[Imrelativelynewtothis]

cant run any antivirus or open task manager. I was able to run malwarebytes, but only after renaming it. There is no error messages after trying to open task manager, nothing happens. I've tried troubleshooting in safe mode. Sfcscan etc, the typical amateur stuff. At this point I'm lost in what to do next.

Windows 8.1

Thanks in advance.

[Advertisements]

Hello Imrelativelynewtothis,

Welcome to Geekstogo.

Couple of things:

First

I will give you some instructions to download the Farbar Recovery Scan tool. If you can follow the directions to run the scan and post back here, well and good. If you find you can't do that, try booting to Safemode and running the tool.

Go here for instructions on how to boot into Safe Mode in Win 8.

If neither of those options work, come back and tell me.

Second

Did you get a report when you ran Malwarebytes? If so please copy and paste the report contents back here together with the FRST logs.

Now

Let's have a look and see what we can find.
 
 Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

For Internet Explorer (excluding IE8):

• Please press both Ctrl + J on your keyboard.
• Press Options in the lower left corner.
• Click Browse and in the shown window highlight your Desktop.
• When done, click Select Folder.
• Click OK and close the View Downloads screen.

Please note that Internet Explorer 8 doesn't support changing the downloads location. In this case, upon completion you need to navigate to the Downloads folder and transfer the tool to your Desktop.

For Mozilla Firefox:

• Click the button (upper-right corner) and select Options.
• In the General tab find the Downloads section and check Save files to.
• Click Browse, Navigate to the Desktop and click Select Folder.
• Click OK and the Window will close.

For Google Chrome:

• Click the button (upper-right corner) and select Settings.
• Scroll down and at the bottom press Show advanced settings.
• Scroll down to the Downloads section and click the Change button.
• Navigate to your Desktop and click OK.

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

 

[emeraldnzl]

Hello Imrelativelynewtothis,

Welcome to Geekstogo.

Couple of things:

First

I will give you some instructions to download the Farbar Recovery Scan tool. If you can follow the directions to run the scan and post back here, well and good. If you find you can't do that, try booting to Safemode and running the tool.

Go here for instructions on how to boot into Safe Mode in Win 8.

If neither of those options work, come back and tell me.

Second

Did you get a report when you ran Malwarebytes? If so please copy and paste the report contents back here together with the FRST logs.

Now

Let's have a look and see what we can find.
 
 Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

For Internet Explorer (excluding IE8):

• Please press both Ctrl + J on your keyboard.
• Press Options in the lower left corner.
• Click Browse and in the shown window highlight your Desktop.
• When done, click Select Folder.
• Click OK and close the View Downloads screen.

Please note that Internet Explorer 8 doesn't support changing the downloads location. In this case, upon completion you need to navigate to the Downloads folder and transfer the tool to your Desktop.

For Mozilla Firefox:

• Click the button (upper-right corner) and select Options.
• In the General tab find the Downloads section and check Save files to.
• Click Browse, Navigate to the Desktop and click Select Folder.
• Click OK and the Window will close.

For Google Chrome:

• Click the button (upper-right corner) and select Settings.
• Scroll down and at the bottom press Show advanced settings.
• Scroll down to the Downloads section and click the Change button.
• Navigate to your Desktop and click OK.

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

 

[Imrelativelynewtothis]

Hey thanks for the quick response. Here's the logs from both scans.

 

Unfortunately I couldn't find the log from the malwarebytes scan.

 

Also, can I download these programs from safe mode(with networking) and just keep it on safe mode during this diagnosis? Or should I download in normal mode and switch over to safe.

Attached Files

•  FRST.txt   49.63KB   659 downloads
•  Addition.txt   30.6KB   616 downloads

Edited by Imrelativelynewtothis, 12 December 2015 - 06:22 PM.

[emeraldnzl]

Hello again Imrelativelynewtothis,

Note: Unless otherwise instructed always copy and paste the logs in the forum. 

 

 

Unfortunately I couldn't find the log from the malwarebytes scan.

The log is available through History ->Application logs. If you happen to find it, please copy and paste the contents in your next reply. If you can't find it don't worry.

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\MountPoints2: {9696226d-fe74-11e4-8261-34689524aa14} - "F:\SISetup.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {22D637C7-3EFF-4141-B68F-7D47364D3C8C} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {2894BB1C-E3BB-4FF6-88EC-0FECE9F27918} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
C:\Program Files (x86)\user extensions\updater.exe
Task: {2DACC1F5-DF22-4403-A4AB-6A27194E9196} - \GameZooks Ver -> No File <==== ATTENTION
Task: {50CDFF27-0488-4D57-A245-8D4D4DC1FC12} - \Cassiopesa rori -> No File <==== ATTENTION
Task: {A0979124-53A7-4920-A741-D69D7D8CB1EF} - \Component System\Component -> No File <==== ATTENTION
Task: {E01C6E24-1D99-484B-866E-A42536A855B5} - \GeniusBox -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

See if you can run these:

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.



Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please copy and paste

• Fixlog.txt
• JRT.txt
• AdwCleaner log

Edited by emeraldnzl, 12 December 2015 - 08:25 PM.
Location of MBAM log added

[Imrelativelynewtothis]

Thanks again.

 

Copied the fixlist and ran the fix. However after downloading JRT and AdwCleaner, I tried running JRT as administrator and it prompted me saying I wasn't using it as administrator. Any idea what the culprit could be on that? I have UAC disabled by the way.

[emeraldnzl]

Did you right click on it and run as Administrator that way?

[Imrelativelynewtothis]

Yep.

[emeraldnzl]

Okay, leave those for now and copy and paste what you have.

