Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Friends HP PC with a R.A.T from her description


  • This topic is locked This topic is locked
30 replies to this topic

#1 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 06 February 2017 - 11:07 AM

Hi

I am working on a friends PC where she saw things being moved, opened and closed.

I am currently Cloning the hard Drive first and will most likely clone it twice.

 

I have run frst64.exe

contents of frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Francine (administrator) on FRANCINE-HP (05-02-2017 12:09:53)
Running from F:\
Loaded Profiles: Francine (Available Profiles: Francine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\dleacoms.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\ns.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\wscstub.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2011-03-09] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Print Software.lnk [2011-11-18]
ShortcutTarget: Marketsplash Print Software.lnk -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{6FC241E4-B85A-4094-8903-47811E27FF66}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {BE20B894-7F93-434C-AB01-926DEE96F2B5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000 -> {12D51509-9BEE-4A3A-A14D-9823971EB0D4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: (No Name) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2017-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @swiftview.com/SwiftView -> C:\Program Files (x86)\SwiftView\npsview.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2004777051-2563597916-3389062613-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Francine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-29] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Slides) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-25]
CHR Extension: (Google Docs) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-25]
CHR Extension: (Google Drive) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-25]
CHR Extension: (Yahoo Partner) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2017-01-26]
CHR Extension: (YouTube) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-25]
CHR Extension: (No Name) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-26]
CHR Extension: (Google Search) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]
CHR Extension: (Google Sheets) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (Norton Identity Safe) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-26]
CHR Extension: (Gmail) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2011-11-16] (Adobe Systems) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-09] (Portrait Displays, Inc.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [289080 2016-11-12] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20161208.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20161208.005\IDSvia64.sys [1012952 2016-10-28] (Symantec Corporation)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [36560 2016-03-10] (ITE Tech. Inc. )
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-12] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20161121.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20161121.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 12:08 - 2017-02-05 12:09 - 00000000 ____D C:\FRST
2017-02-01 15:41 - 2017-02-02 09:38 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForFrancine.job
2017-02-01 15:41 - 2017-02-01 17:43 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFrancine
2017-01-30 18:57 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-30 18:57 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-28 18:11 - 2016-09-12 16:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-01-28 18:11 - 2016-09-12 16:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-01-28 18:10 - 2016-05-13 17:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-28 18:10 - 2016-05-13 17:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-28 18:10 - 2016-05-13 17:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-28 18:10 - 2016-05-13 17:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-01-28 18:10 - 2016-05-13 16:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-28 18:10 - 2016-05-13 16:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-28 18:10 - 2016-05-13 16:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-28 18:10 - 2016-05-13 16:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-28 18:10 - 2016-05-13 16:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-28 18:10 - 2016-05-13 16:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-28 18:10 - 2016-05-13 16:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-01-28 18:10 - 2016-05-13 16:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-01-28 18:10 - 2016-05-13 16:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-28 18:10 - 2016-05-13 16:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-01-28 18:10 - 2016-05-13 16:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-01-28 18:10 - 2016-05-13 16:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-01-28 18:10 - 2016-05-12 10:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-28 18:07 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-28 18:07 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-28 18:07 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-28 18:07 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-01-28 18:07 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-01-28 18:07 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-01-28 18:07 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-01-28 18:07 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-01-28 18:07 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-01-28 18:07 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-01-28 18:07 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-01-28 18:07 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-01-28 18:07 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-01-28 18:07 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-01-28 18:07 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-28 18:07 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-01-28 18:07 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-01-28 18:07 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-01-28 18:07 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-01-28 18:07 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-01-28 18:07 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-01-28 18:07 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-01-28 18:07 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-01-28 18:07 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-01-28 18:07 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-01-28 18:07 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-01-28 18:07 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-01-28 18:07 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-01-28 18:07 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-01-28 18:07 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-01-28 18:07 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-01-28 18:07 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-01-28 18:07 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-01-28 18:07 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-01-28 18:07 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-01-28 18:07 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-01-28 18:07 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-01-28 18:07 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-01-28 18:07 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-01-28 18:07 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-01-28 18:07 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-01-28 18:07 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-01-28 18:07 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-01-28 18:07 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-01-28 18:07 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-01-28 18:07 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-01-28 18:07 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-01-28 18:07 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-28 18:07 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-01-28 18:07 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-01-28 18:07 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-01-28 18:07 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-01-28 18:07 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-01-28 18:07 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-01-28 18:07 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-01-28 18:07 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-01-28 18:07 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-01-28 18:07 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-01-28 