc.exe: [Debugger] svchost.exe IFEO\nvoy.exe: [Debugger] svchost.exe IFEO\nwscmon.exe: [Debugger] svchost.exe IFEO\OPSSVC.EXE: [Debugger] svchost.exe IFEO\op_mon.exe: [Debugger] svchost.exe IFEO\ProcessHacker.exe: [Debugger] svchost.exe IFEO\PSUAMain.exe: [Debugger] svchost.exe IFEO\PSUAService.exe: [Debugger] svchost.exe IFEO\PtSessionAgent.exe: [Debugger] svchost.exe IFEO\PtSvcHost.exe: [Debugger] svchost.exe IFEO\PtWatchDog.exe: [Debugger] svchost.exe IFEO\rawshark.exe: [Debugger] svchost.exe IFEO\SAPISSVC.EXE: [Debugger] svchost.exe IFEO\SASCore64.exe: [Debugger] svchost.exe IFEO\SASTask.exe: [Debugger] svchost.exe IFEO\SBAMSvc.exe: [Debugger] svchost.exe IFEO\SBAMTray.exe: [Debugger] svchost.exe IFEO\SBPIMSvc.exe: [Debugger] svchost.exe IFEO\scproxysrv.exe: [Debugger] svchost.exe IFEO\ScSecSvc.exe: [Debugger] svchost.exe IFEO\SDFSSvc.exe: [Debugger] svchost.exe IFEO\SDScan.exe: [Debugger] svchost.exe IFEO\SDTray.exe: [Debugger] svchost.exe IFEO\SDWelcome.exe: [Debugger] svchost.exe IFEO\SSUpdate64.exe: [Debugger] svchost.exe IFEO\SUPERDelete.exe: [Debugger] svchost.exe IFEO\text2pcap.exe: [Debugger] svchost.exe IFEO\TRAYICOS.EXE: [Debugger] svchost.exe IFEO\TRAYSSER.EXE: [Debugger] svchost.exe IFEO\trigger.exe: [Debugger] svchost.exe IFEO\tshark.exe: [Debugger] svchost.exe IFEO\uiSeAgnt.exe: [Debugger] svchost.exe IFEO\uiUpdateTray.exe: [Debugger] svchost.exe IFEO\uiWatchDog.exe: [Debugger] svchost.exe IFEO\uiWinMgr.exe: [Debugger] svchost.exe IFEO\UnThreat.exe: [Debugger] svchost.exe IFEO\utsvc.exe: [Debugger] svchost.exe IFEO\V3Main.exe: [Debugger] svchost.exe IFEO\V3Medic.exe: [Debugger] svchost.exe IFEO\V3Proxy.exe: [Debugger] svchost.exe IFEO\V3SP.exe: [Debugger] svchost.exe IFEO\V3Svc.exe: [Debugger] svchost.exe IFEO\V3Up.exe: [Debugger] svchost.exe IFEO\VIEWTCP.EXE: [Debugger] svchost.exe IFEO\VIPREUI.exe: [Debugger] svchost.exe IFEO\WebCompanion.exe: [Debugger] svchost.exe IFEO\zlhh.exe: [Debugger] svchost.exe ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-12-12] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-12-12] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Canada ULC.) Startup: C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-12-12] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-12] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0A3389AC-E845-45E0-890A-55391DB5DA46}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{CABC3090-9FE3-4F83-92FA-B710DD0A320E}: [DhcpNameServer] 40.21.1.12 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/ HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {02746806-A264-4915-BCDB-CEBD55E0C39A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2357461914-1037170958-1439947839-1002 -> {02746806-A264-4915-BCDB-CEBD55E0C39A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2357461914-1037170958-1439947839-1002 -> {0BAE2C4E-F47C-48D0-B16B-F308A7E56D39} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-06-08] (Intuit, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon [2015-11-19] [not signed] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon Chrome: ======= CHR Profile: C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-29] CHR Extension: (Norton Security Toolbar) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-21] CHR Extension: (Norton Identity Safe) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-11-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-21] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-07] (Advanced Micro Devices, Inc.) [File not signed] S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] () S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation) S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-06-08] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-08] (Intuit Inc.) [File not signed] S3 QuickBooksDB25; C:\Program Files (x86)\Intuit\QuickBooks 2015\QBDBMgrN.exe [827392 2014-12-08] (Intuit, Inc.) [File not signed] S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor) S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices) S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20151207.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation) S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20151208.