[Imrelativelynewtothis]

This is what the fixlog updated to;

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by natco_000 (2015-12-12 20:24:15) Run:1
Running from C:\Users\natco_000\Desktop
Loaded Profiles: natco_000 (Available Profiles: natco_000 & QBDataServiceUser25)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************

*****************

==== End of Fixlog 20:24:15 ====

 

 

edit; also theres about a dozen logs in malwarebytes application history, which do you want?

Edited by Imrelativelynewtothis, 12 December 2015 - 08:46 PM.

[emeraldnzl]

 

edit; also theres about a dozen logs in malwarebytes application history, which do you want?

 

It's the one/s you ran after the problem appeared.

 

Something wrong with that Fixlog.txt, it doesn't appear to have worked.

 

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

[Imrelativelynewtothis]

FRST;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by natco_000 (administrator) on STUART (12-12-2015 21:01:51)
Running from C:\Users\natco_000\Desktop
Loaded Profiles: natco_000 (Available Profiles: natco_000 & QBDataServiceUser25)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\MountPoints2: {9696226d-fe74-11e4-8261-34689524aa14} - "F:\SISetup.exe"
IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe
IFEO\AdAwareService.exe: [Debugger] svchost.exe
IFEO\AdAwareTray.exe: [Debugger] svchost.exe
IFEO\AgentSvc.exe: [Debugger] svchost.exe
IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe
IFEO\avpmapp.exe: [Debugger] svchost.exe
IFEO\av_task.exe: [Debugger] svchost.exe
IFEO\Bav.exe: [Debugger] svchost.exe
IFEO\bavhm.exe: [Debugger] svchost.exe
IFEO\BavSvc.exe: [Debugger] svchost.exe
IFEO\BavTray.exe: [Debugger] svchost.exe
IFEO\BavUpdater.exe: [Debugger] svchost.exe
IFEO\BavWebClient.exe: [Debugger] svchost.exe
IFEO\BDSSVC.EXE: [Debugger] svchost.exe
IFEO\BgScan.exe: [Debugger] svchost.exe
IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe
IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe
IFEO\BullGuarScanner.exe: [Debugger] svchost.exe
IFEO\capinfos.exe: [Debugger] svchost.exe
IFEO\CONSCTLX.EXE: [Debugger] svchost.exe
IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe
IFEO\coreServiceShell.exe: [Debugger] svchost.exe
IFEO\dragon_updater.exe: [Debugger] svchost.exe
IFEO\dumpcap.exe: [Debugger] svchost.exe
IFEO\econceal.exe: [Debugger] svchost.exe
IFEO\econser.exe: [Debugger] svchost.exe
IFEO\editcap.exe: [Debugger] svchost.exe
IFEO\escanmon.exe: [Debugger] svchost.exe
IFEO\escanpro.exe: [Debugger] svchost.exe
IFEO\fcappdb.exe: [Debugger] svchost.exe
IFEO\FCDBlog.exe: [Debugger] svchost.exe
IFEO\FCHelper64.exe: [Debugger] svchost.exe
IFEO\fmon.exe: [Debugger] svchost.exe
IFEO\FortiClient.exe: [Debugger] svchost.exe
IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe
IFEO\FortiESNAC.exe: [Debugger] svchost.exe
IFEO\FortiFW.exe: [Debugger] svchost.exe
IFEO\FortiProxy.exe: [Debugger] svchost.exe
IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe
IFEO\FortiTray.exe: [Debugger] svchost.exe
IFEO\freshclamwrap.exe: [Debugger] svchost.exe
IFEO\FSHDLL64.exe: [Debugger] svchost.exe
IFEO\fshoster32.exe: [Debugger] svchost.exe
IFEO\fsorsp.exe: [Debugger] svchost.exe
IFEO\GdBgInx64.exe: [Debugger] svchost.exe
IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe
IFEO\GDSC.exe: [Debugger] svchost.exe
IFEO\GDScan.exe: [Debugger] svchost.exe
IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe
IFEO\iptray.exe: [Debugger] svchost.exe
IFEO\K7AVScan.exe: [Debugger] svchost.exe
IFEO\K7CrvSvc.exe: [Debugger] svchost.exe
IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe
IFEO\K7FWSrvc.exe: [Debugger] svchost.exe
IFEO\K7PSSrvc.exe: [Debugger] svchost.exe
IFEO\K7RTScan.exe: [Debugger] svchost.exe
IFEO\K7SysMon.Exe: [Debugger] svchost.exe
IFEO\K7TSecurity.exe: [Debugger] svchost.exe
IFEO\K7TSMain.exe: [Debugger] svchost.exe
IFEO\K7TSMngr.exe: [Debugger] svchost.exe
IFEO\LittleHook.exe: [Debugger] svchost.exe
IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe
IFEO\MCShieldCCC.exe: [Debugger] svchost.exe
IFEO\MCShieldDS.exe: [Debugger] svchost.exe
IFEO\MCShieldRTM.exe: [Debugger] svchost.exe
IFEO\mergecap.exe: [Debugger] svchost.exe
IFEO\MWAGENT.EXE: [Debugger] svchost.exe
IFEO\MWASER.EXE: [Debugger] svchost.exe
IFEO\nanoav.exe: [Debugger] svchost.exe
IFEO\nanosvc.exe: [Debugger] svchost.exe
IFEO\nfservice.exe: [Debugger] svchost.exe
IFEO\njeeves2.exe: [Debugger] svchost.exe
IFEO\nnf.exe: [Debugger] svchost.exe
IFEO\NS.exe: [Debugger] svchost.exe
IFEO\nseupdatesvc.exe: [Debugger] svchost.exe
IFEO\nvcsvc.exe: [Debugger] svchost.exe
IFEO\nvoy.exe: [Debugger] svchost.exe
IFEO\nwscmon.exe: [Debugger] svchost.exe
IFEO\OPSSVC.EXE: [Debugger] svchost.exe
IFEO\op_mon.exe: [Debugger] svchost.exe
IFEO\ProcessHacker.exe: [Debugger] svchost.exe
IFEO\PSUAMain.exe: [Debugger] svchost.exe
IFEO\PSUAService.exe: [Debugger] svchost.exe
IFEO\PtSessionAgent.exe: [Debugger] svchost.exe
IFEO\PtSvcHost.exe: [Debugger] svchost.exe
IFEO\PtWatchDog.exe: [Debugger] svchost.exe
IFEO\rawshark.exe: [Debugger] svchost.exe
IFEO\SAPISSVC.EXE: [Debugger] svchost.exe
IFEO\SASCore64.exe: [Debugger] svchost.exe
IFEO\SASTask.exe: [Debugger] svchost.exe
IFEO\SBAMSvc.exe: [Debugger] svchost.exe
IFEO\SBAMTray.exe: [Debugger] svchost.exe
IFEO\SBPIMSvc.exe: [Debugger] svchost.exe
IFEO\scproxysrv.exe: [Debugger] svchost.exe
IFEO\ScSecSvc.exe: [Debugger] svchost.exe
IFEO\SDFSSvc.exe: [Debugger] svchost.exe
IFEO\SDScan.exe: [Debugger] svchost.exe
IFEO\SDTray.exe: [Debugger] svchost.exe
IFEO\SDWelcome.exe: [Debugger] svchost.exe
IFEO\SSUpdate64.exe: [Debugger] svchost.exe
IFEO\SUPERDelete.exe: [Debugger] svchost.exe
IFEO\text2pcap.exe: [Debugger] svchost.exe
IFEO\TRAYICOS.EXE: [Debugger] svchost.exe
IFEO\TRAYSSER.EXE: [Debugger] svchost.exe
IFEO\trigger.exe: [Debugger] svchost.exe
IFEO\tshark.exe: [Debugger] svchost.exe
IFEO\uiSeAgnt.exe: [Debugger] svchost.exe
IFEO\uiUpdateTray.exe: [Debugger] svchost.exe
IFEO\uiWatchDog.exe: [Debugger] svchost.exe
IFEO\uiWinMgr.exe: [Debugger] svchost.exe
IFEO\UnThreat.exe: [Debugger] svchost.exe
IFEO\utsvc.exe: [Debugger] svchost.exe
IFEO\V3Main.exe: [Debugger] svchost.exe
IFEO\V3Medic.exe: [Debugger] svchost.exe
IFEO\V3Proxy.exe: [Debugger] svchost.exe
IFEO\V3SP.exe: [Debugger] svchost.exe
IFEO\V3Svc.exe: [Debugger] svchost.exe
IFEO\V3Up.exe: [Debugger] svchost.exe
IFEO\VIEWTCP.EXE: [Debugger] svchost.exe
