Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SAPE.Heur.862E0 - One System Care


  • This topic is locked This topic is locked
34 replies to this topic

#1 Taffy_078

Taffy_078

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 04 December 2015 - 06:35 PM

When I bought my HP printer, it came bundled with a small version of PaperPort, which I found useful at times. I had to uninstall and reinstall the printer - some issue with wireless - and lost PaperPort. HP no longer have it on disk & suggested I contact Nuance, whose product it is.

I searched online and found a free download there of PaperPort 11 - the latest is v14 but v11 should be OK for me. The site was marked safe by Norton and so I ran install Wizard. I got the window below so clearly Norton has blocked something bad. I didn't actually install PaperPort.

 

Attached File  snip - 2015-12 4th PaperPort SAPE.Heur.862.E0.PNG   1.04MB   0 downloads

 

Next, I found a hidden window asking me if I wanted to resolve the problem by running Norton Power Eraser. A 'huge amount of outgoing traffic' that was suspicious had been detained. But I couldn't access it Power Eraser as I was in my standard profile, not my administrator - I'd tried to instal PaperPort  as an Administrator.

The third step was another hidden window - this one:

 

Attached File  snip - 2015-12 4th PaperPort2 SAPE.Heur.862.E0.PNG   102.87KB   0 downloads

I then ran NIS - it found 29 Tracking Cookies, which is more than I would have expected. However, NIS didn't pick up a new program that I've since found has been installed - One System Care. A quick search suggests that this is a PUP, at the very least, so I'd be grateful for your advice on what I should do next.

To summarise, I don't think I have SAPE.Heur.862E0 but I do have One System Care.

 

PS sorry but I'm having problems with Dropbox so I've had to attach the screen shots as files.



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 05 December 2015 - 02:26 AM

Hello Taffy_078 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 04:06 AM

Many thanks Satchfan. I've fallen at the first hurdle I regret to say. I installed AdwCleaner, ran it, ran Clean and OK'd the reboot. But when it rebooted there was no sign of the log.

 

For what it's worth, I have three User profiles: Everyday (ex Flash) & everyday (incl. Flash for some utilities that require it) and both of these are Standard. I also have an Administrator profile. I installed AdwCleaner in my Everyday (ex Flash) profile but ran it as Administrator. When I rebooted, it was in my Everyday (ex Flash) profile. 

 

A flash of inspiration - I hope. I just remembered that I came to Bleeping Computer for help a year ago and there was a folder already there. In it are (I hope) the  three missing logs C4, S4 and Quarantine.

 

Before I move to the next step (Junkware Removal) I'd appreciate it if you would confirm that you need all three logs. Thank you.


Edited by Taffy_078, 05 December 2015 - 04:07 AM.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 05 December 2015 - 08:18 AM

If you deleted what was found, the log will be called "AdwCleaner[Sx].txt" , where "x" is the number of times that AdwCleaner's Delete mode has been run.

The log should be located at C:\AdwCleaner[S1].txt

 

I'd appreciate it if you would confirm that you need all three logs.

 

I only want the AdwCleaner[S1] plus the other 3 that I asked for in the previous post.


Edited by satchfan, 05 December 2015 - 08:25 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 12:21 PM

Scans done. Here's the AdwCleaner log:

 

 

# AdwCleaner v5.023 - Logfile created 05/12/2015 at 07:36:59
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : DAD Administrator - WIN7LAPTOP
# Running from : C:\Users\Dad\Desktop\adwcleaner_5.023.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\OneSystemCare
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
Folder Found : C:\Users\DAD Administrator\AppData\Roaming\One System Care
Folder Found : C:\Users\Dad\AppData\Local\AskToolbar
Folder Found : C:\Users\Dad\AppData\Roaming\download Manager
Folder Found : C:\Windows\SysNative\Store

***** [ Files ] *****

File Found : C:\Users\Public\Desktop\Launch One System Care.lnk

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : One System CarePeriod
Task Found : One System Care Run Delay
Task Found : One System Care Monitor

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{591D8476-DE4F-4804-8D2B-4501A45C9E85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C7C95C40-05B2-45BA-8582-36B37CA592B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CD47593D-1F30-4B75-9E86-85B90D499B83}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{591D8476-DE4F-4804-8D2B-4501A45C9E85}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C7C95C40-05B2-45BA-8582-36B37CA592B0}
Key Found : HKCU\Software\One System Care
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\undefined
Key Found : HKU\S-1-5-21-3597321822-3438477668-356034365-1000\Software\DriverTuner_Init
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****

########## EOF - \AdwCleaner\AdwCleaner[S4].txt - [2661 bytes] ##########

 

and the JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by DAD Administrator (Administrator) on 05/12/2015 at 16:51:33.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 8

Successfully deleted: C:\Windows\system32\Tasks\SpeedFixToolPro_Popup (Task)
Successfully deleted: C:\Windows\system32\Tasks\SpeedFixToolPro_Start (Task)
Successfully deleted: C:\Windows\system32\REN3A52.tmp (File)
Successfully deleted: C:\Windows\system32\REN3A53.tmp (File)
Successfully deleted: C:\Windows\system32\REN3A64.tmp (File)
Successfully deleted: C:\Windows\system32\REN53D0.tmp (File)
Successfully deleted: C:\Windows\system32\REN53D1.tmp (File)
Successfully deleted: C:\Windows\system32\REN53E2.tmp (File)

 

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B4557A81-C839-4507-9F93-EAAF0EE84D65} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/12/2015 at 17:00:49.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 12:23 PM

