It's been reported to me that a little black box will momentarily appear. When I went and looked, I saw it for myself. It appears near the middle of the screen. The best I can guess is that the system is attempting to display some sort of a message but it never fully renders. Have at it.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Marie (administrator) on WOLF-K7P (10-07-2017 19:27:48)
Running from C:\Users\Marie\Downloads
Loaded Profiles: Marie (Available Profiles: Marie & Wolfie & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\ns.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\Run: [Google Update] => C:\Users\Marie\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\Run: [CuteReminder] => C:\Program Files (x86)\CuteReminder\CuteReminder.exe [1029120 2008-03-19] (CuteReminder Labs.)
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\MountPoints2: {a0351c56-a80d-11e6-8da1-002170180e72} - "G:\setup.exe"
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-01-24]
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{137279bc-0e98-4af4-bbf2-02548c59101c}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.8.0.50
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.8.0.50
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.8.0.50
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.8.0.50
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.8.0.50
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-26] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: ojlyr9by.Default User
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\s43aq02z.default [2015-11-26]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\s43aq02z.default -> Yahoo
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\s43aq02z.default -> hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\s43aq02z.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\s43aq02z.default -> hxxp://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\s43aq02z.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\s43aq02z.default -> hxxp://search.yahoo.com/search?fr=ffds1&p=
FF Extension: (No Name) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\s43aq02z.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2014-09-08] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\s43aq02z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-09-08] [not signed]
FF Extension: (Yahoo! Toolbar) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\s43aq02z.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-09-08] [not signed]
FF Extension: (F5 Networks Host Plugin) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\s43aq02z.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-09-08] [not signed]
FF Extension: (No Name) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\s43aq02z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\
[email protected] [not found]
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\FireFox4 [2014-09-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\FireFox4 -> Yahoo
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\FireFox4 -> hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\FireFox4 -> Google
FF Homepage: Mozilla\Firefox\Profiles\FireFox4 -> hxxp://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\FireFox4 -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\FireFox4 -> hxxp://search.yahoo.com/search?fr=ffds1&p=
FF Extension: (No Name) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\FireFox4\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2014-09-08] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\FireFox4\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-09-08] [not signed]
FF Extension: (Yahoo! Toolbar) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\FireFox4\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-09-08] [not signed]
FF Extension: (F5 Networks Host Plugin) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\FireFox4\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-09-08] [not signed]
FF Extension: (No Name) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\FireFox4\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [not found]
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\ojlyr9by.Default User [2017-04-21]
FF NewTab: Mozilla\Firefox\Profiles\ojlyr9by.Default User -> about:blank
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ojlyr9by.Default User -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ojlyr9by.Default User -> Google
FF Homepage: Mozilla\Firefox\Profiles\ojlyr9by.Default User -> hxxp://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\ojlyr9by.Default User -> is enabled.
FF Extension: (Classic Theme Restorer) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\ojlyr9by.Default User\Extensions\
[email protected] [2016-08-22]
FF Extension: (Firefox Hotfix) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\ojlyr9by.Default User\Extensions\
[email protected] [2016-11-24]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\ojlyr9by.Default User\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-03-08] [not signed]
FF Extension: (F5 Networks Host Plugin) - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\ojlyr9by.Default User\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-09-08] [not signed]
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\953j98km.default [2015-12-02]
FF Extension: (No Name) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [not found]
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\9n62sw49.2012-06-24 [2014-09-08]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon [2017-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-02-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.1.32\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-15] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-12-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2427802236-2447665946-4030289669-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Marie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-2427802236-2447665946-4030289669-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2427802236-2447665946-4030289669-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> Active:"chrome-extension://gjpbalajmdlbjidjbblblajcachhknki/stubby.html", Active:"chrome-extension://hjmckdadaekkeeooinpdbhhdlnjcldpl/tab.html", Active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (F5 Networks Plugin Host) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjhelpopbdbnlfmjkbkfkbfmbneaeob [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (TelevisionFanatic) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpnbhljjjpbbgljiciodkmnlaabofdlm [2015-11-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-06]
CHR Extension: (Google Search) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
CHR Extension: (PackageTracking) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjpbalajmdlbjidjbblblajcachhknki [2017-06-12]
CHR Extension: (TrackthePackages) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmckdadaekkeeooinpdbhhdlnjcldpl [2017-06-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-09-16]
CHR Extension: (FromDocToPDF) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-05-20]
CHR Extension: (Recipes Homepage) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\miihafdnejhhpcdiiplmechhgkbljnpj [2015-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-07-10]
CHR Extension: (Gmail) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR Extension: (SnapMyScreen) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj [2017-06-13]
CHR Profile: C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-09-28]
CHR Profile: C:\Users\Marie\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-04] (Microsoft Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\NS.exe [326160 2017-05-26] (Symantec Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\BASHDefs\20170705.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609040.008\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\IPSDefs\20170703.001\IDSvia64.sys [1053824 2017-05-20] (Symantec Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\1609040.008\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609040.008\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609040.008\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1609040.008\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-22] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609040.008\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\1609040.008\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-10 19:27 - 2017-07-10 19:28 - 00029935 _____ C:\Users\Marie\Downloads\FRST.txt