IFEO\VIPREUI.exe: [Debugger] svchost.exe
IFEO\WebCompanion.exe: [Debugger] svchost.exe
IFEO\zlhh.exe: [Debugger] svchost.exe
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-12-12]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-12-12]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Canada ULC.)
Startup: C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-12-12]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A3389AC-E845-45E0-890A-55391DB5DA46}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CABC3090-9FE3-4F83-92FA-B710DD0A320E}: [DhcpNameServer] 40.21.1.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {02746806-A264-4915-BCDB-CEBD55E0C39A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2357461914-1037170958-1439947839-1002 -> {02746806-A264-4915-BCDB-CEBD55E0C39A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2357461914-1037170958-1439947839-1002 -> {0BAE2C4E-F47C-48D0-B16B-F308A7E56D39} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2015-06-08] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon [2015-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-29]
CHR Extension: (Norton Security Toolbar) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-21]
CHR Extension: (Norton Identity Safe) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-11-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-21]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-07] (Advanced Micro Devices, Inc.) [File not signed]
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-06-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-08] (Intuit Inc.) [File not signed]
S3 QuickBooksDB25; C:\Program Files (x86)\Intuit\QuickBooks 2015\QBDBMgrN.exe [827392 2014-12-08] (Intuit, Inc.) [File not signed]
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20151207.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20151208.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151210.002\ENG64.SYS [138488 2015-10-28] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151210.002\EX64.SYS [2148080 2015-10-28] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [578776 2014-08-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-05] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-06-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-24] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pft234.tmp\amifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 20:26 - 2015-12-12 20:27 - 01738240 _____ C:\Users\natco_000\Desktop\AdwCleaner.exe
2015-12-12 20:26 - 2015-12-12 20:26 - 01599336 _____ (Malwarebytes) C:\Users\natco_000\Desktop\JRT.exe
2015-12-12 20:24 - 2015-12-12 20:24 - 00000425 _____ C:\Users\natco_000\Desktop\Fixlog.txt
2015-12-12 18:18 - 2015-12-12 18:19 - 00000000 ____D C:\Users\natco_000\Desktop\scans
2015-12-12 18:15 - 2015-12-12 18:16 - 00031335 _____ C:\Users\natco_000\Desktop\Addition.txt
2015-12-12 18:14 - 2015-12-12 21:01 - 00027130 _____ C:\Users\natco_000\Desktop\FRST.txt
2015-12-12 18:13 - 2015-12-12 21:01 - 00000000 ____D C:\FRST
2015-12-12 18:10 - 2015-12-12 18:10 - 02369536 _____ (Farbar) C:\Users\natco_000\Desktop\FRST64.exe
2015-12-12 18:10 - 2015-12-12 18:10 - 01720320 _____ (Farbar) C:\Users\natco_000\Desktop\FRST.exe
2015-12-12 18:08 - 2015-12-12 18:08 - 00062417 _____ C:\Users\natco_000\Desktop\FRST-FarbarRecoveryScanToolDownload-GeekstoGoForum.html
2015-12-12 15:47 - 2015-12-12 20:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-11 21:53 - 2015-12-11 21:53 - 00000000 ____D C:\Windows\pss
2015-12-11 21:41 - 2015-12-12 17:58 - 00001079 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-11 21:41 - 2015-12-12 15:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-11 21:41 - 2015-12-11 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-11 21:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-11 21:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-11 21:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-10 15:27 - 2015-12-10 15:27 - 00000000 ____D C:\Users\natco_000\Documents\price request
2015-12-10 15:26 - 2015-12-10 15:26 - 00000000 ____D C:\Users\natco_000\AppData\Roaming\Oracle
2015-12-10 15:26 - 2015-12-10 15:26 - 00000000 ____D C:\Users\natco_000\6MjYfuT5Y3N
2015-12-10 14:45 - 2015-12-10 14:45 - 00862279 _____ C:\Users\natco_000\Desktop\ALO1-CASE NEW LABEL PDF.pdf
2015-12-10 14:45 - 2015-12-10 14:40 - 00007468 _____ C:\Users\natco_000\Desktop\Backup_of_ALO1-CASE NEW LABEL.cdr
2015-12-10 14:40 - 2015-12-10 14:45 - 00574268 _____ C:\Users\natco_000\Desktop\ALO1-CASE NEW LABEL.cdr
2015-12-10 14:38 - 2015-12-10 14:38 - 00685734 _____ C:\Users\natco_000\Desktop\ATO1 new air tool label.cdr
2015-12-10 12:58 - 2015-12-10 13:33 - 01084836 _____ C:\Users\natco_000\Desktop\ATLO1 new air tool label PDF.pdf
2015-12-10 11:58 - 2015-12-10 11:58 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-12-10 11:58 - 2015-12-10 11:58 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-10 02:24 - 2015-12-10 12:57 - 01153010 _____ C:\Users\natco_000\Desktop\Backup_of_new air tool label.cdr
2015-12-10 00:56 - 2015-12-10 13:36 - 00685599 _____ C:\Users\natco_000\Desktop\new air tool label.cdr
2015-12-09 14:35 - 2015-12-09 17:22 - 00000000 ____D C:\Users\natco_000\Documents\Outlook Files
2015-12-08 23:26 - 2015-12-08 23:26 - 00014088 _____ C:\Users\natco_000\Desktop\Price Comparision.xlsx
2015-12-08 18:28 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 18:28 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 18:28 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 18:28 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 18:28 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 18:28 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 18:28 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 18:28 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 18:28 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 18:28 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 18:28 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 18:28 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 18:28 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 18:28 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 18:28 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 18:28 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 18:28 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 18:28 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 