18:07 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-01-28 18:07 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-01-28 18:07 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-01-28 18:07 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-01-28 18:07 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-01-28 18:07 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-01-28 18:07 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-01-28 18:07 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-01-28 18:07 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-01-28 18:07 - 2016-08-12 11:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-01-28 18:07 - 2016-08-12 11:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-01-28 18:07 - 2016-08-12 11:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-01-28 18:07 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-01-28 18:07 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-01-28 18:07 - 2016-08-06 09:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-01-28 18:07 - 2016-08-06 09:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-01-28 18:07 - 2016-08-06 09:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-01-28 18:07 - 2016-06-14 10:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-01-28 18:07 - 2016-06-14 10:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-01-28 18:06 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-28 18:06 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-28 18:06 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-28 18:06 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-28 18:06 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-28 18:06 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-28 18:06 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-28 18:06 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-28 18:06 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-01-28 18:06 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-28 18:06 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-01-28 18:06 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-01-28 18:06 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-01-28 18:06 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-01-28 18:06 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-01-28 18:06 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-01-28 18:06 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-01-28 18:06 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-01-28 18:06 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-01-28 18:06 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-01-28 18:06 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-01-28 18:06 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-01-28 18:06 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-01-28 18:06 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-28 18:06 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-01-28 18:06 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-01-28 18:06 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-01-28 18:06 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-01-28 18:06 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-01-28 18:06 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-01-28 18:06 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-01-28 18:06 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-01-28 18:06 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-01-28 18:06 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-01-28 18:06 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-01-28 18:06 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-01-28 18:06 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-01-28 18:06 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-01-28 18:06 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-28 18:06 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-01-28 18:06 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-01-28 18:06 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-01-28 18:06 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-01-28 18:06 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-01-28 18:06 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-01-28 18:06 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-01-28 18:06 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-01-28 18:06 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-01-28 18:06 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-01-28 18:06 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-01-28 18:06 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-01-28 18:06 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-28 18:06 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-01-28 18:06 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-01-28 18:06 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-01-28 18:06 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-01-28 18:06 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-01-28 18:06 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-28 18:06 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-01-28 18:06 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-01-28 18:06 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-01-28 18:06 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-01-28 18:06 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-01-28 18:06 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-01-28 18:06 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-01-28 18:06 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-01-28 18:06 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-01-28 18:06 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-01-28 18:06 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-01-28 18:06 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-01-28 18:06 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-01-28 18:06 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-01-28 18:06 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-01-28 18:06 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-01-28 18:06 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-01-28 18:06 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-01-28 18:06 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-01-28 18:06 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-01-28 18:06 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-01-28 18:06 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-01-28 18:06 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-01-28 18:06 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-01-28 18:06 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-01-28 18:06 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-01-28 18:06 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-01-28 18:06 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-01-28 18:06 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-01-28 18:06 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-01-28 18:06 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-01-28 18:06 - 2016-08-12 12:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-01-28 18:06 - 2016-08-12 12:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-01-28 18:06 - 2016-08-12 12:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-01-28 18:06 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-01-28 18:06 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-01-28 18:06 - 2016-08-12 11:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-01-28 18:06 - 2016-08-06 10:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-01-28 18:06 - 2016-08-06 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-01-28 18:06 - 2016-07-07 10:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-01-28 18:06 - 2016-07-07 10:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-01-28 18:06 - 2016-07-07 10:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-01-28 18:06 - 2016-07-07 10:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-01-28 18:06 - 2016-06-14 12:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-01-28 18:06 - 2016-06-14 12:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-01-28 18:06 - 2016-06-14 12:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-01-28 18:06 - 2016-06-14 10:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-01-28 18:06 - 2016-06-14 10:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-01-28 18:06 - 2016-06-14 10:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-01-28 18:06 - 2016-06-14 10:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-01-28 18:06 - 2016-06-14 10:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-01-28 18:05 - 2016-08-29 10:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-28 18:05 - 2016-08-29 10:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-01-28 18:05 - 2016-08-29 10:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-28 18:05 - 2016-08-29 10:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-01-28 18:05 - 2016-08-29 10:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-01-28 18:05 - 2016-08-29 09:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-01-28 18:05 - 2016-08-16 15:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-01-26 23:36 - 2017-01-26 23:36 - 07680000 _____ C:\Program Files (x86)\GUT9AC9.tmp