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151210.002\ENG64.SYS [138488 2015-10-28] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151210.002\EX64.SYS [2148080 2015-10-28] (Symantec Corporation) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.) S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [578776 2014-08-05] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-05] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-06-04] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-24] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pft234.tmp\amifldrv64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-12 18:14 - 2015-12-12 18:14 - 00026980 _____ C:\Users\natco_000\Desktop\FRST.txt 2015-12-12 18:13 - 2015-12-12 18:14 - 00000000 ____D C:\FRST 2015-12-12 18:10 - 2015-12-12 18:10 - 02369536 _____ (Farbar) C:\Users\natco_000\Desktop\FRST64.exe 2015-12-12 18:10 - 2015-12-12 18:10 - 01720320 _____ (Farbar) C:\Users\natco_000\Desktop\FRST.exe 2015-12-12 18:08 - 2015-12-12 18:08 - 00062417 _____ C:\Users\natco_000\Desktop\FRST-FarbarRecoveryScanToolDownload-GeekstoGoForum.html 2015-12-12 15:47 - 2015-12-12 16:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-11 21:53 - 2015-12-11 21:53 - 00000000 ____D C:\Windows\pss 2015-12-11 21:41 - 2015-12-12 17:58 - 00001079 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-12-11 21:41 - 2015-12-12 15:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-12-11 21:41 - 2015-12-11 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-12-11 21:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-11 21:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-11 21:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-10 15:27 - 2015-12-10 15:27 - 00000000 ____D C:\Users\natco_000\Documents\price request 2015-12-10 15:26 - 2015-12-10 15:26 - 00000000 ____D C:\Users\natco_000\AppData\Roaming\Oracle 2015-12-10 15:26 - 2015-12-10 15:26 - 00000000 ____D C:\Users\natco_000\6MjYfuT5Y3N 2015-12-10 14:45 - 2015-12-10 14:45 - 00862279 _____ C:\Users\natco_000\Desktop\ALO1-CASE NEW LABEL PDF.pdf 2015-12-10 14:45 - 2015-12-10 14:40 - 00007468 _____ C:\Users\natco_000\Desktop\Backup_of_ALO1-CASE NEW LABEL.cdr 2015-12-10 14:40 - 2015-12-10 14:45 - 00574268 _____ C:\Users\natco_000\Desktop\ALO1-CASE NEW LABEL.cdr 2015-12-10 14:38 - 2015-12-10 14:38 - 00685734 _____ C:\Users\natco_000\Desktop\ATO1 new air tool label.cdr 2015-12-10 12:58 - 2015-12-10 13:33 - 01084836 _____ C:\Users\natco_000\Desktop\ATLO1 new air tool label PDF.pdf 2015-12-10 11:58 - 2015-12-10 11:58 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2015-12-10 11:58 - 2015-12-10 11:58 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-10 02:24 - 2015-12-10 12:57 - 01153010 _____ C:\Users\natco_000\Desktop\Backup_of_new air tool label.cdr 2015-12-10 00:56 - 2015-12-10 13:36 - 00685599 _____ C:\Users\natco_000\Desktop\new air tool label.cdr 2015-12-09 14:35 - 2015-12-09 17:22 - 00000000 ____D C:\Users\natco_000\Documents\Outlook Files 2015-12-08 23:26 - 2015-12-08 23:26 - 00014088 _____ C:\Users\natco_000\Desktop\Price Comparision.xlsx 2015-12-08 18:28 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-08 18:28 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-08 18:28 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-08 18:28 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-12-08 18:28 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-08 18:28 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-08 18:28 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-08 18:28 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-08 18:28 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-08 18:28 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-08 18:28 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-08 18:28 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-08 18:28 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-12-08 18:28 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-08 18:28 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-08 18:28 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-08 18:28 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-08 18:28 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-12-08 18:28 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-08 18:28 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-08 18:28 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-08 18:28 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-08 18:28 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-08 18:28 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-08 18:28 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-08 