18:28 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 18:28 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 18:28 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 18:28 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 18:28 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 18:28 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 18:28 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 18:28 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 18:28 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 18:28 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 18:28 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 18:28 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 18:28 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 18:28 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 18:28 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 18:28 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 18:28 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 18:28 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 18:28 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 18:28 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 18:28 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 18:28 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 18:26 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 18:26 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 18:26 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 18:26 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 18:26 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 18:26 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 18:26 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 18:26 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 18:26 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 18:26 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 18:26 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 18:26 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 18:26 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 18:26 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 18:26 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 18:26 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 18:26 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 18:26 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 18:26 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 18:26 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 18:26 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 18:26 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 18:26 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 18:26 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 18:26 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 18:26 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 18:26 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 18:26 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 18:26 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 18:26 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 18:26 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 18:26 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 18:26 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 18:26 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 18:26 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 18:26 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-06 12:54 - 2015-12-06 12:54 - 00000200 _____ C:\Users\natco_000\Desktop\Industries  Felton Brushes.url
2015-12-06 12:47 - 2015-12-06 12:47 - 00001054 _____ C:\Users\natco_000\Desktop\U.W.T. INC.url
2015-12-06 12:29 - 2015-12-06 12:29 - 00000206 _____ C:\Users\natco_000\Desktop\Custom Products Spectrum Paint Applicators Corp..url
2015-12-01 01:14 - 2015-12-01 12:15 - 00664272 _____ C:\Users\natco_000\Desktop\Backup_of_natco tire seal label 1gal.cdr
2015-12-01 00:57 - 2015-12-01 12:10 - 00906808 _____ C:\Users\natco_000\Desktop\natco tire seal label 1gal PDF.pdf
2015-11-30 18:53 - 2015-12-01 12:16 - 00663849 _____ C:\Users\natco_000\Desktop\natco tire seal label 1gal.cdr
2015-11-30 12:24 - 2015-11-30 12:24 - 00111866 _____ C:\Users\natco_000\Downloads\15-6329.pdf
2015-11-30 11:57 - 2015-11-30 11:57 - 19786968 _____ C:\Users\natco_000\Downloads\upd-pcl5-x64-6.1.0.20062.exe
2015-11-30 11:53 - 2015-11-30 11:53 - 04513164 _____ C:\Users\natco_000\Downloads\CP2020_Series_FW_Update-20140702 (1).exe
2015-11-30 11:46 - 2015-11-30 11:46 - 04513164 _____ C:\Users\natco_000\Downloads\CP2020_Series_FW_Update-20140702.exe
2015-11-30 11:37 - 2015-12-12 17:57 - 00002204 _____ C:\Users\natco_000\Desktop\HP Support Assistant.lnk
2015-11-30 11:32 - 2015-11-30 11:32 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\natco_000\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-11-30 11:28 - 2015-11-30 11:28 - 00000000 ____D C:\ProgramData\HP
2015-11-30 08:46 - 2015-11-30 08:46 - 00000000 ____D C:\Users\natco_000\Desktop\tpms
2015-11-28 22:38 - 2015-12-05 17:41 - 00024438 _____ C:\Windows\ntbtlog.txt
2015-11-26 12:19 - 2015-11-26 12:19 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-11-26 12:19 - 2015-11-26 12:19 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2015-11-21 17:16 - 2015-11-21 17:16 - 00075500 _____ C:\Users\natco_000\Desktop\China Portable Bead Breakers - China Tire Changer.html
2015-11-21 17:16 - 2015-11-21 17:16 - 00000000 ____D C:\Users\natco_000\Desktop\China Portable Bead Breakers - China Tire Changer_files
2015-11-21 15:10 - 2015-12-12 17:58 - 00002164 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-21 15:10 - 2015-11-21 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-21 15:08 - 2015-12-12 17:58 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 15:08 - 2015-12-11 14:18 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-21 15:08 - 2015-12-03 21:13 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-21 15:08 - 2015-12-03 21:13 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-19 07:57 - 2015-11-19 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\31
2015-11-19 07:57 - 2015-11-19 07:57 - 00000000 ____D C:\Program Files (x86)\31
2015-11-19 07:57 - 2005-08-03 16:05 - 00035892 _____ (Prolific Technology Inc.) C:\Windows\SysWOW64\SER9PL.sys
2015-11-19 07:57 - 2005-08-03 16:04 - 00026719 _____ C:\Windows\SysWOW64\SERSPL.VXD