and here's the Frst log:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Dad (ATTENTION: The user is not administrator) on WIN7LAPTOP (05-12-2015 17:11:18)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad & DAD Administrator (Available Profiles: Dad & Pam & DAD Administrator & Pam with Flash & Dad with Flash & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> svchost.exe
Failed to access process -> RapportMgmtService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> stacsv64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> DNSService.exe
Failed to access process -> HeimdalAgentService.exe
Failed to access process -> LSSrvc.exe
Failed to access process -> nis.exe
Failed to access process -> psia.exe
Failed to access process -> SolutoLauncherService.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> sua.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> NASvc.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> SearchIndexer.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
Failed to access process -> BrYNSvc.exe
Failed to access process -> hpqwmiex.exe
Failed to access process -> svchost.exe
Failed to access process -> Com4QLBEx.exe
Failed to access process -> SolutoRemoteService.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> nis.exe
Failed to access process -> dwm.exe
Failed to access process -> explorer.exe
Failed to access process -> RapportService.exe
Failed to access process -> notepad.exe
Failed to access process -> CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
Failed to access process -> taskeng.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> SearchProtocolHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM-x32\...\Run: [BrStsMon00] => C:\PROGRAM FILES (X86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM\...\RunOnce: [125_1658763229422] => "C:\Users\DADADM~1\AppData\Local\LOGMEI~1\LMIR0001.tmp_r.bat"
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-02] (SUPERAntiSpyware)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\RunOnce: [125_1624637229422] => C:\Users\Dad\AppData\Local\LMIR0001.tmp_r.bat [323 2015-12-05] ()
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2015-08-17]
ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-10-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-06-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{54548B01-23EC-4DD9-98A7-C0390619BFDE}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{693F8BD6-82D1-41CA-98B3-A68EB94ED7CB}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-3597321822-3438477668-356034365-1007] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {B4557A81-C839-4507-9F93-EAAF0EE84D65} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {37B025F4-A8D8-4D3A-B340-EA1265D66AC1} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {5C9D351B-C099-42CA-9C53-A5191D163A73} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {B4557A81-C839-4507-9F93-EAAF0EE84D65} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll => No File
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-02-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=679093867
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\75zkmdql.default
FF Homepage: hxxp://www.bbc.co.uk/news/uk
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597321822-3438477668-356034365-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-23] (Citrix Online)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\75zkmdql.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-06-03]
FF Extension: Ghostery - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\75zkmdql.default\Extensions\firefox@ghostery.com.xpi [2015-11-10]
FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\75zkmdql.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-14]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2015-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-07-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-13]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-07-01]
CHR Extension: (Norton Identity Safe) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-10]
CHR Extension: (Ghostery) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-11-10]
CHR Extension: (Norton Safe) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3597321822-3438477668-356034365-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-06] (Dropbox, Inc.)
S3 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 HeimdalSecureDNS; C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe [93776 2015-08-14] (Microsoft)
R2 HeimdalService; C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe [132688 2015-08-14] (CSIS Security Group)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.)
S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-11-14] (Soluto)
R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-11-14] (GlavSoft LLC.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20151204.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2013-12-06] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151204.016\ENG64.SYS [138488 2015-11-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151204.016\EX64.SYS [2148080 2015-11-18] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-04] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [502904 2015-11-24] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2015-11-24] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2015-11-24] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2015-11-24] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S1 SABKUTIL; \??\C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RG6YMEFX\SASKUTIL.SYS [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 17:11 - 2015-12-05 17:12 - 00028107 _____ C:\Users\Dad\Desktop\FRST.txt
2015-12-05 17:10 - 2015-12-05 17:11 - 00000000 ____D C:\FRST
2015-12-05 17:09 - 2015-12-05 17:10 - 02369024 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2015-12-05 17:08 - 2015-12-05 17:10 - 01719808 _____ (Farbar) C:\Users\Dad\Desktop\FRST.exe
2015-12-05 17:07 - 2015-12-05 17:07 - 00002746 _____ C:\Users\Dad\Desktop\AdwCleaner[S4].txt
2015-12-05 16:50 - 2015-12-05 16:50 - 00000323 _____ C:\Users\Dad\AppData\Local\LMIR0001.tmp_r.bat
2015-12-05 12:00 - 2015-12-05 12:00 - 00057856 _____ C:\Users\Dad\Desktop\santander statements.xls
2015-12-05 07:34 - 2015-12-05 07:34 - 01736704 _____ C:\Users\Dad\Desktop\adwcleaner_5.023.exe
2015-12-05 06:37 - 2015-12-05 06:37 - 00000000 ___HD C:\OneDriveTemp
2015-12-03 17:45 - 2015-12-05 16:48 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-12-03 06:36 - 2015-12-03 06:36 - 00010500 _____ C:\Users\Dad\Desktop\OBC - regular outgoings checklist.xlsx
2015-11-27 06:27 - 2015-11-27 06:27 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-11-27 06:21 - 2015-11-27 06:21 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-11-24 12:25 - 2015-11-24 12:25 - 00926275 _____ C:\Users\Dad\Desktop\Garmin Nuvi 1300 manual.pdf
2015-11-23 08:54 - 2015-11-23 08:54 - 00000000 ____D C:\Users\Pam\AppData\Roaming\SUPERAntiSpyware.com
2015-11-23 07:44 - 2015-11-23 07:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SUPERAntiSpyware.com
2015-11-17 11:32 - 2015-11-17 11:34 - 00000000 ____D C:\Users\Dad\Documents\MP
2015-11-14 10:04 - 2015-11-03 17:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 15:13 - 2015-11-03 22:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-12 15:13 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-12 15:13 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-12 15:13 - 2015-10-30 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-12 15:13 - 2015-10-30 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-12 15:13 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-12 15:13 - 2015-10-30 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-12 15:13 - 2015-10-30 23:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-12 15:13 - 2015-10-30 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-12 15:13 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-12 15:13 - 2015-10-30 23:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-12 15:13 - 2015-10-30 23:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-12 15:13 - 2015-10-30 23:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-12 15:13 - 2015-10-30 23:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-12 15:13 - 2015-10-30 23:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-12 15:13 - 2015-10-30 23:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-12 15:13 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-12 15:13 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-12 15:13 - 2015-10-30 23:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-12 15:13 - 2015-10-30 23:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-12 15:13 - 2015-10-30 23:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-12 15:13 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-12 15:13 - 2015-10-30 22:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-12 15:13 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-12 15:13 - 2015-10-30 22:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-12 15:13 - 2015-10-30 22:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-12 15:13 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-12 15:13 - 2015-10-30 22:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-12 15:13 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-12 15:13 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-12 15:13 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-12 15:13 - 2015-10-30 22:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-12 15:13 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-12 15:13 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-12 15:13 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-12 15:13 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-12 15:13 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-12 15:13 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-12 15:13 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-12 15:13 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-12 15:13 - 2015-10-30 22:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-12 15:13 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-12 15:13 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-12 15:13 - 2015-10-30 22:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-12 15:13 - 2015-10-30 22:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-12 15:13 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-12 15:13 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-12 15:13 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-12 15:13 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-12 15:13 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-12 15:13 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-12 15:13 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-12 15:13 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-12 15:13 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-12 15:13 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-12 15:13 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-12 15:13 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-12 15:13 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-12 15:13 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-12 15:13 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-12 15:13 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-12 15:13 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-12 15:13 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-12 15:13 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-12 15:13 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 15:13 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 15:12 - 2015-10-20 01:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 15:12 - 2015-10-20 01:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 15:12 - 2015-10-20 01:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-12 15:12 - 2015-10-20 01:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-12 15:12 - 2015-10-20 01:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-12 15:12 - 2015-10-20 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-12 15:12 - 2015-10-20 01:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-12 15:12 - 2015-10-20 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-12 15:12 - 2015-10-20 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-12 15:12 - 2015-10-20 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-12 15:12 - 2015-10-20 00:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-12 15:12 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-12 15:12 - 2015-10-20 00:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-12 15:12 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-12 15:12 - 2015-10-20 00:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-12 15:12 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-12 15:12 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 15:12 - 2015-10-19 23:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-12 15:12 - 2015-10-19 23:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 15:12 - 2015-10-19 23:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-12 15:12 - 2015-10-19 23:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-12 15:12 - 2015-10-19 23:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 15:12 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 15:12 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 15:12 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 15:11 - 2015-09-18 19:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-12 15:11 - 2015-09-18 19:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-12 15:11 - 2015-09-18 19:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-12 15:10 - 2015-10-20 18:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-12 15:10 - 2015-10-20 18:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-12 15:10 - 2015-10-20 18:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-12 15:10 - 2015-10-20 18:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-12 15:10 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-12 15:07 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-12 15:07 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-12 15:07 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-12 15:07 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-12 15:07 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-12 15:07 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-12 15:07 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-12 15:07 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-12 14:53 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-12 14:53 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-12 06:18 - 2015-11-12 16:08 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForDad.job
2015-11-12 06:18 - 2015-11-12 06:18 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDad
2015-11-12 06:00 - 2015-11-12 06:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 10:21 - 2015-12-05 17:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-10 10:21 - 2015-11-10 10:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 06:42 - 2015-11-11 06:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 16:53 - 2015-06-06 15:11 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-05 16:52 - 2014-11-06 06:57 - 00000000 ___RD C:\Users\Dad\OneDrive
2015-12-05 16:44 - 2009-07-14 04:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-05 16:44 - 2009-07-14 04:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-05 16:39 - 2011-03-11 06:47 - 00000429 _____ C:\ProgramData\HPWALog.txt
2015-12-05 16:38 - 2015-06-06 15:11 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-05 11:12 - 2015-05-27 22:15 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Adblock Plus for IE
2015-12-05 08:43 - 2015-06-06 15:31 - 00000000 ___RD C:\Users\Dad\Dropbox
2015-12-05 08:43 - 2015-06-06 15:11 - 00000000 ____D C:\Users\Dad\AppData\Local\Dropbox
2015-12-05 08:35 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-05 08:33 - 2014-10-12 09:49 - 00000000 ____D C:\AdwCleaner
2015-12-05 07:41 - 2014-10-30 12:23 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{850D707E-9FB4-482C-AD54-EBFDE05CD3AE}
2015-12-04 06:05 - 2014-06-13 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-12-03 18:28 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 18:28 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-03 05:22 - 2014-06-11 07:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-02 20:04 - 2015-08-24 04:45 - 00000000 ____D C:\Users\DAD Administrator
2015-12-02 07:41 - 2014-09-21 08:27 - 00000367 _____ C:\Users\Dad\Desktop\Outlook - Windows Live.url
2015-11-30 10:35 - 2014-01-15 15:31 - 00000000 ____D C:\Users\Dad\Documents\OBC - Secretary
2015-11-29 07:31 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-28 13:48 - 2015-06-03 22:29 - 00000000 ____D C:\Users\Dad\Desktop\SNIPS
2015-11-28 06:06 - 2013-01-27 09:26 - 00000000 ___RD C:\Users\Dad\Desktop\PC shortcuts
2015-11-27 06:22 - 2009-08-19 20:43 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-11-27 06:21 - 2015-07-30 10:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-11-26 11:53 - 2009-08-25 09:08 - 00000292 _____ C:\ProgramData\hpqp.ini
2015-11-26 11:50 - 2010-04-24 13:56 - 00000000 ____D C:\Users\Pam\Tracing
2015-11-26 10:02 - 2015-08-27 13:51 - 00000000 ____D C:\Users\Dad\Documents\TOBY
2015-11-24 16:27 - 2015-06-03 05:51 - 00141304 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-11-24 16:27 - 2014-06-13 16:19 - 00396152 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-11-24 06:55 - 2015-09-21 10:01 - 00002164 _____ C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-11-23 16:12 - 2015-11-01 09:37 - 00000380 _____ C:\Windows\Tasks\HPCeeScheduleForDAD Administrator.job
2015-11-23 06:34 - 2015-11-01 09:37 - 00003258 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDAD Administrator
2015-11-22 09:13 - 2014-08-18 11:11 - 00000000 ____D C:\Users\Dad\Desktop\My Templates
2015-11-22 06:45 - 2010-05-21 05:41 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Corel
2015-11-22 06:42 - 2010-05-21 05:41 - 00000000 ____D C:\Users\Dad\Documents\My PSP Files
2015-11-21 17:01 - 2010-05-18 12:36 - 00000000 ____D C:\ProgramData\Corel
2015-11-21 16:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-19 10:59 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-11-17 11:31 - 2013-10-23 06:51 - 00000000 ____D C:\Users\Dad\Documents\JD 2013
2015-11-17 11:31 - 2010-05-24 07:14 - 00000000 ____D C:\Users\Dad\Documents\HEC
2015-11-14 13:46 - 2015-08-27 06:31 - 00002818 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-14 10:25 - 2009-07-14 04:45 - 00375496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 09:48 - 2010-04-29 13:04 - 00000000 ___RD C:\Users\Dad\Desktop\PC STUFF
2015-11-13 15:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 16:03 - 2014-12-10 14:37 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-12 16:03 - 2014-05-10 06:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-12 15:59 - 2013-08-31 08:13 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 15:44 - 2010-01-04 16:11 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-12 15:40 - 2009-08-19 21:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 15:23 - 2013-11-28 15:58 - 00766820 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-12 10:08 - 2014-01-25 08:37 - 00000000 ____D C:\Users\Dad\Documents\OBC - Bowling
2015-11-12 06:01 - 2015-06-06 15:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-11 06:37 - 2014-04-24 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 10:21 - 2015-10-24 12:19 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 10:21 - 2015-10-24 12:19 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 08:16 - 2014-08-04 09:11 - 00000000 ____D C:\Users\Dad\Documents\Receipts & Guarantees
2015-11-08 23:20 - 2010-05-09 15:58 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-11-08 23:19 - 2014-08-15 06:44 - 00000000 ____D C:\Users\Dad\Documents\FINANCE
2015-11-08 22:55 - 2010-07-02 07:25 - 00000000 ____D C:\Users\Dad\Documents\BOSCH
2015-11-08 09:28 - 2015-10-28 09:21 - 00000000 ____D C:\Users\Dad\Desktop\OBC - SOP for Rnwl Subs
2015-11-08 06:19 - 2015-08-15 17:32 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForWIN7LAPTOP$.job
2015-11-07 19:24 - 2015-08-15 17:32 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForWIN7LAPTOP$
2015-11-06 17:54 - 2014-05-12 04:54 - 00000000 ____D C:\Users\Dad\Documents\MEDICAL
2015-11-06 13:13 - 2010-10-09 07:02 - 00000000 ____D C:\Users\Dad\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2014-04-13 07:49 - 2015-09-29 07:39 - 0002300 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2013-12-28 06:47 - 2013-12-28 06:47 - 0000037 ___SH () C:\Users\Dad\AppData\Local\70149b02515b3bb20dd492.47983420
2010-01-04 14:56 - 2010-01-04 14:56 - 0000000 _____ () C:\Users\Dad\AppData\Local\AtStart.txt
2015-09-21 10:12 - 2015-09-21 10:12 - 0003584 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-04 14:56 - 2010-01-04 14:56 - 0000000 _____ () C:\Users\Dad\AppData\Local\DSwitch.txt
2015-12-05 16:50 - 2015-12-05 16:50 - 0000323 _____ () C:\Users\Dad\AppData\Local\LMIR0001.tmp_r.bat
2010-01-04 14:56 - 2010-01-04 14:56 - 0000000 _____ () C:\Users\Dad\AppData\Local\QSwitch.txt
2014-03-27 16:04 - 2015-05-22 11:16 - 0007606 _____ () C:\Users\Dad\AppData\Local\resmon.resmoncfg
2009-08-25 09:08 - 2015-11-26 11:53 - 0000292 _____ () C:\ProgramData\hpqp.ini
2011-03-11 06:47 - 2015-12-05 16:39 - 0000429 _____ () C:\ProgramData\HPWALog.txt
2015-06-29 07:53 - 2015-06-29 07:53 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4rurtk.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