2017-01-26 23:36 - 2017-01-26 23:36 - 00000000 ____D C:\Program Files (x86)\GUM9A6A.tmp
2017-01-26 11:24 - 2016-08-12 11:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-01-26 11:24 - 2016-08-12 11:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-01-26 11:24 - 2016-08-12 11:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-01-24 11:43 - 2017-01-24 11:44 - 00000061 _____ C:\Users\Francine\Desktop\norton Info.txt
2017-01-23 13:46 - 2017-01-23 13:46 - 00002412 _____ C:\ProgramData\SMRResults510.dat
2017-01-23 13:34 - 2017-01-24 11:13 - 00000000 ____D C:\ProgramData\Norton VRQ
2017-01-23 13:34 - 2017-01-24 11:13 - 00000000 ____D C:\Program Files (x86)\VRQ
2017-01-22 19:36 - 2017-01-22 19:36 - 00000000 ____D C:\Users\Francine\AppData\Local\IsolatedStorage
2017-01-22 19:29 - 2017-01-23 10:18 - 00000000 ____D C:\ProgramData\VIPRE
2017-01-22 19:26 - 2017-01-24 11:15 - 00000000 ____D C:\Program Files (x86)\VIPRE
2017-01-22 19:25 - 2017-01-22 19:36 - 00000000 ____D C:\Users\Francine\AppData\Roaming\VIPRE
2017-01-22 19:25 - 2017-01-22 19:25 - 00000000 ____D C:\Users\Francine\AppData\Local\VIPRE
2017-01-21 13:58 - 2017-01-21 13:58 - 00056310 _____ C:\Users\Francine\Documents\credit counseling.pdf
2017-01-17 20:09 - 2017-01-16 14:06 - 00801972 _____ C:\Users\Francine\Documents\Hippaa.RRoseHIPAAWeb031016.pdf
2017-01-17 19:33 - 2017-01-16 14:05 - 00200132 _____ C:\Users\Francine\Documents\Hippa Supplement.pdf
2017-01-14 17:33 - 2017-01-26 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Cloud
2017-01-14 17:33 - 2017-01-14 17:33 - 00000000 ____D C:\ProgramData\Piriform
2017-01-14 17:32 - 2017-01-26 23:29 - 00000000 ____D C:\Program Files (x86)\CCleaner Cloud
2017-01-13 13:09 - 2017-01-13 13:09 - 00024765 _____ C:\ComboFix.txt
2017-01-13 12:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-11 14:39 - 2017-01-16 11:02 - 00000000 ____D C:\Users\Francine\Desktop\Hunnaman
2017-01-10 14:53 - 2017-01-10 14:53 - 00356001 _____ C:\Users\Francine\Documents\Hunnaman.thoracic.pdf
2017-01-09 15:30 - 2017-01-09 15:30 - 02979551 _____ C:\Users\Francine\Documents\morajose.Planers Report _2 -1110-1118 West Front St - 12-2-16.pdf
2017-01-09 15:28 - 2017-01-09 15:28 - 00619352 _____ C:\Users\Francine\Documents\morajose.stires.pdf
2017-01-09 15:26 - 2017-01-09 15:26 - 00290013 _____ C:\Users\Francine\Documents\morajose.architect.pdf
2017-01-06 18:44 - 2017-01-06 18:44 - 00079608 _____ C:\Users\Francine\Documents\muncy.residency.pdf
2017-01-06 18:25 - 2017-01-06 18:39 - 00093927 _____ C:\Users\Francine\Documents\muncy.aff.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 12:03 - 2012-03-29 14:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-05 12:03 - 2011-09-12 16:23 - 00000000 ____D C:\ProgramData\PDFC
2017-02-05 09:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-05 08:31 - 2016-11-18 15:59 - 00246134 _____ C:\Windows\ntbtlog.txt
2017-02-05 08:19 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-05 08:19 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-05 08:13 - 2009-07-14 00:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-05 08:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-04 17:09 - 2011-09-19 14:42 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D71B77C-82A1-4597-B38C-FB1768D59DB1}
2017-02-01 17:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-30 21:09 - 2015-11-01 20:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-29 19:17 - 2009-07-13 23:45 - 00338488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-29 19:15 - 2014-12-10 12:06 - 00000000 ____D C:\Windows\system32\appraiser
2017-01-29 19:15 - 2014-05-06 15:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-01-29 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-01-29 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2017-01-28 21:33 - 2013-07-25 11:27 - 00000000 ____D C:\Windows\system32\MRT
2017-01-28 21:28 - 2011-09-23 09:35 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-28 19:57 - 2013-12-12 14:54 - 00438272 ___SH C:\Users\Francine\Documents\Thumbs.db
2017-01-28 17:51 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2017-01-28 13:15 - 2011-02-11 12:15 - 00775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-01-27 09:18 - 2012-03-29 14:03 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-27 09:18 - 2012-03-29 14:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-27 09:18 - 2011-11-17 11:39 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-27 09:18 - 2011-09-27 09:36 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-27 09:18 - 2011-09-12 16:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-27 09:09 - 2016-04-25 17:45 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-27 09:09 - 2016-04-25 17:45 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-27 08:55 - 2015-06-24 21:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-27 08:55 - 2015-06-24 21:20 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-27 08:54 - 2014-12-28 16:29 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-26 23:35 - 2011-09-19 14:25 - 00000000 ____D C:\Users\Francine
2017-01-26 23:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-26 23:32 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-26 23:30 - 2016-11-21 09:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2017-01-26 23:30 - 2015-12-10 10:08 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-01-26 23:30 - 2014-11-23 11:26 - 00000000 ____D C:\Windows\erdnt
2017-01-26 23:30 - 2012-04-26 09:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2017-01-26 23:30 - 2012-04-24 12:59 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-01-26 23:30 - 2011-12-05 14:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-01-26 23:30 - 2011-09-12 15:57 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-01-26 23:30 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-01-26 23:29 - 2016-11-18 16:10 - 00000000 ___SD C:\ComboFix
2017-01-26 23:29 - 2016-10-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-26 23:29 - 2016-10-12 18:32 - 00000000 ____D C:\Program Files\CCleaner
2017-01-26 23:29 - 2016-09-19 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-26 23:29 - 2016-09-15 09:56 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-26 23:29 - 2016-09-15 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-26 23:29 - 2016-09-15 09:56 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-26 23:29 - 2016-04-10 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-26 23:29 - 2016-04-10 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-26 23:29 - 2016-02-12 22:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-01-26 23:29 - 2016-02-12 22:55 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-01-26 23:29 - 2016-02-12 22:54 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-01-26 23:29 - 2016-01-11 23:28 - 00000000 ____D C:\FixMeStick
2017-01-26 23:29 - 2011-09-19 14:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-01-26 23:29 - 2011-09-12 16:41 - 00000000 ____D C:\ProgramData\Norton
2017-01-26 23:29 - 2011-09-12 16:09 - 00000000 ____D C:\ProgramData\RoxioNow
2017-01-26 23:28 - 2014-09-26 22:11 - 00000000 ____D C:\Windows\Minidump
2017-01-26 23:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-01-26 23:11 - 2011-12-19 20:41 - 00000000 ____D C:\Users\Francine\AppData\LocalLow\Google
2017-01-26 23:11 - 2011-12-05 14:41 - 00000000 ____D C:\Users\Francine\AppData\Roaming\SoftGrid Client
2017-01-26 23:09 - 2014-11-23 11:26 - 00000000 ____D C:\Qoobox
2017-01-26 23:09 - 2014-04-18 11:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 23:07 - 2014-10-20 22:40 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-26 23:07 - 2014-02-28 11:29 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-26 23:07 - 2011-09-12 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-26 21:39 - 2011-11-16 11:51 - 00000000 ____D C:\Users\Francine\AppData\Local\CrashDumps
2017-01-26 20:41 - 2016-12-28 18:11 - 00000000 ____D C:\Users\Francine\AppData\Local\LogMeIn Rescue Applet
2017-01-26 11:20 - 2016-04-14 10:39 - 00000000 ____D C:\Users\Francine\Desktop\douglas
2017-01-24 11:31 - 2014-11-10 17:19 - 00000000 ____D C:\Users\Francine\AppData\Local\Deployment
2017-01-22 21:57 - 2011-11-22 12:22 - 00000000 ____D C:\Users\Francine\AppData\Local\ElevatedDiagnostics
2017-01-22 16:10 - 2015-01-26 22:46 - 00000000 ____D C:\Users\Francine\AppData\Local\NPE
2017-01-16 12:31 - 2015-01-26 22:47 - 00000000 ____D C:\NPE
2017-01-13 12:36 - 2016-08-10 19:03 - 00002498 _____ C:\Users\Francine\Desktop\Rkill.txt
2017-01-10 07:26 - 2016-01-12 03:42 - 00000000 ____D C:\FixMeStick Quarantine