2017-07-10 19:25 - 2017-07-10 19:27 - 00000000 ____D C:\FRST
2017-07-10 19:24 - 2017-07-10 19:24 - 02437120 _____ (Farbar) C:\Users\Marie\Downloads\frst64.exe
2017-07-10 16:47 - 2017-07-10 16:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-07-10 13:07 - 2017-07-10 13:07 - 01049752 _____ C:\Users\Marie\Downloads\SFB2122_inst_man_0361156B_EN.pdf
2017-07-09 00:50 - 2017-07-09 00:50 - 00000000 ____D C:\Users\Marie\AppData\Local\GoToMeeting
2017-07-01 21:44 - 2017-07-01 21:44 - 00001360 _____ C:\Users\Marie\Documents\concrete garden globes.txt
2017-06-28 10:41 - 2017-06-28 10:41 - 03335466 _____ C:\Users\Marie\Downloads\flyer (23).pdf
2017-06-26 11:39 - 2017-06-26 11:39 - 03052178 _____ C:\Users\Marie\Downloads\flyer (22).pdf
2017-06-21 11:19 - 2017-06-21 11:19 - 03052178 _____ C:\Users\Marie\Downloads\flyer (21).pdf
2017-06-20 10:45 - 2017-06-20 10:45 - 00000522 _____ C:\Users\Marie\Documents\coffee grinder assembly.txt
2017-06-19 14:07 - 2017-06-19 14:07 - 00000507 _____ C:\Users\Marie\Documents\SOUTHERNCABBAGE SOUP.txt
2017-06-19 07:45 - 2017-06-19 07:45 - 00000747 _____ C:\Users\Marie\Documents\mashed potato pancakes.txt
2017-06-18 13:50 - 2017-06-18 13:50 - 00000285 _____ C:\Users\Marie\Documents\wood repair the natural way.txt
2017-06-14 06:28 - 2017-06-14 06:28 - 02713126 _____ C:\Users\Marie\Downloads\flyer (20).pdf
2017-06-13 21:00 - 2017-06-13 21:00 - 00107322 _____ C:\Users\Marie\Downloads\document-0 (22).pdf
2017-06-13 17:41 - 2017-06-13 17:41 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-13 14:23 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 14:23 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-13 14:23 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 14:23 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-13 14:23 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-13 14:23 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-13 14:23 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 14:23 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 14:23 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 14:23 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 14:23 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 14:23 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 14:23 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-13 14:23 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 14:23 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 14:23 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-13 14:23 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-13 14:23 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 14:23 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-13 14:23 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-13 14:23 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-13 14:23 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-13 14:23 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-13 14:23 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-13 14:23 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 14:23 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 14:23 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 14:23 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-13 14:23 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 14:23 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 14:23 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-13 14:23 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 14:23 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-13 14:23 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-13 14:23 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 14:23 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 14:23 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 14:23 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 14:23 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 14:23 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-13 14:23 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-13 14:23 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-13 14:23 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-13 14:22 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-13 14:22 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 14:22 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-13 14:22 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 14:22 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 14:15 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 14:15 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 14:15 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 14:15 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 14:14 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 14:14 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 14:14 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 14:14 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-13 14:14 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 14:14 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 14:14 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 14:14 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 14:14 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 14:14 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 14:14 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 14:14 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-13 14:14 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 14:14 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-13 14:14 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 14:14 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 14:14 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-13 14:14 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 14:14 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 14:14 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 14:14 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 14:14 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-13 14:14 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 14:13 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-13 14:13 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 14:13 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-13 14:13 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-13 14:13 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-13 14:13 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-13 14:13 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-13 14:13 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-13 14:13 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 14:13 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-13 14:13 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-13 14:13 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 14:13 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-13 14:13 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-13 14:13 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 14:13 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 14:13 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 14:13 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-13 14:13 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-13 14:12 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-13 14:12 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-13 14:12 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 14:12 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-13 14:12 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-13 14:12 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-13 14:12 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-13 14:12 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-13 14:12 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 14:12 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 14:12 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-13 14:12 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-13 14:12 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-13 14:12 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 14:12 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 14:12 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 14:12 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 