#7 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 12:25 PM

finally the addition log:


Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Dad (2015-12-05 17:13:49)
Running from C:\Users\Dad\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-04 13:22:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3597321822-3438477668-356034365-500 - Administrator - Disabled)
Dad (S-1-5-21-3597321822-3438477668-356034365-1000 - Limited - Enabled) => C:\Users\Dad
DAD Administrator (S-1-5-21-3597321822-3438477668-356034365-1007 - Administrator - Enabled) => C:\Users\DAD Administrator
Dad with Flash (S-1-5-21-3597321822-3438477668-356034365-1009 - Limited - Enabled) => C:\Users\Dad with Flash
Guest (S-1-5-21-3597321822-3438477668-356034365-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3597321822-3438477668-356034365-1005 - Limited - Enabled)
Pam (S-1-5-21-3597321822-3438477668-356034365-1001 - Limited - Enabled) => C:\Users\Pam
Pam with Flash (S-1-5-21-3597321822-3438477668-356034365-1008 - Limited - Enabled) => C:\Users\Pam with Flash

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\{44CF4DB9-707A-4395-839C-573FBC206CB9}) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
BTHomeHub (HKLM-x32\...\BTHomeHub) (Version: - British Telecommunications Plc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Heimdal (HKLM-x32\...\Heimdal) (Version: 1.10.5.0 - CSIS Security Group)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.13.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Info Center 1.0.0.7 (HKLM-x32\...\Info Center_is1) (Version: 1.0.0.7 - PC Pitstop LLC)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2119 - Intel Corporation)
Java™ 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.106.12020 (HKLM-x32\...\{DB6F4DEE-AA55-27F5-EC63-774047889DB5}) (Version: 2.16.106.12020 - Sony)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MP3jam 1.1.1.10 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.10 - MP3jam)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
NWZ-E380 WALKMAN Guide (HKLM-x32\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
Opera Stable 33.0.1990.43 (HKU\.DEFAULT\...\Opera 33.0.1990.43) (Version: 33.0.1990.43 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Rapport (x32 Version: 3.5.1507.99 - Trusteer) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Serif PagePlus Starter Edition 4 (HKLM-x32\...\{975944CC-90F8-43C8-9F7E-C722FC212E6B}) (Version: 4.0.0.4 - Serif (Europe) Ltd)
Soluto (HKLM\...\{037C627B-384E-450E-866C-95BAB3CDEA17}) (Version: 1.3.1494.0 - Soluto)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Windows Driver Package - Atheros Communications Inc. (athr) Net (01/10/2012 9.2.0.480) (HKLM\...\F4BA9240F445A54DF9E2658FC0A761FBD790B9CC) (Version: 01/10/2012 9.2.0.480 - Atheros Communications Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (02/22/2011 9.2.0.310) (HKLM\...\20BAFF0BE91CCA3C75234D0E47582AE2222CB5E4) (Version: 02/22/2011 9.2.0.310 - Atheros Communications Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/09/2011 9.2.0.467) (HKLM\...\0636F1DFE5C1926FDBB1AC4C08CC616CF9A9A781) (Version: 11/09/2011 9.2.0.467 - Atheros Communications Inc.)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Realtek (RTL8167) Net (06/12/2012 7.061.0612.2012) (HKLM\...\D7AE157A02BBDD2AFDC7ACDBE7652D398B0B265E) (Version: 06/12/2012 7.061.0612.2012 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net (08/23/2011 7.048.0823.2011) (HKLM\...\4A38D9B38E10E18D3528EDAB22652EB131FADECB) (Version: 08/23/2011 7.048.0823.2011 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2013-09-03 17:19 - 00000833 ____N C:\Windows\system32\Drivers\etc\hosts