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 18:15 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-12-12 18:12 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-12 18:11 - 2015-02-06 13:36 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-12-12 18:11 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 18:08 - 2015-06-30 15:33 - 00002291 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-12-12 18:08 - 2015-06-30 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-12-12 18:04 - 2015-05-19 11:08 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357461914-1037170958-1439947839-1002
2015-12-12 18:04 - 2015-05-19 11:08 - 00000000 ____D C:\Users\natco_000\OneDrive
2015-12-12 18:04 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2015-12-12 18:00 - 2015-05-19 11:06 - 00000000 ____D C:\Users\natco_000\Documents\Youcam
2015-12-12 17:59 - 2015-10-09 19:57 - 00002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-12 17:59 - 2015-10-09 19:57 - 00002390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-12 17:59 - 2015-10-09 19:57 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-12 17:59 - 2015-10-09 19:57 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-12 17:59 - 2015-10-09 19:57 - 00002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-12 17:59 - 2015-10-09 19:57 - 00002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-12 17:59 - 2015-10-09 19:57 - 00002333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-12 17:59 - 2015-05-31 13:46 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FreeCell Solitaire.lnk
2015-12-12 17:59 - 2015-05-21 18:42 - 00000830 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Corel.lnk
2015-12-12 17:59 - 2015-05-19 11:02 - 00001429 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-12 17:59 - 2015-05-19 10:59 - 00000445 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-12-12 17:59 - 2015-05-19 10:59 - 00000443 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-12-12 17:59 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-12 17:58 - 2015-08-16 18:26 - 00001954 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.lnk
2015-12-12 17:58 - 2015-05-31 13:46 - 00001055 _____ C:\Users\Public\Desktop\Free FreeCell Solitaire.lnk
2015-12-12 17:58 - 2015-05-31 13:42 - 00002172 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2015-12-12 17:58 - 2015-05-31 13:42 - 00002164 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2015-12-12 17:58 - 2015-05-31 13:42 - 00002164 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2015-12-12 17:58 - 2015-05-31 13:42 - 00002164 _____ C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2015-12-12 17:58 - 2015-05-31 13:42 - 00002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
2015-12-12 17:58 - 2015-05-19 12:14 - 00002193 _____ C:\Users\Public\Desktop\QuickBooks Premier 2015.lnk
2015-12-12 17:58 - 2015-05-19 12:11 - 00001276 _____ C:\Users\Public\Desktop\Support for QuickBooks.lnk
2015-12-12 17:57 - 2015-08-16 18:26 - 00001930 _____ C:\Users\natco_000\Desktop\PokerStars.lnk
2015-12-12 17:57 - 2015-06-30 15:30 - 00001276 _____ C:\Users\natco_000\Desktop\Norton Installation Files.lnk
2015-12-12 16:05 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Vss
2015-12-12 16:04 - 2015-05-31 09:24 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-12-12 09:26 - 2015-05-19 10:59 - 00000000 ____D C:\Users\natco_000
2015-12-11 21:41 - 2015-10-09 20:11 - 00003100 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2357461914-1037170958-1439947839-1002
2015-12-11 00:03 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-10 22:52 - 2015-07-02 12:19 - 00000000 ____D C:\Users\natco_000\AppData\Local\ElevatedDiagnostics
2015-12-10 22:39 - 2015-10-31 19:21 - 00000000 ____D C:\Users\natco_000\AppData\Local\NPE
2015-12-10 22:37 - 2013-08-22 08:44 - 00596712 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 12:49 - 2015-11-05 21:32 - 00000000 ____D C:\Users\natco_000\AppData\Local\CrashDumps
2015-12-10 11:37 - 2015-05-23 01:46 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 11:32 - 2015-05-23 01:46 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-10 11:31 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 23:14 - 2014-10-31 03:18 - 00409036 _____ C:\Windows\system32\perfh00C.dat
2015-12-09 23:14 - 2014-10-31 03:18 - 00067282 _____ C:\Windows\system32\perfc00C.dat
2015-12-09 23:14 - 2014-03-18 03:53 - 01410544 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 21:04 - 2015-05-19 11:02 - 00000000 ____D C:\Users\natco_000\AppData\Local\Packages
2015-12-09 10:48 - 2014-10-31 03:37 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-12-09 10:48 - 2014-10-31 03:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-05 21:00 - 2015-06-17 08:00 - 00003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleFornatco_000
2015-12-05 21:00 - 2015-06-17 08:00 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleFornatco_000.job
2015-12-05 21:00 - 2015-05-19 11:05 - 00000000 ____D C:\Users\natco_000\AppData\Local\Hewlett-Packard
2015-12-05 20:06 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-12-05 20:02 - 2015-10-28 06:38 - 00000000 ____D C:\Users\natco_000\Desktop\Discount Flyers
2015-12-04 07:35 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 11:19 - 2015-08-15 15:24 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 11:19 - 2015-08-15 15:24 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 11:37 - 2014-10-31 03:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-30 11:37 - 2014-10-31 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-30 11:37 - 2014-10-31 03:28 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-30 11:25 - 2015-05-19 11:02 - 00000000 ____D C:\Users\natco_000\AppData\Local\VirtualStore
2015-11-29 10:22 - 2015-11-09 08:41 - 00000000 ____D C:\Users\natco_000\Desktop\Price lists
2015-11-28 22:52 - 2015-10-31 19:42 - 00000000 ____D C:\NPE
2015-11-26 12:19 - 2015-06-30 15:32 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2015-11-22 11:03 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-22 11:02 - 2014-10-31 03:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-21 15:09 - 2015-05-20 20:46 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-21 15:08 - 2015-05-31 09:20 - 00000000 ____D C:\Users\natco_000\AppData\Local\Deployment
2015-11-18 18:39 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-11-15 08:36 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData

==================== Files in the root of some directories =======

2015-05-19 12:12 - 2015-05-28 14:43 - 0002687 _____ () C:\Users\natco_000\AppData\Roaming\QBFileDrTool.log
2015-05-31 08:29 - 2015-05-31 08:29 - 0000064 _____ () C:\Users\natco_000\AppData\Local\07b5568f44af52c41444ef7fe5e8c7a1
2015-11-30 11:28 - 2015-11-30 11:38 - 0000297 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

safeboot: Networkbootmenupolicy          Standard
bootlog                 No
 => The system is configured to boot to Safe Mode <===== ATTENTION

LastRegBack: 2015-12-05 17:34

==================== End of FRST.txt ============================

 

 

Addition;

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by natco_000 (2015-12-12 21:02:23)
Running from C:\Users\natco_000\Desktop
Windows 8.1 (X64) (2015-05-19 17:01:28)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2357461914-1037170958-1439947839-500 - Administrator - Disabled)
Guest (S-1-5-21-2357461914-1037170958-1439947839-501 - Limited - Disabled)
natco_000 (S-1-5-21-2357461914-1037170958-1439947839-1002 - Administrator - Enabled) => C:\Users\natco_000
QBDataServiceUser25 (S-1-5-21-2357461914-1037170958-1439947839-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser25

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{4049853E-9328-B198-1563-F1DCF89C5734}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW® Home & Student Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.3.5715 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3220 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2.3220 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4502 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Free FreeCell Solitaire 2015 v3.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version:  - TreeCardGames)
Golden Path (HKLM-x32\...\Golden Path_is1) (Version: 1.0 - Media Contact LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{6AAEDF97-4B93-4169-8FCA-FCB0378CED52}) (Version: 1.1.0.0 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
QB2Excel (HKLM-x32\...\{1E2FC0B9-8908-4A18-B681-C0528B99FCA6}) (Version: 5.0.0 - InformationActive)
QuickBooks (x32 Version: 25.0.4007.2506 - Intuit Canada ULC) Hidden
QuickBooks Premier: Mfg and Whsle Edition 2015 (HKLM-x32\...\{846F435B-6F13-47EF-AF92-0C15C4A24405}) (Version: 25.0.4004.2506 - Intuit Canada ULC)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.22 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7344 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.37 - REALTEK Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.13 - Synaptics Incorporated)
TpmsToolObdUpdater (HKLM-x32\...\InstallShield_{0A7B7D64-1222-49A4-B938-6ED5A532077A}) (Version: 1.00.0000 - 31)
TpmsToolObdUpdater (x32 Version: 1.00.0000 - 31) Hidden
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