14:12 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 14:12 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 14:12 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-13 14:12 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 14:12 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-13 14:12 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 14:12 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 14:12 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 14:12 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 14:12 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 14:12 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-13 14:12 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-13 14:12 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 14:12 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 14:12 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-13 14:12 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 14:12 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-13 14:11 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 14:11 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-13 14:11 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-13 14:11 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-13 14:11 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-13 14:11 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 14:11 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 14:11 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-13 14:11 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 14:11 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 14:11 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 14:11 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 14:11 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 14:11 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-10 17:21 - 2016-09-28 04:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-10 13:55 - 2017-05-27 07:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-07-09 13:19 - 2016-12-31 14:53 - 00001291 _____ C:\Users\Marie\Documents\bills.txt
2017-07-09 13:03 - 2017-01-27 13:01 - 00002113 _____ C:\Users\Marie\Documents\budget.txt
2017-07-09 07:14 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-09 00:50 - 2016-10-05 05:24 - 00003804 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2427802236-2447665946-4030289669-1001
2017-07-09 00:50 - 2016-10-05 05:24 - 00003708 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2427802236-2447665946-4030289669-1001
2017-07-09 00:50 - 2016-07-20 14:40 - 00000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2427802236-2447665946-4030289669-1001.job
2017-07-09 00:50 - 2016-07-20 14:40 - 00000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2427802236-2447665946-4030289669-1001.job
2017-07-08 13:18 - 2017-03-11 14:26 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMarie
2017-07-08 13:18 - 2017-03-11 14:26 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMarie.job
2017-07-08 00:37 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-07 11:35 - 2017-05-11 20:08 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-07 11:35 - 2017-05-11 20:08 - 00000000 ____D C:\Program Files\UNP
2017-07-06 10:57 - 2016-09-28 04:44 - 02095934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-06 10:52 - 2016-09-28 04:44 - 00000000 ____D C:\Users\Marie
2017-07-06 10:52 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-06 10:51 - 2016-11-11 12:33 - 00000000 ____D C:\Users\Marie\AppData\Local\ElevatedDiagnostics
2017-07-06 10:51 - 2016-09-28 06:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-06 10:51 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-30 07:15 - 2016-07-16 02:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-06-27 13:59 - 2014-09-08 05:25 - 00002503 _____ C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 13:59 - 2014-09-08 05:25 - 00002495 _____ C:\Users\Marie\Desktop\Google Chrome.lnk
2017-06-25 13:44 - 2015-12-13 12:40 - 00000000 ____D C:\Users\Marie\AppData\Local\Packages
2017-06-22 02:21 - 2017-01-27 22:28 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 02:21 - 2015-12-13 12:43 - 00002413 _____ C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 02:21 - 2015-12-13 12:43 - 00000000 ___RD C:\Users\Marie\OneDrive
2017-06-16 22:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 22:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-14 21:18 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-14 07:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-13 18:10 - 2015-09-10 01:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 18:09 - 2016-09-28 04:42 - 00369728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-13 18:09 - 2012-07-27 12:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-13 18:09 - 2012-07-27 12:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-13 17:41 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-13 17:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-13 17:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-13 14:55 - 2014-09-08 09:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 14:49 - 2012-07-27 11:02 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 14:48 - 2012-07-27 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 14:46 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-12 07:11 - 2016-12-15 07:26 - 00000206 _____ C:\Users\Marie\Documents\Edwardsick.txt
2017-06-12 06:33 - 2016-10-08 12:50 - 00000646 _____ C:\Users\Marie\Documents\THOMAS PAINTER MED SCHEDULE.txt
==================== Files in the root of some directories =======
2014-09-08 12:26 - 2014-09-08 12:26 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-02 08:01
==================== End of FRST.txt ============================
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Marie (10-07-2017 19:28:49)
Running from C:\Users\Marie\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-28 10:32:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2427802236-2447665946-4030289669-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2427802236-2447665946-4030289669-503 - Limited - Disabled)
Guest (S-1-5-21-2427802236-2447665946-4030289669-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2427802236-2447665946-4030289669-1005 - Limited - Enabled)
Marie (S-1-5-21-2427802236-2447665946-4030289669-1001 - Administrator - Enabled) => C:\Users\Marie
Wolfie (S-1-5-21-2427802236-2447665946-4030289669-1003 - Administrator - Enabled) => C:\Users\Wolfie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Amazing Adventures Around the World (HKLM-x32\...\Steam App 3530) (Version: - SpinTop Games)
Amazing Adventures: The Lost Tomb (HKLM-x32\...\Steam App 3510) (Version: - SpinTop Games)
AstroPop Deluxe (HKLM-x32\...\Steam App 3340) (Version: - PopCap Games, Inc.)
Barnyard Mahjong 3 (HKLM-x32\...\Steam App 498030) (Version: - EnsenaSoft)
Bejeweled 2 Deluxe (HKLM-x32\...\Steam App 3300) (Version: - PopCap Games, Inc.)
Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.)
Bejeweled Deluxe (HKLM-x32\...\Steam App 3350) (Version: - PopCap Games, Inc.)
Bejeweled Twist (HKLM-x32\...\Steam App 3560) (Version: - PopCap Games, Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Big Money! Deluxe (HKLM-x32\...\Steam App 3360) (Version: - PopCap Games, Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bookworm Adventures Deluxe (HKLM-x32\...\Steam App 3470) (Version: - PopCap Games, Inc.)
BookWorm Adventures Volume 2 (HKLM-x32\...\Steam App 3630) (Version: - PopCap Games, Inc.)
BookWorm Deluxe (HKLM-x32\...\Steam App 3370) (Version: - PopCap Games, Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Chuzzle Deluxe (HKLM-x32\...\Steam App 3310) (Version: - PopCap Games, Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Cubis Gold 2 (HKLM-x32\...\BFG-Cubis Gold 2) (Version: - )
Cute Reminder Standard Edition 2.6 (HKLM-x32\...\Cute Reminder Standard Edition_is1) (Version: 2.6.317 - CuteReminder Labs)
Dynomite! Deluxe (HKLM-x32\...\Steam App 3380) (Version: - PopCap Games, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape Rosecliff Island (HKLM-x32\...\Steam App 3600) (Version: - SpinTop Games)
Feeding Frenzy 2: Shipwreck Showdown Deluxe (HKLM-x32\...\Steam App 3390) (Version: - PopCap Games, Inc.)
Google Chrome (HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.8.0.7297 (HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\GoToMeeting) (Version: 8.8.0.7297 - LogMeIn, Inc.)