# ::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job =>
Task: C:\Windows\Tasks\HPCeeScheduleForDAD Administrator.job =>
Task: C:\Windows\Tasks\HPCeeScheduleForDad.job =>
Task: C:\Windows\Tasks\HPCeeScheduleForWIN7LAPTOP$.job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Dad\Desktop\PC STUFF\BT\BT Broadband Life.LNK -> C:\Program Files (x86)\BTHomeHub\Launcher\LaunchHM.exe (British Telecommunications) -> hxxp://www.bt.com/setup/getbblife?s_cid=con_extlink_bb_installCD_getbblife <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visit eBay.co.uk.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cnnb&locale=en_gb&bd=all&c=94 <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dad\Desktop\Screenshot 2015-11 1st PHS.png:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\qualys.com -> hxxps://browsercheck.qualys.com
IE trusted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\secunia.com -> hxxps://psi.secunia.com
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\ghostery.com -> hxxps://ghostery.com
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\internet -> internet
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\surveymonkey.com -> hxxps://www.surveymonkey.com
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\zendesk.com -> hxxps://ghostery.zendesk.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3597321822-3438477668-356034365-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{799484CB-7BCB-4874-A835-0565C6F8B52D}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{1DB0F66C-7875-45D4-9DA0-E6ABABBBDA8C}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{1E4BB896-842E-4F54-9B92-62186BEB0F79}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS53FC.tmp\SymNRT.exe
FirewallRules: [{B3E56F1D-3FFA-4BAE-98CC-361C6840F28A}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS53FC.tmp\SymNRT.exe
FirewallRules: [{653AB5A1-8E66-40C7-B6C9-75EF805409C4}] => (Allow) LPort=8888
FirewallRules: [{3FEC2C4B-2986-4ED0-96B0-7CD87F3A98D6}] => (Allow) LPort=8888
FirewallRules: [{45572AA2-E369-4FD0-BE98-06FDC96A550A}] => (Allow) LPort=54925
FirewallRules: [{B57B8C3C-C1E4-4D75-B9B4-6DEEFDB95261}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B11D386B-A1E6-426A-9637-9B81E4112A57}] => (Allow) LPort=2869
FirewallRules: [{16117ABD-3284-45C5-B5DD-B107331D65A9}] => (Allow) LPort=1900
FirewallRules: [{A7BE25E2-1602-408A-A87B-AD5E7426048B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{82B6BE62-DFEC-43B9-B99C-4B6AE3266FAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{684DFCBD-043A-4AE6-AD8B-8EF919BED1B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EF86AC9-0381-4A08-96D3-C2260A0EC612}] => (Allow) C:\Users\Dad\Desktop\solutoinstaller-x95fs27nk80z.exe
FirewallRules: [{C6012723-F688-4A18-AA27-C8ED083FB03A}] => (Allow) C:\Users\Dad\Desktop\solutoinstaller-x95fs27nk80z.exe
FirewallRules: [{79A89873-BEA3-4FE6-A10A-06C71E303C6E}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{1167F3AE-F3B6-49D2-A3C7-C9DD7C0C2449}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{86C94D28-BC0D-4957-AD9A-9252E7770D3B}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{B94D6C11-7688-4164-BFF8-28DC5CB5F2C0}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{F7B91B22-8288-453B-A2E8-9A1F1D2F2A97}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{09A38772-534C-40AF-859B-3616FFA2BB85}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{5772E546-B6D0-4397-84CB-BD0189C1B194}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS36AA.tmp\SymNRT.exe
FirewallRules: [{F3E9545A-49CE-4101-B9B6-2899EB71383E}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS36AA.tmp\SymNRT.exe
FirewallRules: [{BEB8514B-654D-4576-9AE4-25C345602B5A}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B34.tmp\SymNRT.exe
FirewallRules: [{FE160076-FD4A-4487-AA2C-0BDDFC61090B}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B24.tmp\SymNRT.exe
FirewallRules: [{2C73610B-04E6-43AC-B25C-20249639099C}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B34.tmp\SymNRT.exe
FirewallRules: [{3C3F8EF0-5BE5-4C30-83BF-7F5567AB47E4}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B24.tmp\SymNRT.exe
FirewallRules: [{A45A60C4-992A-4FDC-9929-FA6B16C3959E}] => (Allow) C:\Users\DAD Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{498F9ECA-B13E-44CA-92CD-39F3E54E6460}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B713BF68-5283-4DAF-BDF6-92A5D37EEF73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{597E61E2-52A9-4D54-B15C-AF6E7FC61290}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A43497E-F182-4A4C-B7B0-45EDAD027D52}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D844C773-5C42-4908-9FBD-E93CB978B76F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2015 04:52:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (12/04/2015 11:54:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/04/2015 06:36:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/04/2015 06:04:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (12/03/2015 09:37:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/02/2015 02:19:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/01/2015 07:28:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/01/2015 04:55:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c28

Start Time: 01d12c4b144591a9

Termination Time: 62

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/01/2015 11:27:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (12/01/2015 09:51:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.


System errors:
=============
Error: (12/05/2015 12:00:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 12:00:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 08:48:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 08:46:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 08:37:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/05/2015 08:36:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error: (12/05/2015 08:34:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/05/2015 08:34:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (12/05/2015 08:34:01 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/05/2015 08:33:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Source Engine service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2012-10-26 07:46:26.198
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-26 07:46:25.900
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-23 07:25:28.551
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-23 07:25:28.410
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-23 06:14:12.176
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-23 06:14:11.911
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-09 07:39:40.524
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-09 07:39:40.259
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-08 20:37:28.893
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-09-08 20:37:28.737
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 3998.93 MB
Available physical RAM: 1666.87 MB
Total Virtual: 23997.13 MB
Available Virtual: 21088.74 MB

==================== Drives ================================

Drive c: (Win7 laptop) (Fixed) (Total:285.3 GB) (Free:199.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.59 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (TRANSFERS) (Removable) (Total:14.9 GB) (Free:14.45 GB) FAT32
Drive g: (DAILY SAVES) (Removable) (Total:3.75 GB) (Free:3.28 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

#8 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 12:27 PM

I'm sure that I ran FRST as administrator but I've seen this comment in the log. Should I run it again?

ATTENTION: ==> Could not access BCD. The user is not administrator

#9 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 05 December 2015 - 12:51 PM

I’m afraid you’ll have to run both AdwCleaner and FRST again.

You didn’t select Clean when you ran AdwCleaner and therefore I won’t see an FRST log after some of the junk has been cleared up.

Also, you are correct: FRST was not run as Administrator as it says on the log.

Remember to run AdwCleaner first, then a new FRST scan as Administrator, (it won’t produce an Addition.txt this time but that’s OK).

Logs to include with next post:

AdwCleaner log
New Frst.txt


BTW, I have to go out for a while now so won't reply until later.

Satchfan
 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 01:23 PM

sorry satchfan - I'll run them again shortly. Take care when you go out - the rain & gales here (West Yorks) are bad, but not as bad as North Yorks and around there.



#11 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 05 December 2015 - 04:45 PM

Keep safe and send them when you can.

I'm in Devon so we don't get it as extremely as you but, my car got blown by a gust of wind on the way back from Torquay today and I nearly ended up in the other lane. :crazy:


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 05:19 PM

AdwCleaner reported no malicious programs were found. The FRST log is below and I'll post the Addition in a moment.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by DAD Administrator (administrator) on WIN7LAPTOP (05-12-2015 22:10:55)
Running from C:\Users\DAD Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOP6VJGR
Loaded Profiles: Dad & DAD Administrator (Available Profiles: Dad & Pam & DAD Administrator & Pam with Flash & Dad with Flash & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft) C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DNSService.exe
(CSIS Security Group) C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(GlavSoft LLC.) C:\Program Files\Soluto\SolutoRemoteService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_245_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM-x32\...\Run: [BrStsMon00] => C:\PROGRAM FILES (X86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM\...\RunOnce: [125_1658763229422] => C:\Users\DAD Administrator\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat [371 2015-12-05] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-02] (SUPERAntiSpyware)
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\RunOnce: [125_1624637229422] => C:\Users\Dad\AppData\Local\LMIR0001.tmp_r.bat [323 2015-12-05] ()
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3597321822-3438477668-356034365-1007\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-16] (Hewlett-Packard)
HKU\S-1-5-21-3597321822-3438477668-356034365-1007\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-3597321822-3438477668-356034365-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3597321822-3438477668-356034365-1007\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2015-08-17]
ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-10-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-06-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{54548B01-23EC-4DD9-98A7-C0390619BFDE}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{693F8BD6-82D1-41CA-98B3-A68EB94ED7CB}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-3597321822-3438477668-356034365-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
SearchScopes: HKLM -> {B4557A81-C839-4507-9F93-EAAF0EE84D65} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {37B025F4-A8D8-4D3A-B340-EA1265D66AC1} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {5C9D351B-C099-42CA-9C53-A5191D163A73} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {B4557A81-C839-4507-9F93-EAAF0EE84D65} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll => No File
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-02-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1007 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=679093867
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-11-16] (Belarc, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-3597321822-3438477668-356034365-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-3597321822-3438477668-356034365-1007: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2015-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-05]
CHR Extension: (Google Docs) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-05]
CHR Extension: (Google Drive) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-05]
CHR Extension: (Rapport) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-10-05]
CHR Extension: (YouTube) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-05]
CHR Extension: (Google Search) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-05]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-11-03]
CHR Extension: (Google Sheets) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-18]
CHR Extension: (Norton Identity Safe) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-05]
CHR Extension: (Norton Safe) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-05]
CHR Extension: (Gmail) - C:\Users\DAD Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3597321822-3438477668-356034365-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3597321822-3438477668-356034365-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-26]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-06] (Dropbox, Inc.)
S3 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 HeimdalSecureDNS; C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe [93776 2015-08-14] (Microsoft)
R2 HeimdalService; C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe [132688 2015-08-14] (CSIS Security Group)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.)
S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-11-14] (Soluto)
R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-11-14] (GlavSoft LLC.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20151204.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2013-12-06] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151205.002\ENG64.SYS [138488 2015-11-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151205.002\EX64.SYS [2148080 2015-11-18] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-04] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [502904 2015-11-24] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2015-11-24] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2015-11-24] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2015-11-24] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S1 SABKUTIL; \??\C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RG6YMEFX\SASKUTIL.SYS [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 18:54 - 2015-12-05 18:54 - 02369024 _____ (Farbar) C:\Users\DAD Administrator\Downloads\FRST64.exe
2015-12-05 18:01 - 2015-12-05 18:03 - 00000000 ____D C:\Users\Dad\Desktop\2015-12 5th PROBLEM
2015-12-05 17:10 - 2015-12-05 22:10 - 00000000 ____D C:\FRST
2015-12-05 17:01 - 2015-12-05 17:01 - 00001576 _____ C:\Users\DAD Administrator\Desktop\JRT log 2015-12 5th.txt
2015-12-05 17:00 - 2015-12-05 18:50 - 00000566 _____ C:\Users\DAD Administrator\Desktop\JRT.txt
2015-12-05 16:50 - 2015-12-05 16:50 - 00000323 _____ C:\Users\Dad\AppData\Local\LMIR0001.tmp_r.bat
2015-12-05 12:00 - 2015-12-05 12:00 - 00057856 _____ C:\Users\Dad\Desktop\santander statements.xls
2015-12-05 06:37 - 2015-12-05 06:37 - 00000000 ___HD C:\OneDriveTemp
2015-12-04 15:42 - 2015-12-04 15:43 - 00000000 ____D C:\Users\DAD Administrator\AppData\Local\NPE
2015-12-04 15:23 - 2015-12-04 15:23 - 00000051 _____ C:\Users\DAD Administrator\Downloads\paperport-standard [1].exe
2015-12-03 17:45 - 2015-12-05 18:41 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-12-03 06:36 - 2015-12-03 06:36 - 00010500 _____ C:\Users\Dad\Desktop\OBC - regular outgoings checklist.xlsx
2015-11-27 06:27 - 2015-11-27 06:27 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-11-27 06:21 - 2015-11-27 06:21 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-11-24 12:25 - 2015-11-24 12:25 - 00926275 _____ C:\Users\Dad\Desktop\Garmin Nuvi 1300 manual.pdf
2015-11-23 10:29 - 2015-11-23 10:45 - 00000000 ____D C:\Users\Pam with Flash\AppData\Local\Microsoft Games
2015-11-23 09:51 - 2015-11-23 09:51 - 00000000 ____D C:\Users\Pam with Flash\AppData\Roaming\SUPERAntiSpyware.com
2015-11-23 08:54 - 2015-11-23 08:54 - 00000000 ____D C:\Users\Pam\AppData\Roaming\SUPERAntiSpyware.com
2015-11-23 07:44 - 2015-11-23 07:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SUPERAntiSpyware.com
2015-11-23 07:05 - 2015-11-23 07:05 - 00000000 ____D C:\Users\Dad with Flash\AppData\Roaming\SUPERAntiSpyware.com
2015-11-23 06:24 - 2015-11-23 06:24 - 00000000 ____D C:\Users\DAD Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-11-21 16:23 - 2015-11-21 16:23 - 00000000 ____D C:\Users\DAD Administrator\AppData\Local\ElevatedDiagnostics
2015-11-18 12:36 - 2015-11-18 12:36 - 00007608 _____ C:\Users\DAD Administrator\AppData\Local\Resmon.ResmonCfg
2015-11-18 11:10 - 2015-11-18 11:10 - 00000000 ____D C:\Users\DAD Administrator\AppData\Local\GWX
2015-11-17 11:32 - 2015-11-17 11:34 - 00000000 ____D C:\Users\Dad\Documents\MP
2015-11-14 23:14 - 2015-11-14 23:14 - 00000000 ____D C:\Users\DAD Administrator\AppData\Roaming\qualys
2015-11-14 17:34 - 2015-11-14 17:34 - 00000000 ____D C:\Users\DAD Administrator\Documents\Norton Identity Safe Backups
2015-11-14 10:04 - 2015-11-03 17:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 15:13 - 2015-11-03 22:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-12 15:13 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-12 15:13 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-12 15:13 - 2015-10-30 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-12 15:13 - 2015-10-30 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-12 15:13 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-12 15:13 - 2015-10-30 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-12 15:13 - 2015-10-30 23:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-12 15:13 - 2015-10-30 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-12 15:13 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-12 15:13 - 2015-10-30 23:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-12 15:13 - 2015-10-30 23:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-12 15:13 - 2015-10-30 23:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-12 15:13 - 2015-10-30 23:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-12 15:13 - 2015-10-30 23:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-12 15:13 - 2015-10-30 23:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-12 15:13 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-12 15:13 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-12 15:13 - 2015-10-30 23:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-12 15:13 - 2015-10-30 23:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-12 15:13 - 2015-10-30 23:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-12 15:13 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-12 15:13 - 2015-10-30 22:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-12 15:13 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-12 15:13 - 2015-10-30 22:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-12 15:13 - 2015-10-30 22:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-12 15:13 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-12 15:13 - 2015-10-30 22:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-12 15:13 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-12 15:13 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-12 15:13 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-12 15:13 - 2015-10-30 22:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-12 15:13 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-12 15:13 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-12 15:13 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-12 15:13 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-12 15:13 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-12 15:13 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-12 15:13 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-12 15:13 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-12 15:13 - 2015-10-30 22:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-12 15:13 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-12 15:13 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-12 15:13 - 2015-10-30 22:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-12 15:13 - 2015-10-30 22:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-12 15:13 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-12 15:13 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-12 15:13 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-12 15:13 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-12 15:13 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-12 15:13 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-12 15:13 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-12 15:13 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-12 15:13 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-12 15:13 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-12 15:13 