18:28 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-08 18:28 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-08 18:28 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-12-08 18:28 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-12-08 18:28 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-08 18:28 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-08 18:28 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-08 18:28 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-08 18:28 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-08 18:28 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-08 18:28 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-12-08 18:28 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-08 18:28 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-08 18:28 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-08 18:28 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-08 18:26 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-12-08 18:26 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-08 18:26 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-12-08 18:26 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-12-08 18:26 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-12-08 18:26 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-12-08 18:26 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-08 18:26 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-12-08 18:26 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-12-08 18:26 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-08 18:26 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-08 18:26 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-08 18:26 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-08 18:26 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-08 18:26 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-08 18:26 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-08 18:26 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-08 18:26 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-08 18:26 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-12-08 18:26 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-08 18:26 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-08 18:26 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-08 18:26 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-08 18:26 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-08 18:26 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-08 18:26 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-08 18:26 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-08 18:26 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-08 18:26 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-08 18:26 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-08 18:26 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-08 18:26 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-08 18:26 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-08 18:26 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-08 18:26 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-08 18:26 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-06 12:54 - 2015-12-06 12:54 - 00000200 _____ C:\Users\natco_000\Desktop\Industries Felton Brushes.url 2015-12-06 12:47 - 2015-12-06 12:47 - 00001054 _____ C:\Users\natco_000\Desktop\U.W.T. INC.url 2015-12-06 12:29 - 2015-12-06 12:29 - 00000206 _____ C:\Users\natco_000\Desktop\Custom Products Spectrum Paint Applicators Corp..url 2015-12-01 01:14 - 2015-12-01 12:15 - 00664272 _____ C:\Users\natco_000\Desktop\Backup_of_natco tire seal label 1gal.cdr 2015-12-01 00:57 - 2015-12-01 12:10 - 00906808 _____ C:\Users\natco_000\Desktop\natco tire seal label 1gal PDF.pdf 2015-11-30 18:53 - 2015-12-01 12:16 - 00663849 _____ C:\Users\natco_000\Desktop\natco tire seal label 1gal.cdr 2015-11-30 12:24 - 2015-11-30 12:24 - 00111866 _____ C:\Users\natco_000\Downloads\15-6329.pdf 2015-11-30 11:57 - 2015-11-30 11:57 - 19786968 _____ C:\Users\natco_000\Downloads\upd-pcl5-x64-6.1.0.20062.exe 2015-11-30 11:53 - 2015-11-30 11:53 - 04513164 _____ C:\Users\natco_000\Downloads\CP2020_Series_FW_Update-20140702 (1).exe 2015-11-30 11:46 - 2015-11-30 11:46 - 04513164 _____ C:\Users\natco_000\Downloads\CP2020_Series_FW_Update-20140702.exe 2015-11-30 11:37 - 2015-12-12 17:57 - 00002204 _____ C:\Users\natco_000\Desktop\HP