Hammer Heads Deluxe (HKLM-x32\...\Steam App 3400) (Version: - PopCap Games, Inc.)
Heavy Weapon Deluxe (HKLM-x32\...\Steam App 3410) (Version: - PopCap Games, Inc.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.7.22.13 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Iggle Pop! Deluxe (HKLM-x32\...\Steam App 3420) (Version: - PopCap Games, Inc.)
Insaniquarium! Deluxe (HKLM-x32\...\Steam App 3320) (Version: - PopCap Games, Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Mahjong Deluxe 2: Astral Planes (HKLM-x32\...\Steam App 500570) (Version: - EnsenaSoft)
Mahjong Deluxe 3 (HKLM-x32\...\Steam App 462220) (Version: - EnsenaSoft)
Mahjong Destiny (HKLM-x32\...\Steam App 491580) (Version: - EnsenaSoft)
Mahjong Platinum 5 Deluxe (HKLM-x32\...\Mahjong Platinum 5 Deluxe) (Version: 1.0 - Viva Media, LLC)
Mahjongg Platinum 3 (HKLM-x32\...\Mahjongg Platinum 3) (Version: 3.02.07.07.26 - Selectsoft Publishing)
Mahsung Deluxe (HKLM-x32\...\Steam App 542690) (Version: - EnsenaSoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4867.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Mystery P.I.: Lost in Los Angeles (HKLM-x32\...\Steam App 3610) (Version: - SpinTop Games)
Mystery P.I.: The Lottery Ticket (HKLM-x32\...\Steam App 3500) (Version: - SpinTop Games)
Mystery P.I.: The New York Fortune (HKLM-x32\...\Steam App 3570) (Version: - SpinTop Games)
Mystery PI: The Vegas Heist (HKLM-x32\...\Steam App 3520) (Version: - SpinTop Games)
Norton Security (HKLM-x32\...\NS) (Version: 22.9.4.8 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version: - PopCap Games, Inc.)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap Games, Inc.)
Pizza Frenzy (HKLM-x32\...\Steam App 3430) (Version: - PopCap Games, Inc.)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap Games, Inc.)
Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.3.5 - Plex inc)
PS4 Remote Play (HKLM-x32\...\{1F1AAC07-945B-451F-9CE6-1C7E7BB9CBF2}) (Version: 1.0.0.15181 - Sony Interactive Entertainment Inc.)
Rocket Mania! Deluxe (HKLM-x32\...\Steam App 3440) (Version: - PopCap Games, Inc.) <==== ATTENTION
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Talismania Deluxe (HKLM-x32\...\Steam App 3460) (Version: - PopCap Games, Inc.)
The Wizard's Pen (HKLM-x32\...\Steam App 3580) (Version: - PopCap Games, Inc.)
Typer Shark! Deluxe (HKLM-x32\...\Steam App 3450) (Version: - PopCap Games, Inc.)
Venice (HKLM-x32\...\Steam App 3490) (Version: - Retro64, Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Wizard101 (HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zuma Deluxe (HKLM-x32\...\Steam App 3330) (Version: - PopCap Games, Inc.)
Zuma's Revenge (HKLM-x32\...\Steam App 3620) (Version: - PopCap Games, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\ChromeHTML: -> C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Marie\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2427802236-2447665946-4030289669-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marie\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers01: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers01: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
ContextMenuHandlers02: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers06: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers06: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0139817E-2129-4236-9767-A5FF602A4F86} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {076D62B6-1E14-4985-8379-690C7968D5B7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {07BFF30B-CF6F-4AAB-B54D-FC869370376B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0DC1A74E-306A-49C1-A678-580AC24991A7} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {0E712199-32AD-4064-9D86-AA671BEF1403} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-30] (Google Inc.)
Task: {0E868E4C-5C09-415C-A155-38784D5CBB9A} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {122A969D-E464-4DF1-8012-0F964B25E6C6} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {129594FB-8555-492F-BD92-37203EAE186A} - \USER_ESRV_SVC_WILLAMETTE -> No File <==== ATTENTION
Task: {1E43DC1F-C70B-49A8-89B2-614E6E97139D} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {1F0910D7-DD93-43BB-989C-19F05EC9A1FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1F2AADA0-B773-45C1-9788-C8B8A5EFA24D} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {21ED0DF8-B69C-4766-B54B-ED170AA67C4E} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {22435D73-6D01-4DC7-943E-A69800A4F471} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {25562DC9-4F01-44E5-852E-8E457BBDC865} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {26E62FB4-70DA-4BAD-BBD7-686FF0316EE4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2427802236-2447665946-4030289669-1001Core => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2780A913-982C-4814-A1DE-C5E619CC9838} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {27DCA93B-AEDC-4D90-84FB-5EF7EBAD80AD} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {28F4CC72-72AC-4AF4-8093-1D6A908DC553} - System32\Tasks\G2MUpdateTask-S-1-5-21-2427802236-2447665946-4030289669-1001 => C:\Users\Marie\AppData\Local\GoToMeeting\7297\g2mupdate.exe [2017-07-09] (LogMeIn, Inc.)