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-12 15:13 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-12 15:13 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-12 15:13 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-12 15:13 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-12 15:13 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-12 15:13 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-12 15:13 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-12 15:13 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-12 15:13 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 15:13 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 15:12 - 2015-10-20 01:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 15:12 - 2015-10-20 01:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 15:12 - 2015-10-20 01:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-12 15:12 - 2015-10-20 01:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-12 15:12 - 2015-10-20 01:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-12 15:12 - 2015-10-20 01:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-12 15:12 - 2015-10-20 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-12 15:12 - 2015-10-20 01:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-12 15:12 - 2015-10-20 01:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-12 15:12 - 2015-10-20 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-12 15:12 - 2015-10-20 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-12 15:12 - 2015-10-20 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-12 15:12 - 2015-10-20 00:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-12 15:12 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-12 15:12 - 2015-10-20 00:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-12 15:12 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-12 15:12 - 2015-10-20 00:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-12 15:12 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-12 15:12 - 2015-10-20 00:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-12 15:12 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-12 15:12 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 15:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 15:12 - 2015-10-19 23:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-12 15:12 - 2015-10-19 23:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 15:12 - 2015-10-19 23:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-12 15:12 - 2015-10-19 23:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-12 15:12 - 2015-10-19 23:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 15:12 - 2015-10-19 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 15:12 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 15:12 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 15:12 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 15:11 - 2015-09-18 19:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-12 15:11 - 2015-09-18 19:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-12 15:11 - 2015-09-18 19:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-12 15:11 - 2015-09-18 19:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-12 15:10 - 2015-10-20 18:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-12 15:10 - 2015-10-20 18:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-12 15:10 - 2015-10-20 18:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-12 15:10 - 2015-10-20 18:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-12 15:10 - 2015-10-20 18:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-12 15:10 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-12 15:10 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-12 15:07 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-12 15:07 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-12 15:07 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-12 15:07 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-12 15:07 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-12 15:07 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-12 15:07 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-12 15:07 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-12 14:53 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-12 14:53 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-12 06:18 - 2015-11-12 16:08 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForDad.job
2015-11-12 06:18 - 2015-11-12 06:18 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDad
2015-11-12 06:00 - 2015-11-12 06:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 10:21 - 2015-12-05 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-10 10:21 - 2015-11-10 10:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 06:42 - 2015-11-11 06:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-07 09:32 - 2015-11-07 09:32 - 00000000 ____D C:\Users\Dad with Flash\Documents\Norton Identity Safe Backups
2015-11-06 17:07 - 2015-11-06 17:09 - 00000000 ____D C:\Users\Dad with Flash\AppData\Local\Microsoft Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 22:10 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-12-05 21:53 - 2015-06-06 15:11 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-05 18:29 - 2014-10-12 09:49 - 00000000 ____D C:\AdwCleaner
2015-12-05 16:52 - 2014-11-06 06:57 - 00000000 ___RD C:\Users\Dad\OneDrive
2015-12-05 16:50 - 2015-10-13 06:40 - 00000000 ____D C:\Users\DAD Administrator\AppData\Local\LogMeIn Rescue Applet
2015-12-05 16:45 - 2015-08-27 06:23 - 00000000 ____D C:\Users\DAD Administrator\AppData\LocalLow\Adblock Plus for IE
2015-12-05 16:44 - 2009-07-14 04:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-05 16:44 - 2009-07-14 04:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-05 16:39 - 2011-03-11 06:47 - 00000429 _____ C:\ProgramData\HPWALog.txt
2015-12-05 16:38 - 2015-06-06 15:11 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-05 11:12 - 2015-05-27 22:15 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Adblock Plus for IE
2015-12-05 08:43 - 2015-06-06 15:31 - 00000000 ___RD C:\Users\Dad\Dropbox
2015-12-05 08:43 - 2015-06-06 15:11 - 00000000 ____D C:\Users\Dad\AppData\Local\Dropbox
2015-12-05 08:35 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-05 07:41 - 2014-10-30 12:23 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{850D707E-9FB4-482C-AD54-EBFDE05CD3AE}
2015-12-04 06:05 - 2014-06-13 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-12-03 18:28 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 18:28 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-03 05:22 - 2014-06-11 07:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-02 20:04 - 2015-08-24 04:45 - 00000000 ____D C:\Users\DAD Administrator
2015-12-02 07:41 - 2014-09-21 08:27 - 00000367 _____ C:\Users\Dad\Desktop\Outlook - Windows Live.url
2015-11-30 10:35 - 2014-01-15 15:31 - 00000000 ____D C:\Users\Dad\Documents\OBC - Secretary
2015-11-29 07:31 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-28 13:48 - 2015-06-03 22:29 - 00000000 ____D C:\Users\Dad\Desktop\SNIPS
2015-11-28 06:06 - 2013-01-27 09:26 - 00000000 ___RD C:\Users\Dad\Desktop\PC shortcuts
2015-11-27 06:22 - 2009-08-19 20:43 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-11-27 06:21 - 2015-07-30 10:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-11-26 12:39 - 2015-11-01 13:55 - 00000000 ____D C:\Users\Pam with Flash\AppData\Roaming\Foxit Software
2015-11-26 11:53 - 2009-08-25 09:08 - 00000292 _____ C:\ProgramData\hpqp.ini
2015-11-26 11:50 - 2010-04-24 13:56 - 00000000 ____D C:\Users\Pam\Tracing
2015-11-26 10:02 - 2015-08-27 13:51 - 00000000 ____D C:\Users\Dad\Documents\TOBY
2015-11-25 12:15 - 2015-10-18 06:57 - 00000000 ____D C:\Users\Dad with Flash\AppData\LocalLow\Adblock Plus for IE
2015-11-24 16:27 - 2015-06-03 05:51 - 00141304 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-11-24 16:27 - 2014-06-13 16:19 - 00396152 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-11-24 06:55 - 2015-09-21 10:01 - 00002164 _____ C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-11-23 16:12 - 2015-11-01 09:37 - 00000380 _____ C:\Windows\Tasks\HPCeeScheduleForDAD Administrator.job
2015-11-23 06:34 - 2015-11-01 09:37 - 00003258 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDAD Administrator
2015-11-22 09:13 - 2014-08-18 11:11 - 00000000 ____D C:\Users\Dad\Desktop\My Templates
2015-11-22 06:45 - 2010-05-21 05:41 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Corel
2015-11-22 06:42 - 2010-05-21 05:41 - 00000000 ____D C:\Users\Dad\Documents\My PSP Files
2015-11-21 17:01 - 2010-05-18 12:36 - 00000000 ____D C:\ProgramData\Corel
2015-11-21 16:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-18 11:33 - 2015-09-17 08:53 - 00000000 ____D C:\Users\DAD Administrator\AppData\Local\Microsoft Games
2015-11-17 11:31 - 2013-10-23 06:51 - 00000000 ____D C:\Users\Dad\Documents\JD 2013
2015-11-17 11:31 - 2010-05-24 07:14 - 00000000 ____D C:\Users\Dad\Documents\HEC
2015-11-14 13:46 - 2015-08-27 06:31 - 00002818 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-14 10:25 - 2009-07-14 04:45 - 00375496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 09:48 - 2010-04-29 13:04 - 00000000 ___RD C:\Users\Dad\Desktop\PC STUFF
2015-11-13 15:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 16:03 - 2014-12-10 14:37 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-12 16:03 - 2014-05-10 06:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-12 15:59 - 2013-08-31 08:13 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 15:44 - 2010-01-04 16:11 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-12 15:40 - 2009-08-19 21:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 15:23 - 2013-11-28 15:58 - 00766820 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-12 10:08 - 2014-01-25 08:37 - 00000000 ____D C:\Users\Dad\Documents\OBC - Bowling
2015-11-12 06:01 - 2015-06-06 15:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-11 06:37 - 2014-04-24 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 10:21 - 2015-10-24 12:19 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 10:21 - 2015-10-24 12:19 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 08:16 - 2014-08-04 09:11 - 00000000 ____D C:\Users\Dad\Documents\Receipts & Guarantees
2015-11-08 23:20 - 2010-05-09 15:58 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-11-08 23:19 - 2014-08-15 06:44 - 00000000 ____D C:\Users\Dad\Documents\FINANCE
2015-11-08 22:55 - 2010-07-02 07:25 - 00000000 ____D C:\Users\Dad\Documents\BOSCH
2015-11-08 09:28 - 2015-10-28 09:21 - 00000000 ____D C:\Users\Dad\Desktop\OBC - SOP  for Rnwl Subs
2015-11-08 06:19 - 2015-08-15 17:32 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForWIN7LAPTOP$.job
2015-11-07 19:24 - 2015-08-15 17:32 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForWIN7LAPTOP$
2015-11-06 17:54 - 2014-05-12 04:54 - 00000000 ____D C:\Users\Dad\Documents\MEDICAL
2015-11-06 13:13 - 2010-10-09 07:02 - 00000000 ____D C:\Users\Dad\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2015-08-24 04:47 - 2015-08-24 04:47 - 0000000 _____ () C:\Users\DAD Administrator\AppData\Local\AtStart.txt
2015-08-24 04:47 - 2015-08-24 04:47 - 0000000 _____ () C:\Users\DAD Administrator\AppData\Local\DSwitch.txt
2015-08-24 04:47 - 2015-08-24 04:47 - 0000000 _____ () C:\Users\DAD Administrator\AppData\Local\QSwitch.txt
2015-11-18 12:36 - 2015-11-18 12:36 - 0007608 _____ () C:\Users\DAD Administrator\AppData\Local\Resmon.ResmonCfg
2009-08-25 09:08 - 2015-11-26 11:53 - 0000292 _____ () C:\ProgramData\hpqp.ini
2011-03-11 06:47 - 2015-12-05 16:39 - 0000429 _____ () C:\ProgramData\HPWALog.txt
2015-06-29 07:53 - 2015-06-29 07:53 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4rurtk.dll
C:\Users\DAD Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt4yv1m.dll
C:\Users\Dad with Flash\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyhoigm.dll
C:\Users\Pam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpld6t9f.dll
C:\Users\Pam with Flash\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpollmc0.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-30 12:24