Support Assistant.lnk 2015-11-30 11:32 - 2015-11-30 11:32 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\natco_000\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe 2015-11-30 11:28 - 2015-11-30 11:28 - 00000000 ____D C:\ProgramData\HP 2015-11-30 08:46 - 2015-11-30 08:46 - 00000000 ____D C:\Users\natco_000\Desktop\tpms 2015-11-28 22:38 - 2015-12-05 17:41 - 00024438 _____ C:\Windows\ntbtlog.txt 2015-11-26 12:19 - 2015-11-26 12:19 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2015-11-26 12:19 - 2015-11-26 12:19 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security 2015-11-21 17:16 - 2015-11-21 17:16 - 00075500 _____ C:\Users\natco_000\Desktop\China Portable Bead Breakers - China Tire Changer.html 2015-11-21 17:16 - 2015-11-21 17:16 - 00000000 ____D C:\Users\natco_000\Desktop\China Portable Bead Breakers - China Tire Changer_files 2015-11-21 15:10 - 2015-12-12 17:58 - 00002164 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-21 15:10 - 2015-11-21 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-21 15:08 - 2015-12-12 17:58 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-21 15:08 - 2015-12-11 14:18 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-21 15:08 - 2015-12-03 21:13 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-21 15:08 - 2015-12-03 21:13 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-19 07:57 - 2015-11-19 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\31 2015-11-19 07:57 - 2015-11-19 07:57 - 00000000 ____D C:\Program Files (x86)\31 2015-11-19 07:57 - 2005-08-03 16:05 - 00035892 _____ (Prolific Technology Inc.) C:\Windows\SysWOW64\SER9PL.sys 2015-11-19 07:57 - 2005-08-03 16:04 - 00026719 _____ C:\Windows\SysWOW64\SERSPL.VXD ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-12 18:13 - 2013-08-22 07:36 - 00000000 ____D C:\Windows 2015-12-12 18:12 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-12 18:11 - 2015-02-06 13:36 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2015-12-12 18:11 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-12 18:08 - 2015-06-30 15:33 - 00002291 _____ C:\Users\Public\Desktop\Norton Security.LNK 2015-12-12 18:08 - 2015-06-30 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2015-12-12 18:04 - 2015-05-19 11:08 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357461914-1037170958-1439947839-1002 2015-12-12 18:04 - 2015-05-19 11:08 - 00000000 ____D C:\Users\natco_000\OneDrive 2015-12-12 18:04 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf 2015-12-12 18:00 - 2015-05-19 11:06 - 00000000 ____D C:\Users\natco_000\Documents\Youcam 2015-12-12 17:59 - 2015-10-09 19:57 - 00002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2015-12-12 17:59 - 2015-10-09 19:57 - 00002390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2015-12-12 17:59 - 2015-10-09 19:57 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2015-12-12 17:59 - 2015-10-09 19:57 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2015-12-12 17:59 - 2015-10-09 19:57 - 00002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2015-12-12 17:59 - 2015-10-09 19:57 - 00002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2015-12-12 17:59 - 2015-10-09 19:57 - 00002333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2015-12-12 17:59 - 2015-05-31 13:46 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FreeCell Solitaire.lnk 2015-12-12 17:59 - 2015-05-21 18:42 - 00000830 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Corel.lnk 2015-12-12 17:59 - 2015-05-19 11:02 - 00001429 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-12 17:59 - 2015-05-19 10:59 - 00000445 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-12-12 17:59 - 2015-05-19 10:59 - 00000443 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-12-12 17:59 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-12 17:58 - 2015-08-16 18:26 - 00001954 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.lnk 2015-12-12 17:58 - 2015-05-31 13:46 - 00001055 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk 2015-12-12 17:58 - 2015-05-31 13:42 - 00002172 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk 2015-12-12 17:58 - 2015-05-31 13:42 - 00002164 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk 2015-12-12 17:58 - 2015-05-31 13:42 - 00002164 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk 2015-12-12 17:58 - 2015-05-31 13:42 - 00002164 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk 2015-12-12 