Task: {2C4A574E-DA51-49B9-9E3A-DF4F2C087122} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {3A56E413-905D-4286-874B-871DBC9FA7A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {3C535FA3-F3C8-4192-A9B9-0C96F7BC35F3} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {3D5CF110-1CB8-4B7F-83F7-C3404AFB8EDA} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {3E4D083B-2AFE-4352-B9E5-6B31EC0F0592} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {406C39D4-BA2D-42B1-832E-7AB9A006C855} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {44344609-2B07-44A7-BFEF-E9BF703D5F4E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4E39BF1F-2B0E-47CE-9AC5-7629DD54C78E} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {4F49D289-2E83-4528-94E5-20E32F8DB937} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-30] (Google Inc.)
Task: {53686333-43FE-4E57-8CA2-F3F813A2D703} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5482819A-7043-4E6F-ACBC-8D42034EFFE2} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {5AF8959E-E603-4467-828B-714C00BC99C0} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5CF9FE4C-751A-436C-AA89-B6B2566BDDCF} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {6488351D-78C4-4CB0-AD4B-6A177E131B5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64E868E8-7267-4397-BF65-E5E349E7981F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6CBBB68D-D445-49BE-9DA7-AEA01E844154} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {6F003481-05BD-4A88-92CD-C13CB03669E5} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {6F620564-D0E8-46ED-BAEB-DD3062C9BA9F} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {6FCC089C-8C94-40D7-B7F3-F493EC9FD575} - System32\Tasks\HPCeeScheduleForMarie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {7BD0F194-9BA0-4699-8686-C9F6D5F80BF1} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {83A3264E-BC6A-4E02-B846-61CB9D7D52ED} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {896147B2-E643-407C-8B7A-E92D2BA1415A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2427802236-2447665946-4030289669-1001UA => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {898F5BB1-CCF3-4CE7-BD02-C16038699118} - \HPCustParticipation HP Officejet Pro 8600 -> No File <==== ATTENTION
Task: {8A932E7C-08E4-4C15-AFA5-1106EB7DDC62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {9B2453F0-AC58-48E6-B22D-CE11AE036A31} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {A0352EC6-5654-4712-AF90-0DA373C7D96D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A26CF3EA-903F-4E28-AE24-BA34B92B7AC6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {A2D856CB-39DD-4598-ADA7-FF17DA9757A3} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {A5C4D867-7E84-47EA-AB43-C88EDF9E4C4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {A92BDE37-E23E-472A-9E0E-401D7725E92D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AAD72F07-48CF-4FBF-8F40-0F0BF68056D8} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {AAF3522D-11DB-4702-A2CA-5FDF5FC6557C} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B1AAD89D-A96B-4389-A134-A00B2F2508A9} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {BA48E4F2-781E-4DED-A59E-FDB68304305E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {BAF9FB83-BB19-4DB8-B7A0-21323ACB18A0} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {BDA538FA-68DB-43F8-9A5E-7BB7622D916F} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {C17D82C0-2871-4294-AAD1-BC9CDF0DF28C} - \{BFB1C1E0-B65E-44F5-B380-40E5E01DE72D} -> No File <==== ATTENTION
Task: {C36BB414-1EA7-4D6D-9C5C-312DF3EA9BEE} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
Task: {CC136BC3-F63E-4563-9FA8-68F95C50B565} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {D09D2922-C054-47B9-8ECA-8C0B948C586F} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {D2EFA63C-F159-45F7-B5BC-9FB5AE7B9859} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D6E1B9ED-EAFB-4F9E-A238-7EFCEE2DD503} - \GoogleUpdateTaskUserS-1-5-21-2427802236-2447665946-4030289669-500UA -> No File <==== ATTENTION
Task: {D6F55000-E008-4A92-BE45-ED5641D90F18} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-05-26] (Symantec Corporation)
Task: {D6F74090-676F-48CA-8C7E-BC3830BBA195} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -> No File <==== ATTENTION
Task: {D718FB89-0E45-4DD1-B6D6-B9594C909310} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {D7B33869-F1A8-426D-9627-8624CBD8DCA7} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {D893E8D2-D852-490C-96FC-83EAC9DDE087} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {DA226612-96E0-4A88-A142-4D5E69541EAB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DAE679A6-1995-41CC-8EF9-C3A54577122C} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {DAF40E8A-55C2-42E0-952E-4A696338388E} - \GoogleUpdateTaskUserS-1-5-21-2427802236-2447665946-4030289669-500Core -> No File <==== ATTENTION
Task: {DB413993-A278-40C1-A35B-A8A28504A15E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {DC62D376-60E0-4B4D-871C-ADA3204BBDE1} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {E0B88179-7894-4408-8C41-1FC44AAD136A} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {E6798345-6901-4AA8-9DA5-071EEB0F0580} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.4.8\WSCStub.exe [2017-05-26] (Symantec Corporation)
Task: {E95D880C-4AC0-406A-96E0-D9D8A1FE6D36} - \Microsoft\Office\Office Subscription Maintenance -> No File <==== ATTENTION
Task: {F750D287-B53B-48D9-AD08-896F33104308} - \Wise Disk Cleaner Schedule Task -> No File <==== ATTENTION