==================== Files in the root of some directories =======

2017-01-26 23:36 - 2017-01-26 23:36 - 7680000 _____ () C:\Program Files (x86)\GUT9AC9.tmp
2015-05-28 19:31 - 2015-05-28 19:32 - 0131072 ____H () C:\Users\Francine\AppData\Roaming\svfiles.log
2014-12-11 10:48 - 2015-05-28 20:38 - 0000114 _____ () C:\Users\Francine\AppData\Roaming\sview.ini
2012-07-17 12:49 - 2012-07-17 12:49 - 0081056 _____ () C:\Users\Francine\AppData\Local\tmp2012 018_2.JPG
2012-11-16 18:01 - 2012-11-16 18:01 - 0006865 _____ () C:\Users\Francine\AppData\Local\tmpHALLOWEEN2012.1.0
2012-11-16 18:01 - 2012-11-16 18:01 - 0007052 _____ () C:\Users\Francine\AppData\Local\tmpHALLOWEEN2012.1.JPG
2014-11-19 22:55 - 2014-11-19 22:55 - 0131212 _____ () C:\Users\Francine\AppData\Local\tmpIMG_6918_2.JPG
2012-07-17 12:49 - 2012-07-17 12:49 - 0081056 _____ () C:\Users\Francine\AppData\Local\tmpOri2012 018_2.JPG
2012-09-11 19:44 - 2012-09-11 19:44 - 0046622 _____ () C:\Users\Francine\AppData\Local\tmpOriGF ORDER 1OF2_2.0
2012-09-11 19:44 - 2012-09-11 19:44 - 0063214 _____ () C:\Users\Francine\AppData\Local\tmpOriGF ORDER 1OF2_2.1
2012-11-16 18:01 - 2012-11-16 18:01 - 0006865 _____ () C:\Users\Francine\AppData\Local\tmpOriHALLOWEEN2012.1.0
2012-11-16 18:01 - 2012-11-16 18:01 - 0007052 _____ () C:\Users\Francine\AppData\Local\tmpOriHALLOWEEN2012.1.JPG
2013-05-28 22:27 - 2013-05-28 22:27 - 0129842 _____ () C:\Users\Francine\AppData\Local\tmpOriIMG_20130528_223840_014_2.0
2013-05-28 22:27 - 2013-05-28 22:27 - 0178414 _____ () C:\Users\Francine\AppData\Local\tmpOriIMG_20130528_223840_014_2.1
2014-11-19 22:55 - 2014-11-19 22:55 - 0131212 _____ () C:\Users\Francine\AppData\Local\tmpOriIMG_6918_2.JPG
2012-05-28 20:27 - 2012-05-28 20:27 - 0080951 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0009_2.0
2012-05-28 20:27 - 2012-05-28 20:27 - 0113858 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0009_2.JPG
2013-02-04 23:00 - 2013-02-04 23:00 - 0066056 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_2.0
2013-02-04 23:00 - 2013-02-04 23:00 - 0049767 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_2.JPG
2013-03-06 21:50 - 2013-03-06 21:50 - 0104884 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_3.0
2013-03-06 21:50 - 2013-03-06 21:50 - 0082368 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_3.JPG
2013-02-08 19:27 - 2013-02-08 19:27 - 0064033 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0079_2.0
2013-04-03 16:07 - 2013-04-03 16:07 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_2.0
2013-04-03 16:07 - 2013-04-03 16:07 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_2.JPG
2013-04-03 16:12 - 2013-04-03 16:12 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_3.0
2013-04-03 16:12 - 2013-04-03 16:12 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_3.JPG
2013-04-04 14:13 - 2013-04-04 14:13 - 0053771 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0087_2.0
2013-04-04 14:13 - 2013-04-04 14:13 - 0071938 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0087_2.JPG
2013-04-04 14:14 - 2013-04-04 14:14 - 0083923 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0089_2.0
2013-04-04 14:14 - 2013-04-04 14:14 - 0065350 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0089_2.JPG
2013-04-04 14:20 - 2013-04-04 14:20 - 0073489 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0090_2.0
2013-04-04 14:20 - 2013-04-04 14:20 - 0056218 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0090_2.JPG
2013-03-10 11:42 - 2013-03-10 11:42 - 0088421 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0093_2.0
2014-10-27 19:08 - 2014-10-27 19:08 - 0106324 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0107_2.0
2013-06-21 18:47 - 2013-06-21 18:47 - 0176204 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0109_2.0
2013-06-21 18:51 - 2013-06-21 18:51 - 0158175 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0110_2.0
2013-06-21 18:51 - 2013-06-21 18:51 - 0127221 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0110_2.1
2013-06-21 18:51 - 2013-06-21 18:51 - 0127279 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0110_2.2
2011-12-23 11:18 - 2011-12-23 11:18 - 0081742 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0111_2.0
2011-12-23 11:18 - 2011-12-23 11:18 - 0064474 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0111_2.JPG
2013-06-21 18:54 - 2013-06-21 18:54 - 0173529 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0111_3.0
2013-03-04 11:09 - 2013-03-04 11:09 - 0083576 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0116_2.0
2013-03-04 11:09 - 2013-03-04 11:09 - 0064451 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0116_2.JPG
2012-11-16 18:12 - 2012-11-16 18:12 - 0071141 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0117_6.0
2012-11-16 18:12 - 2012-11-16 18:12 - 0053834 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0117_6.JPG
2013-03-18 18:43 - 2013-03-18 18:43 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_2.0
2013-03-18 18:43 - 2013-03-18 18:43 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_2.JPG
2013-03-18 18:53 - 2013-03-18 18:53 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_3.0
2013-03-18 19:00 - 2013-03-18 19:00 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_4.0
2013-03-18 19:00 - 2013-03-18 19:00 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_4.JPG
2012-04-26 10:59 - 2012-04-26 10:59 - 0044026 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0119_2.0
2012-04-26 10:59 - 2012-04-26 10:59 - 0065751 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0119_2.JPG
2012-05-21 10:29 - 2012-05-21 10:29 - 0042026 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0120_2.0
2012-05-21 10:27 - 2012-05-21 10:27 - 0086166 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0121_2.0
2012-05-21 09:51 - 2012-05-21 09:51 - 0057639 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0124_2.0
2012-05-21 09:47 - 2012-05-21 09:47 - 0079124 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0125 (1)_2.0
2012-05-21 09:47 - 2012-05-21 09:47 - 0061552 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0125 (1)_2.JPG
2013-06-21 18:17 - 2013-06-21 18:17 - 0138064 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0128_4.0
2013-06-21 18:17 - 2013-06-21 18:17 - 0110205 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0128_4.JPG
2014-10-03 14:15 - 2014-10-03 14:15 - 0092969 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0130_3.0
2012-06-18 11:23 - 2012-06-18 11:23 - 0105555 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_2.0
2013-06-21 19:15 - 2013-06-21 19:15 - 0156315 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_3.0
2014-09-15 15:29 - 2014-09-15 15:29 - 0097034 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_4.0
2014-09-15 15:29 - 2014-09-15 15:29 - 0074218 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_4.JPG
2012-06-24 18:44 - 2012-06-24 19:21 - 0067313 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_2.0
2012-06-24 18:54 - 2012-06-24 18:54 - 0111335 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_3.0
2012-06-24 18:54 - 2012-06-24 18:54 - 0089921 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_3.JPG
2013-06-21 18:45 - 2013-06-21 18:45 - 0177151 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_4.0
2013-06-21 18:41 - 2013-06-21 18:41 - 0109323 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0134_2.0
2013-06-21 18:41 - 2013-06-21 18:41 - 0087952 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0134_2.JPG
2013-06-21 18:24 - 2013-06-21 18:24 - 0129680 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0135_4.0
2013-01-06 21:42 - 2013-01-06 21:41 - 0092502 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0136_2.0
2014-09-27 21:36 - 2014-09-27 21:36 - 0109699 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0138_2.0
2014-09-27 21:36 - 2014-09-27 21:36 - 0086283 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0138_2.JPG
2014-09-26 21:50 - 2014-09-26 21:50 - 0122876 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0140_2.0
2014-09-26 21:50 - 2014-09-26 21:50 - 0097546 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0140_2.JPG
2014-09-26 21:48 - 2014-09-26 21:48 - 0140661 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0141_2.0
2014-09-26 21:48 - 2014-09-26 21:48 - 0112874 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0141_2.JPG
2014-09-26 19:42 - 2014-09-26 19:42 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_2.0
2014-09-26 19:44 - 2014-09-26 19:44 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_3.0