17:58 - 2015-05-31 13:42 - 00002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk 2015-12-12 17:58 - 2015-05-19 12:14 - 00002193 _____ C:\Users\Public\Desktop\QuickBooks Premier 2015.lnk 2015-12-12 17:58 - 2015-05-19 12:11 - 00001276 _____ C:\Users\Public\Desktop\Support for QuickBooks.lnk 2015-12-12 17:57 - 2015-08-16 18:26 - 00001930 _____ C:\Users\natco_000\Desktop\PokerStars.lnk 2015-12-12 17:57 - 2015-06-30 15:30 - 00001276 _____ C:\Users\natco_000\Desktop\Norton Installation Files.lnk 2015-12-12 16:05 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Vss 2015-12-12 16:04 - 2015-05-31 09:24 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2015-12-12 09:26 - 2015-05-19 10:59 - 00000000 ____D C:\Users\natco_000 2015-12-11 21:41 - 2015-10-09 20:11 - 00003100 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2357461914-1037170958-1439947839-1002 2015-12-11 00:03 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF 2015-12-10 22:52 - 2015-07-02 12:19 - 00000000 ____D C:\Users\natco_000\AppData\Local\ElevatedDiagnostics 2015-12-10 22:39 - 2015-10-31 19:21 - 00000000 ____D C:\Users\natco_000\AppData\Local\NPE 2015-12-10 22:37 - 2013-08-22 08:44 - 00596712 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-10 12:49 - 2015-11-05 21:32 - 00000000 ____D C:\Users\natco_000\AppData\Local\CrashDumps 2015-12-10 11:37 - 2015-05-23 01:46 - 00000000 ____D C:\Windows\system32\MRT 2015-12-10 11:32 - 2015-05-23 01:46 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-10 11:31 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp 2015-12-09 23:14 - 2014-10-31 03:18 - 00409036 _____ C:\Windows\system32\perfh00C.dat 2015-12-09 23:14 - 2014-10-31 03:18 - 00067282 _____ C:\Windows\system32\perfc00C.dat 2015-12-09 23:14 - 2014-03-18 03:53 - 01410544 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-09 21:04 - 2015-05-19 11:02 - 00000000 ____D C:\Users\natco_000\AppData\Local\Packages 2015-12-09 10:48 - 2014-10-31 03:37 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2015-12-09 10:48 - 2014-10-31 03:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-12-05 21:00 - 2015-06-17 08:00 - 00003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleFornatco_000 2015-12-05 21:00 - 2015-06-17 08:00 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleFornatco_000.job 2015-12-05 21:00 - 2015-05-19 11:05 - 00000000 ____D C:\Users\natco_000\AppData\Local\Hewlett-Packard 2015-12-05 20:06 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-12-05 20:02 - 2015-10-28 06:38 - 00000000 ____D C:\Users\natco_000\Desktop\Discount Flyers 2015-12-04 07:35 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 11:19 - 2015-08-15 15:24 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 11:19 - 2015-08-15 15:24 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-30 11:37 - 2014-10-31 03:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-30 11:37 - 2014-10-31 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-11-30 11:37 - 2014-10-31 03:28 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-11-30 11:25 - 2015-05-19 11:02 - 00000000 ____D C:\Users\natco_000\AppData\Local\VirtualStore 2015-11-29 10:22 - 2015-11-09 08:41 - 00000000 ____D C:\Users\natco_000\Desktop\Price lists 2015-11-28 22:52 - 2015-10-31 19:42 - 00000000 ____D C:\NPE 2015-11-26 12:19 - 2015-06-30 15:32 - 00000000 ____D C:\Windows\system32\Drivers\NSx64 2015-11-22 11:03 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-22 11:02 - 2014-10-31 03:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-21 15:09 - 2015-05-20 20:46 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-21 15:08 - 2015-05-31 09:20 - 00000000 ____D C:\Users\natco_000\AppData\Local\Deployment 2015-11-18 18:39 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache 2015-11-15 08:36 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData ==================== Files in the root of some directories ======= 2015-05-19 12:12 - 2015-05-28 14:43 - 0002687 _____ () C:\Users\natco_000\AppData\Roaming\QBFileDrTool.log 2015-05-31 08:29 - 2015-05-31 08:29 - 0000064 _____ () C:\Users\natco_000\AppData\Local\07b5568f44af52c41444ef7fe5e8c7a1 2015-11-30 11:28 - 2015-11-30 11:38 - 0000297 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed safeboot: Networkbootmenupolicy Standard bootlog No => The system is configured to boot to Safe Mode <===== ATTENTION LastRegBack: 2015-12-05 17:34 ==================== End of FRST.txt ============================