Task: {F8D615B2-5E9B-46F0-B8C6-CCF55821DFC0} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {FE6B24EF-9FB2-47B0-B79F-D633DB9A37AB} - System32\Tasks\G2MUploadTask-S-1-5-21-2427802236-2447665946-4030289669-1001 => C:\Users\Marie\AppData\Local\GoToMeeting\7297\g2mupload.exe [2017-07-09] (LogMeIn, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2427802236-2447665946-4030289669-1001.job => C:\Users\Marie\AppData\Local\GoToMeeting\7297\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2427802236-2447665946-4030289669-1001.job => C:\Users\Marie\AppData\Local\GoToMeeting\7297\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-345625499-1670360406-2532865610-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-345625499-1670360406-2532865610-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMarie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-13 14:12 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-15 14:11 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-07-26 04:44 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-09-28 07:43 - 2016-09-28 07:43 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 10:05 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 10:05 - 2017-03-04 02:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-04-08 11:47 - 2017-04-08 11:47 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-03-15 10:05 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 10:05 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 10:05 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 14:12 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 14:12 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 14:12 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-21 08:24 - 2017-06-21 08:24 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 08:24 - 2017-06-21 08:24 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 08:24 - 2017-06-21 08:24 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 08:24 - 2017-06-21 08:24 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-06 17:31 - 2017-07-06 17:31 - 23624704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-07-06 17:31 - 2017-07-06 17:31 - 08850944 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-07-06 17:31 - 2017-07-06 17:31 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2017-06-27 13:59 - 2017-06-22 22:21 - 02117464 _____ () C:\Users\Marie\AppData\Local\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-27 13:59 - 2017-06-22 22:21 - 00112472 _____ () C:\Users\Marie\AppData\Local\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0DACB2B7 [212]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2015-12-03 12:14 - 00000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-2427802236-2447665946-4030289669-1001\...\StartupApproved\Run: => "CuteReminder"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2691DC11-21E5-4D94-8BE7-45218E2AEBC4}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [{1AB5E2A8-3348-4324-AE9B-CF4E68C090A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC949009-18D6-4C21-AEA6-D421D2625531}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{03DAF130-D4D9-4F2F-BD00-276F4C32D3D2}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [TCP Query User{00FA19C4-3622-43D0-8AEE-C6E62506BC53}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{FF5F2E11-E985-46AA-ACAC-2590661C5FA4}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{01BA3480-6602-4769-9AA3-EADB55DFA795}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [UDP Query User{07F87C67-5436-42C3-BB0B-3733649535D7}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [TCP Query User{57E5CD10-6746-46CD-A2F4-8EF811E9DCC9}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{55D5AD3C-C42B-4A8F-9D43-77A166DAEE68}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B5F51676-0020-4A0F-B08D-9402C61B3E2E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5254193C-D31F-4201-9003-0B476FF06EF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41632ECF-331A-4699-857C-168B2E01D5DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AEDD361-8B65-460E-A14F-B5461CC4093A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Adventures Around the World\AmazingAdventures2.exe
FirewallRules: [{EF89498A-9311-4FC1-BD70-B142CF2C870D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Adventures Around the World\AmazingAdventures2.exe
FirewallRules: [{D8EB336E-851E-4AF4-ACAA-785AEAB5EF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Adventures The Lost Tomb\AmazingAdventures.exe
FirewallRules: [{44E884B1-597B-4F70-BD9C-9786C4068DE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Adventures The Lost Tomb\AmazingAdventures.exe
FirewallRules: [{D94DBE13-D9A7-4552-8D15-325FF63FD80D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape Rosecliff Island\EscapeRosecliffIsland.exe
FirewallRules: [{2E892F64-BC74-49CF-B7A3-DDF5694A73BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape Rosecliff Island\EscapeRosecliffIsland.exe
FirewallRules: [{5B174A68-0CB4-4A83-9654-F55D7F7DAE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{DE311881-AAC1-48D3-850B-0E9F9CF037FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{C01A812F-8274-47AD-8CE7-E2226879C8C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammer Heads Deluxe\HammerHeads.exe
FirewallRules: [{52033208-25E9-431F-AC70-D8F19A23CDB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammer Heads Deluxe\HammerHeads.exe
FirewallRules: [{ABEB449F-6C29-40A7-8475-CC6C302ECA31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Feeding Frenzy 2 Deluxe\FeedingFrenzyTwo.exe
FirewallRules: [{61D7AE94-8C68-40D5-9A53-2B0B547A07AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Feeding Frenzy 2 Deluxe\FeedingFrenzyTwo.exe
FirewallRules: [{883B6A6D-2937-417C-A695-252896A2B991}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dynomite Deluxe\Dynomite.exe
FirewallRules: [{47A83BD5-C9E6-4774-9216-B59559109499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dynomite Deluxe\Dynomite.exe
FirewallRules: [{F59DCEE6-62FC-4B9E-9EC6-80DF16797673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AstroPop Deluxe\WinAP.exe
FirewallRules: [{90DD598F-9BEA-45B7-9743-A7C946E7B540}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AstroPop Deluxe\WinAP.exe
FirewallRules: [{AFD62C4D-0345-499D-842B-E6FBC2A0B8D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zuma Deluxe\Zuma.exe