18-11-2015 18:31:34 Scheduled Checkpoint
28-11-2015 10:31:49 Scheduled Checkpoint
30-11-2015 11:32:59 Installed HP Support Solutions Framework
08-12-2015 10:42:33 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C1AB32-36AF-4367-AC10-1BD7AE91234A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {0711F9E5-6C05-4F0C-A3EF-27F30A2EF8C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {08A46ABB-C6CA-4C92-9A38-76F544C4C7B3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {0F79212D-3CD8-4554-BE86-17913372A8FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {18629024-153D-455B-B424-7A56506DE39D} - System32\Tasks\HPCeeScheduleFornatco_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {22D637C7-3EFF-4141-B68F-7D47364D3C8C} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {283527FD-4FB0-409B-AAF1-1C488F3FC2F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {2894BB1C-E3BB-4FF6-88EC-0FECE9F27918} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {2DACC1F5-DF22-4403-A4AB-6A27194E9196} - \GameZooks Ver -> No File <==== ATTENTION
Task: {2E3D9461-9A98-4A14-8E3D-B1F33CD6174A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {3F3B9F02-0B7F-4114-B4A5-E0225E79840C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {4E30A1B0-8FE4-4049-B6F4-974E53784DBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {50CDFF27-0488-4D57-A245-8D4D4DC1FC12} - \Cassiopesa rori -> No File <==== ATTENTION
Task: {53957D8C-0856-48EA-A86C-180D3077EC4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {6C69C10D-DB39-45F2-8308-E008BB3CBA19} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {74ECAE44-1CEF-4A80-8006-D9577488B07D} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {7F0D4B07-0B84-43A0-BF5F-F9E50E97B6F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {9FCC8045-C22B-4FE6-821A-288D9506EA40} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-01] (CyberLink Corp.)
Task: {A0979124-53A7-4920-A741-D69D7D8CB1EF} - \Component System\Component -> No File <==== ATTENTION
Task: {CF718104-2FF0-405B-8A7B-1AA635E66AE8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {E01C6E24-1D99-484B-866E-A42536A855B5} - \GeniusBox -> No File <==== ATTENTION
Task: {E10977DA-F4B7-4672-8F84-88BFDD03D8C8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {E2FEB3BA-88A2-4BE2-A5E7-60344281E82B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2357461914-1037170958-1439947839-1002 => C:\Users\natco_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-11] (Microsoft Corporation)
Task: {EE403D0D-9C10-464E-B863-3E0CE3054230} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFornatco_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-22 11:00 - 2015-11-01 04:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "HPUsageTrackingLEDM"
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EA8A3D7F-D6AA-478E-9962-2A484BA0B3DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AEA519D-B55D-47BA-9CE1-E3465883B203}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C4CE30B-647B-4996-A5CB-DBAE964452B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D84904F2-AFFF-4A70-9B81-784133B025E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{139C4D0F-B973-4849-9341-4884A9A0A45F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FAF5D5B0-893C-4DA8-AE8E-7E5F26D04CF9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{516BA319-F04A-46E1-8408-F1FB9EACCF55}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E4596FE7-AE06-4F0E-B7DE-90F62471A332}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{63A95857-BBD3-4EC0-9B49-99EC61B18B35}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1B85587C-5BCC-403A-A235-30FAA6DF814E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{66026778-8470-4916-8EA7-2A75AC1F7911}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{AB58FA95-A2D5-4B0F-8301-6DC8C119ECA7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe
FirewallRules: [{0B115080-C2F1-4471-8CD1-65ED7A66A2E0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe
FirewallRules: [{F220B61B-8046-440C-A1AD-9577A9B42747}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe
FirewallRules: [{EE898807-7BB8-4C98-B584-7A768DE19B2C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe
FirewallRules: [{85288E01-8C53-42E6-88A7-2847C3CB0307}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe
FirewallRules: [{417D5E62-F2D3-4D54-B532-2DAAB5859399}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe
FirewallRules: [{9D05CE66-57B0-42CD-A586-B0E2C07A050A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe
FirewallRules: [{BB0CF856-5604-4739-A587-517DD543B502}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe
FirewallRules: [{D7691471-D727-49F2-B9E4-9B365AD0470D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{6E06AAB9-909D-4B41-B7B8-914899D591A7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{3442FE21-503E-4317-95C3-2DB1C060BCF9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{FDD1749A-EC7E-42D5-8517-67A82DE25C8A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{5AB69CF8-F76E-4246-8292-31E5223FF4A8}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{74C5D044-2B64-4625-8236-7113F9F4AB4B}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{579F135B-EB04-46DB-8D55-E4AB1246C067}] => (Allow) LPort=9100
FirewallRules: [{CB5463B4-50B6-4816-A39F-10396C7F4472}] => (Allow) LPort=427
FirewallRules: [{3D50E59A-E374-4119-B5CA-D8A56C73594A}] => (Allow) LPort=161
FirewallRules: [{B1F47688-EA46-4997-A679-FF363C1F0CE0}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{7EF24140-CB24-437E-AE4F-C4F277402469}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{401F9B97-90EE-4C21-97D3-B7F39AE26708}] => (Allow) LPort=9100
FirewallRules: [{88B1E8AD-2B96-4EAC-BEB6-0967221D14C7}] => (Allow) LPort=427
FirewallRules: [{AEE56EA6-926E-4F50-80FA-64616BDEAAB0}] => (Allow) LPort=161
FirewallRules: [{036B0B4A-FF7D-4035-9B69-EE2195964911}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{187E9EAE-30AE-4C41-BB4D-FEF24EE66F5F}] => (Allow) C:\Users\natco_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4EEAE5F3-A679-40AA-92F7-D10ECD8BAF88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2015 06:07:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/12/2015 11:28:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STUART)
Description: Activation of app Microsoft.WindowsCalculator_8wekyb3d8bbwe!App failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:24:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STUART)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:24:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STUART)
Description: Activation of app FileManager_cw5n1h2txyewy!Microsoft.Windows.FileManager failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2015 12:03:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000142
Fault offset: 0x00000000000ec540
Faulting process id: 0x790
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (12/11/2015 12:03:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/10/2015 10:45:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CorelDrw.exe, version: 15.2.0.686, time stamp: 0x4d9be3e1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000001d
Fault offset: 0x00610077
Faulting process id: 0x%9
Faulting application start time: 0xCorelDrw.exe0
Faulting application path: CorelDrw.exe1
Faulting module path: CorelDrw.exe2
Report Id: CorelDrw.exe3
Faulting package full name: CorelDrw.exe4
Faulting package-relative application ID: CorelDrw.exe5

Error: (12/10/2015 10:33:38 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition":
Error creating connection 2 in DBConnPool::GetConnection().