2014-09-26 19:44 - 2014-09-26 19:44 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_3.JPG
2014-09-26 22:30 - 2014-09-26 22:30 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_5.0
2014-09-26 22:30 - 2014-09-26 22:30 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_5.JPG
2014-10-27 09:56 - 2014-10-27 09:56 - 0089054 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0159_3.0
2014-10-27 09:56 - 2014-10-27 09:56 - 0067952 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0159_3.JPG
2013-08-07 10:40 - 2013-08-07 10:40 - 0065533 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0160_2.0
2013-08-07 10:40 - 2013-08-07 10:40 - 0048563 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0160_2.JPG
2014-08-01 12:14 - 2014-08-01 12:14 - 0095997 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0190_2.0
2014-08-01 12:14 - 2014-08-01 12:14 - 0075519 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0190_2.JPG
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.0
2014-08-12 20:42 - 2014-08-12 20:42 - 0101482 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.1
2014-08-12 20:42 - 2014-08-12 20:42 - 0103900 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.2
2014-08-12 20:42 - 2014-08-12 20:42 - 0102720 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.3
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.JPG
2012-04-26 15:58 - 2012-04-26 15:58 - 0005398 _____ () C:\Users\Francine\AppData\Local\tmpOriPICINMANSION.0
2012-04-26 15:58 - 2012-04-26 15:58 - 0005551 _____ () C:\Users\Francine\AppData\Local\tmpOriPICINMANSION.JPG
2012-05-28 20:27 - 2012-05-28 20:27 - 0080951 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0009_2.0
2012-05-28 20:27 - 2012-05-28 20:27 - 0113858 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0009_2.JPG
2013-02-04 23:00 - 2013-02-04 23:00 - 0066056 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_2.0
2013-02-04 23:00 - 2013-02-04 23:00 - 0049767 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_2.JPG
2013-03-06 21:50 - 2013-03-06 21:50 - 0104884 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_3.0
2013-03-06 21:50 - 2013-03-06 21:50 - 0082368 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_3.JPG
2013-04-03 16:07 - 2013-04-03 16:07 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_2.0
2013-04-03 16:07 - 2013-04-03 16:07 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_2.JPG
2013-04-03 16:12 - 2013-04-03 16:12 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_3.0
2013-04-03 16:12 - 2013-04-03 16:12 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_3.JPG
2013-04-04 14:13 - 2013-04-04 14:13 - 0053771 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0087_2.0
2013-04-04 14:13 - 2013-04-04 14:13 - 0071938 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0087_2.JPG
2013-04-04 14:14 - 2013-04-04 14:14 - 0083923 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0089_2.0
2013-04-04 14:14 - 2013-04-04 14:14 - 0065350 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0089_2.JPG
2013-04-04 14:20 - 2013-04-04 14:20 - 0073489 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0090_2.0
2013-04-04 14:20 - 2013-04-04 14:20 - 0056218 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0090_2.JPG
2011-12-23 11:18 - 2011-12-23 11:18 - 0081742 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0111_2.0
2011-12-23 11:18 - 2011-12-23 11:18 - 0064474 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0111_2.JPG
2013-03-04 11:09 - 2013-03-04 11:09 - 0083576 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0116_2.0
2013-03-04 11:09 - 2013-03-04 11:09 - 0064451 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0116_2.JPG
2012-11-16 18:12 - 2012-11-16 18:12 - 0071141 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0117_6.0
2012-11-16 18:12 - 2012-11-16 18:12 - 0053834 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0117_6.JPG
2013-03-18 18:43 - 2013-03-18 18:43 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_2.0
2013-03-18 18:43 - 2013-03-18 18:43 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_2.JPG
2013-03-18 19:00 - 2013-03-18 19:00 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_4.0
2013-03-18 19:00 - 2013-03-18 19:00 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_4.JPG
2012-04-26 10:59 - 2012-04-26 10:59 - 0044026 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0119_2.0
2012-04-26 10:59 - 2012-04-26 10:59 - 0065751 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0119_2.1
2012-04-26 10:59 - 2012-04-26 10:59 - 0084806 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0119_2.JPG
2012-05-21 09:47 - 2012-05-21 09:47 - 0079124 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0125 (1)_2.0
2012-05-21 09:48 - 2012-05-21 09:47 - 0061552 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0125 (1)_2.JPG
2013-06-21 18:17 - 2013-06-21 18:17 - 0138064 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0128_4.0
2013-06-21 18:17 - 2013-06-21 18:17 - 0110205 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0128_4.JPG
2014-09-15 15:29 - 2014-09-15 15:29 - 0097034 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0131_4.0
2014-09-15 15:29 - 2014-09-15 15:29 - 0074218 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0131_4.JPG
2012-06-24 18:54 - 2012-06-24 18:54 - 0111335 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0133_3.0
2012-06-24 18:54 - 2012-06-24 18:54 - 0089921 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0133_3.JPG
2013-06-21 18:41 - 2013-06-21 18:41 - 0109323 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0134_2.0
2013-06-21 18:41 - 2013-06-21 18:41 - 0087952 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0134_2.JPG
2014-09-27 21:36 - 2014-09-27 21:36 - 0109699 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0138_2.0
2014-09-27 21:36 - 2014-09-27 21:36 - 0086283 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0138_2.JPG
2014-09-26 21:50 - 2014-09-26 21:50 - 0122876 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0140_2.0
2014-09-26 21:50 - 2014-09-26 21:50 - 0097546 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0140_2.JPG
2014-09-26 21:48 - 2014-09-26 21:48 - 0140661 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0141_2.0
2014-09-26 21:48 - 2014-09-26 21:48 - 0112874 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0141_2.JPG
2014-09-26 19:44 - 2014-09-26 19:44 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_3.0
2014-09-26 19:44 - 2014-09-26 19:44 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_3.JPG
2014-09-26 22:30 - 2014-09-26 22:30 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_5.0
2014-09-26 22:30 - 2014-09-26 22:30 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_5.JPG
2014-10-27 09:56 - 2014-10-27 09:56 - 0089054 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.0
2014-10-27 09:56 - 2014-10-27 09:56 - 0067952 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.1
2014-10-27 09:57 - 2014-10-27 09:56 - 0075766 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.2
2014-10-27 09:57 - 2014-10-27 09:57 - 0073401 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.JPG
2013-08-07 10:40 - 2013-08-07 10:40 - 0065533 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0160_2.0
2013-08-07 10:40 - 2013-08-07 10:40 - 0048563 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0160_2.JPG
2014-08-01 12:14 - 2014-08-01 12:14 - 0095997 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0190_2.0
2014-08-01 12:14 - 2014-08-01 12:14 - 0075519 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0190_2.JPG
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.0
2014-08-12 20:42 - 2014-08-12 20:42 - 0101482 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.1
2014-08-12 20:42 - 2014-08-12 20:42 - 0103900 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.2
2014-08-12 20:42 - 2014-08-12 20:42 - 0102720 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.3
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.JPG
2012-04-26 15:58 - 2012-04-26 15:58 - 0005398 _____ () C:\Users\Francine\AppData\Local\tmpPICINMANSION.0
2012-04-26 15:58 - 2012-04-26 15:58 - 0005551 _____ () C:\Users\Francine\AppData\Local\tmpPICINMANSION.1
2012-04-26 15:58 - 2012-04-26 15:58 - 0006720 _____ () C:\Users\Francine\AppData\Local\tmpPICINMANSION.JPG
2011-11-14 22:29 - 2011-11-14 22:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-23 13:46 - 2017-01-23 13:46 - 0002412 _____ () C:\ProgramData\SMRResults510.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults510.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-01 17:10