==================== End of FRST.txt ============================



#13 Taffy_078

Taffy_078
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 05 December 2015 - 05:22 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by DAD Administrator (2015-12-05 22:15:10)
Running from C:\Users\DAD Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOP6VJGR
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-04 13:22:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3597321822-3438477668-356034365-500 - Administrator - Disabled)
Dad (S-1-5-21-3597321822-3438477668-356034365-1000 - Limited - Enabled) => C:\Users\Dad
DAD Administrator (S-1-5-21-3597321822-3438477668-356034365-1007 - Administrator - Enabled) => C:\Users\DAD Administrator
Dad with Flash (S-1-5-21-3597321822-3438477668-356034365-1009 - Limited - Enabled) => C:\Users\Dad with Flash
Guest (S-1-5-21-3597321822-3438477668-356034365-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3597321822-3438477668-356034365-1005 - Limited - Enabled)
Pam (S-1-5-21-3597321822-3438477668-356034365-1001 - Limited - Enabled) => C:\Users\Pam
Pam with Flash (S-1-5-21-3597321822-3438477668-356034365-1008 - Limited - Enabled) => C:\Users\Pam with Flash

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\{44CF4DB9-707A-4395-839C-573FBC206CB9}) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
BTHomeHub (HKLM-x32\...\BTHomeHub) (Version:  - British Telecommunications Plc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Heimdal (HKLM-x32\...\Heimdal) (Version: 1.10.5.0 - CSIS Security Group)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.13.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Info Center 1.0.0.7 (HKLM-x32\...\Info Center_is1) (Version: 1.0.0.7 - PC Pitstop LLC)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2119 - Intel Corporation)
Java™ 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.106.12020 (HKLM-x32\...\{DB6F4DEE-AA55-27F5-EC63-774047889DB5}) (Version: 2.16.106.12020 - Sony)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MP3jam 1.1.1.10 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.10 - MP3jam)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
NWZ-E380 WALKMAN Guide (HKLM-x32\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
Opera Stable 33.0.1990.43 (HKU\.DEFAULT\...\Opera 33.0.1990.43) (Version: 33.0.1990.43 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Rapport (x32 Version: 3.5.1507.99 - Trusteer) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Serif PagePlus Starter Edition 4 (HKLM-x32\...\{975944CC-90F8-43C8-9F7E-C722FC212E6B}) (Version: 4.0.0.4 - Serif (Europe) Ltd)
Soluto (HKLM\...\{037C627B-384E-450E-866C-95BAB3CDEA17}) (Version: 1.3.1494.0 - Soluto)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (01/10/2012 9.2.0.480) (HKLM\...\F4BA9240F445A54DF9E2658FC0A761FBD790B9CC) (Version: 01/10/2012 9.2.0.480 - Atheros Communications Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (02/22/2011 9.2.0.310) (HKLM\...\20BAFF0BE91CCA3C75234D0E47582AE2222CB5E4) (Version: 02/22/2011 9.2.0.310 - Atheros Communications Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/09/2011 9.2.0.467) (HKLM\...\0636F1DFE5C1926FDBB1AC4C08CC616CF9A9A781) (Version: 11/09/2011 9.2.0.467 - Atheros Communications Inc.)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Realtek (RTL8167) Net  (06/12/2012 7.061.0612.2012) (HKLM\...\D7AE157A02BBDD2AFDC7ACDBE7652D398B0B265E) (Version: 06/12/2012 7.061.0612.2012 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (08/23/2011 7.048.0823.2011) (HKLM\...\4A38D9B38E10E18D3528EDAB22652EB131FADECB) (Version: 08/23/2011 7.048.0823.2011 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3597321822-3438477668-356034365-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dad\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3597321822-3438477668-356034365-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dad\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

28-11-2015 12:16:01 Scheduled Checkpoint
01-12-2015 08:56:48 Windows Backup
01-12-2015 09:51:47 Windows Backup
04-12-2015 06:01:44 Installed Rapport
05-12-2015 16:51:38 JRT Pre-Junkware Removal
05-12-2015 18:41:55 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2013-09-03 17:19 - 00000833 ____N C:\Windows\system32\Drivers\etc\hosts

#       ::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B2754D2-9FB6-47CD-A74A-EC27BC39E6F4} - System32\Tasks\HPCeeScheduleForDAD Administrator => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1269A4DB-D419-4CCF-A9AE-4ACE823E5186} - System32\Tasks\HPCeeScheduleForWIN7LAPTOP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {15138E94-F96F-4AD2-BBD9-5099AF2B5152} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {19C87EFF-68AB-45B7-85EE-8F38A383971B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-24] (HP Inc.)
Task: {22C12CFC-2364-4F27-B34D-4AB927079228} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-06] (Dropbox, Inc.)
Task: {3D902909-34CA-48DB-989E-AAA608042861} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {3E9BA729-2272-4CAE-BA62-9ECA238BE971} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {440C8A5E-89BA-4D79-A6CD-D7FC1487B6DB} - System32\Tasks\sfc scannow => C:\Windows\System32\sfc.exe [2009-07-14] (Microsoft Corporation)
Task: {4A72F792-D9D4-4914-95E3-631853551A11} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {4C0183FB-0A31-48C7-9720-4B0A25809E71} - \RegClean Pro -> No File <==== ATTENTION
Task: {54FAFBF4-6FA8-48F7-AFB9-8AD3D990956C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3597321822-3438477668-356034365-1007
Task: {5E0A7278-A001-4172-8CDD-8640A71EB607} - System32\Tasks\{26C09B41-C914-4027-90A7-3B3C11587585} => pcalua.exe -a "C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0281SZ7\AdobeAIRInstaller[1].exe" -d C:\Users\Dad\Desktop
Task: {69E33225-9ED6-4F5F-8443-A1A480FBCB64} - System32\Tasks\{A6A6B99E-3196-4891-88CB-582377D8DE35} => pcalua.exe -a F:\netsetup.exe -d F:\
Task: {7A611EBA-C0CB-4AA9-8B83-3F23686D6B52} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3597321822-3438477668-356034365-1000
Task: {80CF99D9-7BEA-40C1-B1A8-0EF1DEA42F35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {96C409D6-F629-45EE-B5F4-E7513E5FEA8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {96FA598B-BE9B-40D4-9D19-B8B2225D0236} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-06] (Dropbox, Inc.)
Task: {AB1C0FE8-A459-4DCD-805F-F924DC836B25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-12-02] (Microsoft)
Task: {B845A65F-135C-4755-B939-B8B5A429C8C7} - System32\Tasks\HPCeeScheduleForDad => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BEC9360B-DD0B-472A-9103-8F8AD3BE672A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D78486DE-318E-4E31-846E-02E513D929D2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {E5C2F7A9-B635-41E6-9AF5-0489E02403C9} - System32\Tasks\{462DE747-C00D-4D5F-BF72-554E1ED3E9C9} => pcalua.exe -a "C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KX2CNTC0\AdobeAIRInstaller.exe" -d C:\Users\Dad\Desktop
Task: {E5CE4672-3F3D-47F2-AA21-324478970005} - System32\Tasks\{C4F6C987-CCEF-4352-B95C-9E575F098C7C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
Task: {E717E7F7-A86B-4F7F-9F9A-ECD6D4E7D03B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EB926C67-6756-4A0A-B4C3-BF96F1E26A53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {ED4527CB-FD75-4455-ACB2-422E8DAA564B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {EECFC09F-3978-4D9F-B62C-020C0949C0DC} - System32\Tasks\{36B9D059-925F-4963-AC3D-7FAF1FAE5E34} => pcalua.exe -a "C:\Program Files (x86)\Secunia\PSI\uninstall.exe"
Task: {FD6707EE-7B51-4469-B45A-5128B662DD14} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDAD Administrator.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDad.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForWIN7LAPTOP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\DAD Administrator\Desktop\PC STUFF\BT\BT Broadband Life.LNK -> C:\Program Files (x86)\BTHomeHub\Launcher\LaunchHM.exe (British Telecommunications) -> hxxp://www.bt.com/setup/getbblife?s_cid=con_extlink_bb_installCD_getbblife <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visit eBay.co.uk.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cnnb&locale=en_gb&bd=all&c=94 <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-06-12 13:54 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dad\Desktop\Screenshot 2015-11 1st PHS.png:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\qualys.com -> hxxps://browsercheck.qualys.com
IE trusted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\secunia.com -> hxxps://psi.secunia.com
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\ghostery.com -> hxxps://ghostery.com
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\internet -> internet
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\surveymonkey.com -> hxxps://www.surveymonkey.com
IE restricted site: HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\zendesk.com -> hxxps://ghostery.zendesk.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3597321822-3438477668-356034365-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3597321822-3438477668-356034365-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\DAD Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{799484CB-7BCB-4874-A835-0565C6F8B52D}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{1DB0F66C-7875-45D4-9DA0-E6ABABBBDA8C}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{1E4BB896-842E-4F54-9B92-62186BEB0F79}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS53FC.tmp\SymNRT.exe
FirewallRules: [{B3E56F1D-3FFA-4BAE-98CC-361C6840F28A}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS53FC.tmp\SymNRT.exe
FirewallRules: [{653AB5A1-8E66-40C7-B6C9-75EF805409C4}] => (Allow) LPort=8888
FirewallRules: [{3FEC2C4B-2986-4ED0-96B0-7CD87F3A98D6}] => (Allow) LPort=8888
FirewallRules: [{45572AA2-E369-4FD0-BE98-06FDC96A550A}] => (Allow) LPort=54925
FirewallRules: [{B57B8C3C-C1E4-4D75-B9B4-6DEEFDB95261}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B11D386B-A1E6-426A-9637-9B81E4112A57}] => (Allow) LPort=2869
FirewallRules: [{16117ABD-3284-45C5-B5DD-B107331D65A9}] => (Allow) LPort=1900
FirewallRules: [{A7BE25E2-1602-408A-A87B-AD5E7426048B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{82B6BE62-DFEC-43B9-B99C-4B6AE3266FAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{684DFCBD-043A-4AE6-AD8B-8EF919BED1B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EF86AC9-0381-4A08-96D3-C2260A0EC612}] => (Allow) C:\Users\Dad\Desktop\solutoinstaller-x95fs27nk80z.exe
FirewallRules: [{C6012723-F688-4A18-AA27-C8ED083FB03A}] => (Allow) C:\Users\Dad\Desktop\solutoinstaller-x95fs27nk80z.exe
FirewallRules: [{79A89873-BEA3-4FE6-A10A-06C71E303C6E}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{1167F3AE-F3B6-49D2-A3C7-C9DD7C0C2449}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{86C94D28-BC0D-4957-AD9A-9252E7770D3B}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{B94D6C11-7688-4164-BFF8-28DC5CB5F2C0}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{F7B91B22-8288-453B-A2E8-9A1F1D2F2A97}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{09A38772-534C-40AF-859B-3616FFA2BB85}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{5772E546-B6D0-4397-84CB-BD0189C1B194}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS36AA.tmp\SymNRT.exe
FirewallRules: [{F3E9545A-49CE-4101-B9B6-2899EB71383E}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS36AA.tmp\SymNRT.exe
FirewallRules: [{BEB8514B-654D-4576-9AE4-25C345602B5A}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B34.tmp\SymNRT.exe
FirewallRules: [{FE160076-FD4A-4487-AA2C-0BDDFC61090B}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B24.tmp\SymNRT.exe
FirewallRules: [{2C73610B-04E6-43AC-B25C-20249639099C}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B34.tmp\SymNRT.exe
FirewallRules: [{3C3F8EF0-5BE5-4C30-83BF-7F5567AB47E4}] => (Allow) C:\Users\Dad\AppData\Local\Temp\7zS6B24.tmp\SymNRT.exe
FirewallRules: [{A45A60C4-992A-4FDC-9929-FA6B16C3959E}] => (Allow) C:\Users\DAD Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{498F9ECA-B13E-44CA-92CD-39F3E54E6460}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B713BF68-5283-4DAF-BDF6-92A5D37EEF73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{597E61E2-52A9-4D54-B15C-AF6E7FC61290}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A43497E-F182-4A4C-B7B0-45EDAD027D52}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D844C773-5C42-4908-9FBD-E93CB978B76F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2015 06:51:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/05/2015 06:41:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (12/05/2015 04:52:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (12/04/2015 11:54:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/04/2015 06:36:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/04/2015 06:04:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (12/03/2015 09:37:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/02/2015 02:19:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/01/2015 07:28:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/01/2015 04:55:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c28