Error: (12/10/2015 10:33:38 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition":
CON=QBConn\192.168.100.104\25\0\4\7\285-248\1170-0650-8488-082\5\0\0\55363\192.168.100.103;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Natco Manufacturers and Distributors Ltd..QBW;CommLinks="tcpip(IP=192.168.100.103;DOBROADCAST=NONE;port=55363)";ServerName=QB_SERVER_25;DBN=dd59b054f3d94b71b8af25d33a990185;CharSet=none

Error: (12/10/2015 10:33:38 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition":
Connection Error:Database server not found

System errors:
=============
Error: (12/12/2015 09:02:26 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 09:02:24 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 09:02:24 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 09:02:20 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 09:02:15 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 09:02:10 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 09:02:04 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 09:01:52 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 09:01:52 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 09:01:52 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

==================== Memory info ===========================

Processor: AMD A10-4655M APU with Radeon™ HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 7364.7 MB
Available physical RAM: 6139.04 MB
Total Virtual: 8516.7 MB
Available Virtual: 7422.48 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:906.1 GB) (Free:853.66 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.39 GB) (Free:2.73 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5404D12C)

Partition: GPT.

==================== End of Addition.txt ============================

[emeraldnzl]

Let's try that fix again.

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files

•  fixlist.txt   1.28KB   599 downloads

[Imrelativelynewtothis]

Done. Fixlist log;

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by natco_000 (2015-12-12 21:26:31) Run:2
Running from C:\Users\natco_000\Desktop
Loaded Profiles: natco_000 (Available Profiles: natco_000 & QBDataServiceUser25)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\MountPoints2: {9696226d-fe74-11e4-8261-34689524aa14} - "F:\SISetup.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {22D637C7-3EFF-4141-B68F-7D47364D3C8C} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {2894BB1C-E3BB-4FF6-88EC-0FECE9F27918} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
C:\Program Files (x86)\user extensions\updater.exe
Task: {2DACC1F5-DF22-4403-A4AB-6A27194E9196} - \GameZooks Ver -> No File <==== ATTENTION
Task: {50CDFF27-0488-4D57-A245-8D4D4DC1FC12} - \Cassiopesa rori -> No File <==== ATTENTION
Task: {A0979124-53A7-4920-A741-D69D7D8CB1EF} - \Component System\Component -> No File <==== ATTENTION
Task: {E01C6E24-1D99-484B-866E-A42536A855B5} - \GeniusBox -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: ipconfig /flushdns
EmptyTemp:
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9696226d-fe74-11e4-8261-34689524aa14}" => key removed successfully
HKCR\CLSID\{9696226d-fe74-11e4-8261-34689524aa14} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22D637C7-3EFF-4141-B68F-7D47364D3C8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22D637C7-3EFF-4141-B68F-7D47364D3C8C}" => key removed successfully
C:\Windows\System32\Tasks\Validate Installation => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2894BB1C-E3BB-4FF6-88EC-0FECE9F27918}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2894BB1C-E3BB-4FF6-88EC-0FECE9F27918}" => key removed successfully
C:\Windows\System32\Tasks\Check Updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => key removed successfully
"C:\Program Files (x86)\user extensions\updater.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DACC1F5-DF22-4403-A4AB-6A27194E9196}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DACC1F5-DF22-4403-A4AB-6A27194E9196}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GameZooks Ver => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50CDFF27-0488-4D57-A245-8D4D4DC1FC12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50CDFF27-0488-4D57-A245-8D4D4DC1FC12}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cassiopesa rori => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0979124-53A7-4920-A741-D69D7D8CB1EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0979124-53A7-4920-A741-D69D7D8CB1EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Component System\Component" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E01C6E24-1D99-484B-866E-A42536A855B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E01C6E24-1D99-484B-866E-A42536A855B5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox => key not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 602.8 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:26:44 ====

[emeraldnzl]

Please try the JRT again.

 

If it still doesn't work, try the AdwCleaner one.

 

Tell me how you get on.

[Imrelativelynewtothis]

JRT didn't work again.

 

Theres four Adwcleaner logs(s2,s0,r0,c2). This is the latest one, c2;

 

# AdwCleaner v5.024 - Logfile created 12/12/2015 at 21:37:55
# Updated 07/12/2015 by Xplode
# Database : 2015-12-12.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : natco_000 - STUART
# Running from : C:\Users\natco_000\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverRestore

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\natco_000\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.cassiopesa.com_0.localstorage
[-] File Deleted : C:\Users\natco_000\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage
[-] File Deleted : C:\Users\natco_000\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage-journal
[-] File Deleted : C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
[-] File Deleted : C:\Users\natco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\d14e56cb-9cf2-9968-a1e5-915d2015e71b
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

***** [ Web browsers ] *****

[-] [C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : packmage.en.softonic.com
[-] [C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : cassiopesa.com
[-] [C:\Users\natco_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.safesear.ch
[-] [C:\Users\natco_000\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : dregol
[-] [C:\Users\natco_000\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.dregol.com/?f=1&a=drg_dnldwz_15_23&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0Czz0B0DyEyB0F0FtB0CyCtN0D0Tzu0StCtByDtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyB0F0E0FzzyBtDtGyEyCzzyCtGyEtD0D0BtGtCyCyByBtGyDtAyE0ByBtC0AyB0DtDyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtDzyyB0F0FzytGyByByCzztGyE0E0EtBtG0BtA0DzytG0E0DtAyEzyzytA0DtD0C0ByD2QtN0A0LzutB&cr=1671255670&ir=&uref=chmm

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2822 bytes] ##########