==================== End of FRST.txt ============================


Edited by hamluis, 06 February 2017 - 11:11 AM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,661 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:05 AM

Posted 06 February 2017 - 02:47 PM

Hi rotor123,

What scans have you run prior posting the FRST scan log? Can you also post the Addition.txt file which is located in the same directory as FRST.exe (or FRST64.exe)?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 06 February 2017 - 04:37 PM

Hi rotor123,

What scans have you run prior posting the FRST scan log? Can you also post the Addition.txt file which is located in the same directory as FRST.exe (or FRST64.exe)?

Hi

I have not run any other scans :) Was I supposed to? I seem to recall not to do that sort of thing. BTW a little further information that may or may not help. I do not have that computer hooked to the Internet either wired or wireless so I am using a flash drive to move the scans to it and back to this one I am posting from.

Also The first time I turned it on I got the loading windows and a blank black screen until I used the power button to shut it off and since then It has been OK. I do not know if there is any correlation to that and the malware. The HP is a All-In-One not that it should make much difference. I find that despite being around 6 years old that there is not a lot of hard drive space used. I am still working on the first backup of its hard drive. The first tries all threw an error despite my using hardware that is Good and works on my PC. This latest try with a 1.5 TB UBS External is working so far, Knock Wood.

before I forget She mentioned that Norton support could not find anything despite her seeing things opening and closing on their own. Hopefully You will not have a hard time with this one. I wish I had the training to do this type of work, however I know my limitations.

 

I thought I had attached the Addition.txt file. It said attached and then I was having trouble posting so that is most likely the reason.

 