FirewallRules: [{74607E88-DB87-4361-B642-C7F693A5278C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zuma Deluxe\Zuma.exe
FirewallRules: [{99130BEE-8C6D-42E3-A941-B16677BDBED7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled Deluxe\WinBej.exe
FirewallRules: [{3DF7BF3A-5B55-47A7-B58C-A757A0C08052}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled Deluxe\WinBej.exe
FirewallRules: [{0D9F41C6-B903-40E7-B6C0-6284D20674D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{7639E738-82C7-4488-9AE1-9F49F61D092F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{A6361D21-C81B-4E6A-A052-E15892CC31FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 2 Deluxe\WinBej2.exe
FirewallRules: [{E948BD89-CFD5-49C8-AA70-FC3D701AA9E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 2 Deluxe\WinBej2.exe
FirewallRules: [{837D7490-2694-4CBE-A329-9C0BF7682335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heavy Weapon Deluxe\Heavy Weapon Deluxe.exe
FirewallRules: [{7E15AE81-0412-43AE-B9A7-1E0E5B5B9730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heavy Weapon Deluxe\Heavy Weapon Deluxe.exe
FirewallRules: [{C07BB2E3-B6E1-43D3-8E65-22846BDF1AA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iggle Pop Deluxe\IgglePop.exe
FirewallRules: [{8EA63170-DE80-4707-B345-0DC510855540}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iggle Pop Deluxe\IgglePop.exe
FirewallRules: [{25F1B32F-9C58-4E2F-B5CD-057F3DC414A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Insaniquarium Deluxe\Insaniquarium.exe
FirewallRules: [{5A20E404-19F0-4973-B89D-DEF353A957F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Insaniquarium Deluxe\Insaniquarium.exe
FirewallRules: [{7F8A4025-2383-4900-A948-274CC8F5099A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI - Lost in Los Angeles\MysteryPILosAngeles.exe
FirewallRules: [{42738D3F-8195-4BB3-B2FB-C27F50389193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI - Lost in Los Angeles\MysteryPILosAngeles.exe
FirewallRules: [{3CAE3D4E-2601-43E5-A416-F8E3DBBBE300}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI\MysteryPI.exe
FirewallRules: [{E6A71E00-B4EE-4FD5-81D2-B272987CC1E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI\MysteryPI.exe
FirewallRules: [{F63E9D64-0C52-41DF-A665-AB8ED0C9645B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled Twist\BejeweledTwist.exe
FirewallRules: [{070A43A7-1031-4469-AC80-7254639BEB39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled Twist\BejeweledTwist.exe
FirewallRules: [{4B731AD8-AB8C-4599-86CD-7A752BDD76CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Money Deluxe\WinBM.exe
FirewallRules: [{34F1DEB7-748C-4A71-AFFC-10F7DC1A1CDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Money Deluxe\WinBM.exe
FirewallRules: [{680D7142-185D-4130-8156-DD840A5183FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{BE0F36BC-996C-46EF-9641-D496654F4935}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{FFE1BC1C-46DA-4DD5-92FA-24CAD1E8752A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Volume 2\BookwormAdventuresVol2.exe
FirewallRules: [{AD0DFDA6-3CD6-47CE-B175-A511346115B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Volume 2\BookwormAdventuresVol2.exe
FirewallRules: [{4737A6C6-6CA6-4327-A019-009B0D5363DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
FirewallRules: [{FDC428EF-45DA-4A3F-80FD-A1EB97D9FB2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
FirewallRules: [{01021BD1-2DEE-4828-A55C-EA184B08735F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chuzzle Deluxe\Chuzzle.exe
FirewallRules: [{6D05A62D-D4DE-4C33-A004-3BF453F41BD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chuzzle Deluxe\Chuzzle.exe
FirewallRules: [{15B69B8B-AF43-4E9E-9818-B44EA62E27F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI - The New York Fortune\MysteryPINewYork.exe
FirewallRules: [{96F75559-F520-4ECE-989C-CF0E4F570547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI - The New York Fortune\MysteryPINewYork.exe
FirewallRules: [{E5E9A52A-FBDD-49F1-BD6C-48793D4FAF77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI The Vegas Heist\MysteryPIVegas.exe
FirewallRules: [{8274706A-D3CC-47C6-9FFD-16ECB7E588C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mystery PI The Vegas Heist\MysteryPIVegas.exe
FirewallRules: [{334E13AB-1B00-451F-A72A-8FC05CD7BFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{6DCAFEEB-897D-4E72-ABBE-349740A6B47D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{B5026A21-AD1B-42A5-A7E1-9FF9F7FB3FD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{E4916BAF-5575-4C20-90F6-C11CE363E99A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Peggle Nights\PeggleNights.exe
FirewallRules: [{217F1000-C0A7-4C2E-B248-8FB5E0766CCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Frenzy\PizzaFrenzy.exe
FirewallRules: [{2E36FDB1-1530-4259-9C81-830F2C2C8E49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pizza Frenzy\PizzaFrenzy.exe
FirewallRules: [{EC3F962F-FF62-45A6-BCEC-583050CE1D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{97FACC8D-84C1-42E3-8244-3B997C28ED75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{F77DD906-051D-4564-A415-8B8B98850166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocket Mania Deluxe\RocketMania.exe
FirewallRules: [{AAC89BF3-A80A-4CCA-8BCE-BCFFDF2B6F2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocket Mania Deluxe\RocketMania.exe
FirewallRules: [{B75480A7-B518-49B6-9A5F-3FC9BE979048}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talismania Deluxe\Talismania.exe
FirewallRules: [{3C04C83E-C501-452A-9882-E8BC7D2C28E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talismania Deluxe\Talismania.exe
FirewallRules: [{9B5E06C6-BBAE-41B9-BA54-5DBA0F94E8F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typer Shark Deluxe\WinTS.exe
FirewallRules: [{3FA8E3F6-AF81-4E50-803F-335191CCCD65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typer Shark Deluxe\WinTS.exe