Start Time: 01d12c4b144591a9

Termination Time: 62

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (12/05/2015 06:42:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (12/05/2015 06:03:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (12/05/2015 06:03:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

CodeIntegrity:
===================================
  Date: 2012-10-26 07:46:26.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-26 07:46:25.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-23 07:25:28.551
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-23 07:25:28.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-23 06:14:12.176
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-23 06:14:11.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-09 07:39:40.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-09 07:39:40.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 20:37:28.893
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 20:37:28.737
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 66%
Total physical RAM: 3998.93 MB
Available physical RAM: 1350.02 MB
Total Virtual: 23997.13 MB
Available Virtual: 20891.39 MB

==================== Drives ================================

Drive c: (Win7 laptop) (Fixed) (Total:285.3 GB) (Free:199.19 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.59 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (TRANSFERS) (Removable) (Total:14.9 GB) (Free:14.45 GB) FAT32
Drive g: (DAILY SAVES) (Removable) (Total:3.75 GB) (Free:3.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: CD602813)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#14 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 05 December 2015 - 05:39 PM

Thanks for the logs. I'll check them and reply tomorrow.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 06 December 2015 - 04:34 AM

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

First:

Show hidden Files and Folders

  • open Windows Explorer, (Windows key+E)
  • at the top, click on Organise, >Folder and search options
  • click on the “View” tab
  • under “Files and Folders”, place a check in Show hidden files, folders and drives

Next


  • go to C:\Users\DAD Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOP6VJGR
  • right click on FRST and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


HKLM\...\RunOnce: [125_1658763229422] => C:\Users\DAD Administrator\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat [371 2015-12-05] ()
HKU\S-1-5-21-3597321822-3438477668-356034365-1000\...\RunOnce: [125_1624637229422] => C:\Users\Dad\AppData\Local\LMIR0001.tmp_r.bat [323 2015-12-05] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
SearchScopes: HKLM -> {B4557A81-C839-4507-9F93-EAAF0EE84D65} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {37B025F4-A8D8-4D3A-B340-EA1265D66AC1} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {5C9D351B-C099-42CA-9C53-A5191D163A73} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> {B4557A81-C839-4507-9F93-EAAF0EE84D65} URL =
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll => No File
Toolbar: HKU\S-1-5-21-3597321822-3438477668-356034365-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [No File]
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S1 SABKUTIL; \??\C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RG6YMEFX\SASKUTIL.SYS [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2015-12-05 16:50 - 2015-12-05 16:50 - 00000323 _____ C:\Users\Dad\AppData\Local\LMIR0001.tmp_r.bat
2015-12-04 15:42 - 2015-12-04 15:43 - 00000000 ____D C:\Users\DAD Administrator\AppData\Local\NPE
2015-12-05 16:50 - 2015-10-13 06:40 - 00000000 ____D C:\Users\DAD Administrator\AppData\Local\LogMeIn Rescue Applet
2015-12-05 16:45 - 2015-08-27 06:23 - 00000000 ____D C:\Users\DAD Administrator\AppData\LocalLow\Adblock Plus for IE
2015-11-25 12:15 - 2015-10-18 06:57 - 00000000 ____D C:\Users\Dad with Flash\AppData\LocalLow\Adblock Plus for IE
2015-12-05 11:12 - 2015-05-27 22:15 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Adblock Plus for IE
Task: {4A72F792-D9D4-4914-95E3-631853551A11} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {4C0183FB-0A31-48C7-9720-4B0A25809E71} - \RegClean Pro -> No File <==== ATTENTION
hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cnnb&locale=en_gb&bd=all&c=94 <==== ATTENTION
C:\Windows\System32\DRIVERS\Lbd.sys
C:\Users\DAD Administrator\AppData\Local\AtStart.txt
C:\Users\DAD Administrator\AppData\Local\DSwitch.txt
C:\Users\DAD Administrator\AppData\Local\QSwitch.txt
C:\Users\DAD Administrator\AppData\Local\Resmon.ResmonCfg
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Download TFC to your desktop

  • close any open windows
  • double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • click the Start button to begin the process
  • allow TFC to run uninterrupted
  • the program should not take long to finish it's job
  • once its finished it should automatically reboot your machine
  • if it doesn't, manually reboot to ensure a complete clean.

====================================================

Download Malwarebytes-Anti-Malware

Click here.
 

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
  • select the “Scan” tab at the top
  • there are three scan types; choose Threat Scan, then click on Scan
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users