FirewallRules: [{9BC9587C-8A4F-438B-A88B-CD04A9EC6FF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Venice\Venice.exe
FirewallRules: [{01D8924F-B4F6-4E39-A6B6-601755F6EC48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Venice\Venice.exe
FirewallRules: [{AEB97274-0081-4D6F-99BA-741AC069F5A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wizards Pen\WizardsPen.exe
FirewallRules: [{4B7B6E31-43F2-431E-A16E-3A1B1AF4F17A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wizards Pen\WizardsPen.exe
FirewallRules: [{DC3732AC-5561-430D-9733-97E3865685FD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DDEFDDA1-005A-4A29-92E2-6FC870C73180}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99AC5D7E-EB4D-4F1A-B2DB-EE70AAB136AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9FB02ED-B124-4B2B-8001-2EE2BC15130D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F71BBDC-7DFB-4463-811B-DC6B645574E2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{121BA2F5-1BEB-4027-B612-598BCC9D3137}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4C5048A8-26CD-40D1-861C-E20C7C6AE05B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{C8B0B950-0F4F-4DDF-ABCA-E6DE43484997}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{BB28FC14-A741-4095-9AA3-66F3AFA27305}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{0C49EA26-C590-4C66-A517-C6778031312F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{0DCD35A1-76CC-4E8D-9CE5-30F644FC9508}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B4360984-B4F6-491B-B60F-13A2BDC3CE4B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4B396A6E-3AFF-4823-AAAC-6BD9324E1A46}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B683AB62-AE6F-413D-9511-80F21B24B6BE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A91DDDF2-CF42-4E84-9D86-03F056DEFD21}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{852F894E-EB62-4E63-AFC6-D967B529C5A9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{10362B5B-FB63-4BFA-84A2-4BCB71933C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahsung Deluxe\MahsungDeluxe.exe
FirewallRules: [{5A887B3B-8EE7-4B78-BF05-85D0C4C3CC67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahsung Deluxe\MahsungDeluxe.exe
FirewallRules: [{EF54C3D3-1B26-4ECE-ACEE-9AB787518CDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahjong Destiny\MahjongDestiny.exe
FirewallRules: [{C1797C37-FEDC-46B1-B0CA-F90F6EF54F95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahjong Destiny\MahjongDestiny.exe
FirewallRules: [{D67FD467-EE99-41AE-8BC8-53930ABD91F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahjong Deluxe 3\MahjongDeluxe3.exe
FirewallRules: [{59AC6FF2-35CE-4306-93D2-ED8721D7E1CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahjong Deluxe 3\MahjongDeluxe3.exe
FirewallRules: [{DBC99307-3FB9-4A3D-AB17-F2EE3EC6601C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahjong Deluxe 2 Astral Planes\MahjongDeluxe2.exe
FirewallRules: [{DDF88157-1D83-48F4-A955-0AF66AD1967D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mahjong Deluxe 2 Astral Planes\MahjongDeluxe2.exe
FirewallRules: [{E0553170-95C2-442A-A704-8B390E1A538D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barnyard Mahjong 3\BarnyardMahjong3.exe
FirewallRules: [{F2167064-686E-4B90-B083-3C33B344B1AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barnyard Mahjong 3\BarnyardMahjong3.exe
FirewallRules: [{93A57FF2-77CF-4608-BD5A-7C205CD73D87}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B221D91D-F539-46AA-849F-34FEDF65C0BB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/09/2017 10:09:16 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/09/2017 06:52:32 PM) (Source: MsiInstaller) (EventID: 1002) (User: WOLF-K7P)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
Error: (07/08/2017 10:09:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/08/2017 12:29:40 PM) (Source: MsiInstaller) (EventID: 1002) (User: WOLF-K7P)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
Error: (07/07/2017 10:09:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/07/2017 08:49:55 AM) (Source: MsiInstaller) (EventID: 1002) (User: WOLF-K7P)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
Error: (07/07/2017 08:49:43 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (07/06/2017 10:09:16 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/06/2017 09:52:30 AM) (Source: MsiInstaller) (EventID: 1002) (User: WOLF-K7P)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
Error: (07/06/2017 08:36:09 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (07/07/2017 11:35:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/07/2017 11:35:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/07/2017 11:35:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/07/2017 11:35:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/07/2017 11:35:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (07/06/2017 10:52:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/06/2017 10:51:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/06/2017 09:49:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/06/2017 09:48:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FDResPub service terminated with the following error:
One or more arguments are invalid
Error: (07/06/2017 09:48:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3043.61 MB
Available physical RAM: 962.95 MB
Total Virtual: 11235.61 MB
Available Virtual: 8306.94 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:111.12 GB) (Free:30.99 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (System) (Fixed) (Total:0.23 GB) (Free:0.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:115.69 GB) (Free:85.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 1C94CE09)
Partition 1: (Not Active) - (Size=239 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=111.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (Size: 115.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================