Addition.txt file Below

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Francine (05-02-2017 12:11:27)
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-19 19:25:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2004777051-2563597916-3389062613-500 - Administrator - Disabled)
Francine (S-1-5-21-2004777051-2563597916-3389062613-1000 - Administrator - Enabled) => C:\Users\Francine
Guest (S-1-5-21-2004777051-2563597916-3389062613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2004777051-2563597916-3389062613-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACH Origination Application (x32 Version: 5.1.1.3 - Fiserv) Hidden
AddressBook Viewer (HKLM\...\{5DBF8535-FEAA-42E7-B4B3-F679113B0844}) (Version: 1.17.000 - Oki Data Corporation)
Adobe Acrobat 7.1.0 Standard (HKLM-x32\...\Adobe Acrobat 7.0 Standard) (Version: 7.1.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Downloader (HKLM-x32\...\{9B126205-473E-4659-853C-4F57830E223F}) (Version: 1.16.000 - Oki Data Corporation)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.03.021 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Apps Center (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4913 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.4913 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1513D}) (Version: 3.0.4024.33750 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.4928 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3603 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marketsplash Print Software (HKLM-x32\...\{61933675-EFC7-4190-90B6-5AD56E1D9294}) (Version: 1.0.1.31 - Hewlett-Packard)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.6112.5001 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0080-0409-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.8.1.14 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
OKI MC7x0/ES74x0 MFP(TWAIN) (HKLM-x32\...\{6FECB09C-5CC0-4B1B-B53F-457F2F3663C7}) (Version: 1.16.000 - Oki Data Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
R.U.S.E. for TouchSmart (HKLM-x32\...\{E6753FCB-B508-4C74-9686-17032281AF38}_is1) (Version: 1.0.0.0 - Ubisoft)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Remote Scan driver (HKLM-x32\...\{D241BBE8-07BF-4D4A-A620-E5B843367C18}) (Version: 1.16.000 - Oki Data Corporation)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0396D381-14D4-4611-9530-A9840FCC3775} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {05A8938B-E091-4F31-B6D5-86DEBBAA29CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-27] (Adobe Systems Incorporated)
Task: {0683B6DF-B501-45D6-902A-67E2FF9E7287} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-12-03] (CyberLink)
Task: {0DE37640-2935-46E6-A9BB-46C8457891BE} - System32\Tasks\{C012C864-5B3F-4955-8304-5E8D357C51E1} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {1900F2F4-ECAC-4049-B2E5-30E2DAEADC1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {24002266-D879-490F-B168-0151D9716CF9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\SymErr.exe
Task: {2D347C23-55A2-4F14-B84E-4D77748B6E73} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\SymErr.exe
Task: {317C12DF-AFAF-4D3F-98EF-B9EDAE9FC1C7} - System32\Tasks\HPCeeScheduleForFrancine => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {332CD4C8-7D05-4B63-A12B-78AFD7169205} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {39A6CC12-EFA6-409C-A9AB-11F1F872B429} - System32\Tasks\{4F4F1800-32FD-4753-8E83-940B16DA8484} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2015-03-18] (Microsoft Corporation)
Task: {40CDACFC-EC46-431B-850F-2944015F4A37} - System32\Tasks\{53BF563B-3F85-4802-9A40-7C1F3D151A92} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {53FB4A73-5F7D-493F-A0FB-1A7650F340CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {550300AE-73E8-4738-9CF0-8374BBA4E3AF} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {5A64891B-E197-4888-87DB-D0387CAA9BC3} - System32\Tasks\{16ABD7FC-462B-4C37-8D45-70B4D649D326} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {60348D2D-5F15-4936-8537-C5AEB80329FE} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe
Task: {67D9A954-4EE0-466A-90DE-028A6E92B143} - System32\Tasks\{6AF39446-9D15-4334-8BB5-04C7F05E97D1} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {6F210FFE-BFBF-43EC-8254-5D85B3AF327B} - System32\Tasks\{5C2806E0-3EC3-47E3-B153-B6FBD4FC3E73} => pcalua.exe -a "C:\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0LAI121\sp51358.exe" -d C:\Users\Francine\Desktop
Task: {762CA89B-A65D-4029-93E1-4494E3C5F700} - System32\Tasks\{BC7D1C8D-2F73-4B1F-9BAD-407525C5A8E6} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2015-03-18] (Microsoft Corporation)
Task: {79FB3DA0-33C9-497F-9B60-E4684D4D718E} - System32\Tasks\{36CC44DA-EEC6-4AAA-9A67-E9B2D345D513} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {7E64F894-B044-401D-B252-09D4BEA7DDFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {7F8E26A2-949D-4DA3-8B98-11F1D4DAD87E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {8F318259-E251-4D4D-B999-27915453CA4E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-11] (Symantec Corporation)
Task: {A16D15BB-AFDC-4287-97A6-248B48204756} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {A824251B-E0C0-4DB9-8496-4018C4C61033} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {AAC5A864-ABED-4BF3-BE44-90DC9F3FF37C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AB7D6EAF-7E2F-4D7D-B41D-194B571B3D72} - System32\Tasks\{9A285A0E-29BB-4968-BDD2-281D9F039EAE} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {AC890A9E-C6D1-4AED-9EDE-A224F95EBF71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {AF829934-D716-4CE6-A9F4-27E828EB9D24} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {B556F4F8-2868-4A20-8F4E-2D219143B8FA} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {B5684915-1695-4AEA-A22F-D7101E25AED3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BACB5469-B222-421F-8954-2E286243F529} - System32\Tasks\{50DB77E7-C3B2-4BD5-9C9A-F2F29D214B6B} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {C5A02B1E-FD41-4C0B-9D9E-3D0E32DDB392} - System32\Tasks\{F9C65906-0B2C-4395-B28B-BCB4C5DA9553} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2016-11-16] (Microsoft Corporation)
Task: {D7F95A4E-431A-4627-8F01-0789F492DF54} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\AnVir Task Manager Free\anvir.exe
Task: {DCC9E818-61D5-4832-83C0-1D7FE62E31FC} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {F3048323-9EB1-4B19-ADB6-15E8202B2A34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {F4423358-65CD-428F-A41F-FC79FE4863A5} - System32\Tasks\{65845973-D94C-413F-BEA4-FFCF056DE019} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {F78C94DD-B549-4E5E-BE22-44BB9E14DE1F} - System32\Tasks\{D038583C-94C0-48C7-85A4-BD2492336EB4} => pcalua.exe -a "C:\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0LAI121\AdobeAIRInstaller.exe" -d C:\Users\Francine\Desktop
Task: {FEC23BDA-6A55-4D42-A093-699B922CF3D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFrancine.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-09-19 14:38 - 2009-11-04 07:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2015-06-24 21:20 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-25 13:41 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-12 16:11 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2009-06-08 18:45 - 2009-06-08 18:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-09-12 15:56 - 2011-09-12 15:56 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-12 16:19 - 2011-02-15 12:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [296]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\.DEFAULT\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\.DEFAULT\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\.DEFAULT\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\.DEFAULT\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\.DEFAULT\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\.DEFAULT\...\swiftview.com -> hxxp://products.swiftview.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-19\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\S-1-5-19\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\S-1-5-19\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-19\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-19\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\S-1-5-19\...\swiftview.com -> hxxp://products.swiftview.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-20\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\S-1-5-20\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\S-1-5-20\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-20\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-20\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\S-1-5-20\...\swiftview.com -> hxxp://products.swiftview.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftview.com -> hxxp://products.swiftview.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-09-29 13:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Francine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AEE4981-BF02-4072-86E3-380ECA751750}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe
FirewallRules: [{D50721AA-9D91-4FE0-AF87-64DF406C1A9E}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe
FirewallRules: [{B01772AC-FE63-4DA6-B6AE-F05144CFE109}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe
FirewallRules: [{DE015D48-9993-4194-837C-6717532FA5F4}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe
FirewallRules: [{D19AA83D-EC76-4A6F-86F4-1603E443F037}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe
FirewallRules: [{E454AC54-5D8D-4E1C-AA76-A728A17BD6D5}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe
FirewallRules: [{C6116CC7-2A1D-4BF6-B55D-38C2CE9FCC75}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{99788C81-5197-4CA6-B9E4-256C2A6330DD}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{FD6A8945-2226-4DF3-99F8-9FC6DA248276}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{82B38456-A2B9-441C-A3B1-7E7D279FD191}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{D7255524-4FFE-475C-A961-C54A1512DE77}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{F58680B1-D407-43E5-A955-216572315129}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{778313DC-4227-47B0-8A0B-228055985D3C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05A24886-4D31-4537-AE92-E82D8358FF0D}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5815331-A03F-45D8-8440-3A9BFE8CB201}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6BC11DF7-A88D-4E6E-BCB8-A1222F674215}] => LPort=2869
FirewallRules: [{0D6B7D67-5E76-4DBD-BB75-9A24A437EC32}] => LPort=1900
FirewallRules: [{5712F10E-605B-47C2-8A6F-D52BFAEBF232}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DD4570B5-18F8-446F-A7D3-59BE9CE6A577}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{760B80D5-28EE-4A10-94DC-D729335EB733}] => C:\Windows\system32\dleacoms.exe
FirewallRules: [{645739B3-F9C3-470D-B509-B1719D94E8F2}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{E7FBA852-B931-41D7-8CE5-6291F999B207}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{596904FB-D78F-447B-83F8-DAF98E19432F}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4F0B46B2-5D38-4F7C-AEF3-8FF6F7A49349}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7BD2CC92-4164-43F5-85C3-80E01A4BBFDE}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{570EBC05-3D13-4E37-A925-2ACB18398AE7}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{8DD57D3D-7539-4FD1-87F6-6F96ACE1BA3F}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{BF975F09-ECF4-4A87-B762-C3CEF1BE0B68}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{14CB0D31-5B17-4172-9137-BC026598C633}] => C:\Users\Francine\AppData\Local\Temp\7zS16C7\HPDiagnosticCoreUI.exe
FirewallRules: [{526032AC-DDCC-4A31-912C-D4AC713E8A10}] => C:\Users\Francine\AppData\Local\Temp\7zS16C7\HPDiagnosticCoreUI.exe
FirewallRules: [{8CD0AAC4-205E-4474-B224-A08082E8CFFD}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{2B1287B3-2BF4-4D63-B4A0-C1FD89950275}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{4B58170D-1B80-4D7F-98E7-2B8D857FF2A4}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{8495B3DA-AC86-4A09-9C2B-E569E185FAD2}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{41FE199D-D44D-4F1A-975A-97D52E681AC1}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{399B75F2-05E0-437C-9D67-6C7778D2B9D0}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{93C8E36F-2793-488E-A877-7AE93D1537A2}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{9C72EFD9-17A1-4AC5-91C8-CA5FE2416D68}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{49EC675B-6050-468F-AA12-8C64786130B6}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{FA611EE1-6F8B-4B0E-BCEA-D7A65387A6E8}] => C:\Users\Francine\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{978D7E32-D7A5-4E67-8E15-BF5ECE2187DB}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{74084926-3706-408E-B30B-FCE74F79CD0D}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{0F6F9FB3-F390-46B9-9637-D81CC63B5809}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{5679E772-703B-4937-B63C-72590A13264F}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{8EA7669F-188A-4179-9C11-EF3E02521976}C:\program files (x86)\unidenremoteservice\ugrs2service.exe] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [UDP Query User{A5661815-04F8-4579-BD17-A50FFA8840B4}C:\program files (x86)\unidenremoteservice\ugrs2service.exe] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [{B832B7EB-9492-449A-A1BF-502FE93F8E63}] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [{B2F015FF-CA83-4837-96D5-944F951AC6A4}] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [TCP Query User{82AD0D26-6FCA-454F-9182-7261098305AC}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9E76FA67-4E91-4C2E-9A0A-A2CB5FE29AEB}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{16A6F619-7CBC-4050-AB56-38B9D89C0E41}] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{5F710047-468D-4003-8E64-001735E040CA}] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{949CADF6-B4E2-49D4-A70E-1C8615C32EFA}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{47D1774F-04BC-4406-B308-15707B08E85B}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{491F8842-3BDD-41C1-92F3-9F6CF83C69D2}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{6BD7432B-54DA-42D0-A93F-8A203C4DBA6A}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{079BC443-211A-4F4A-9B65-DAEDC3027C8E}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{AB43CF08-139D-4248-8062-CAA98960332D}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{615C5DBB-F066-4C3D-BC8C-84CCEA259FE9}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{46D0D8B6-04C4-4187-8060-A0A7751F7BD4}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{09A04B1A-2D63-4530-8804-EFD3BB7EB1CF}] => C:\Users\Francine\AppData\Local\Temp\7zSE6B6.tmp\SymNRT.exe
FirewallRules: [{7486C547-2199-4C01-B696-3631A811A581}] => C:\Users\Francine\AppData\Local\Temp\7zSE6B6.tmp\SymNRT.exe
FirewallRules: [{75437201-0992-4638-91AC-44F17D166EA2}] => C:\Users\Francine\AppData\Local\Temp\7zS5DCA\HPDiagnosticCoreUI.exe
FirewallRules: [{CCB9FDF8-8898-4FED-B0C8-15D3835C39E1}] => C:\Users\Francine\AppData\Local\Temp\7zS5DCA\HPDiagnosticCoreUI.exe
FirewallRules: [{751F0F22-027D-4D12-A751-9AC11199ADFE}] => C:\Users\Francine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{7CD9447B-7E37-4F0F-8975-8CC289298896}] => C:\Users\Francine\AppData\Local\Temp\7zSF519.tmp\SymNRT.exe
FirewallRules: [{6346D60E-5892-4642-8CFC-491B9B2E5BC0}] => C:\Users\Francine\AppData\Local\Temp\7zSF519.tmp\SymNRT.exe
FirewallRules: [{4A753850-F212-4AA5-AF19-121C2A164C89}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Restore Points =========================

28-01-2017 13:09:46 Windows Update
28-01-2017 13:19:31 Windows Backup
28-01-2017 21:26:59 Windows Update
29-01-2017 19:28:29 Windows Backup
29-01-2017 19:39:39 Windows Update
30-01-2017 21:15:42 Windows Backup
30-01-2017 23:09:09 Windows Update
03-02-2017 17:06:02 Windows Update

==================== Faulty Device Manager Devices =============

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Network Security WFP Driver
Description: Symantec Network Security WFP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymNetS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NS Settings Manager
Description: NS Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2017 12:03:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/05/2017 09:15:37 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/05/2017 09:14:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (02/05/2017 09:14:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (02/05/2017 09:03:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/05/2017 08:33:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/05/2017 08:21:56 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (02/05/2017 08:21:56 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (02/05/2017 08:13:55 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/05/2017 08:13:25 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2


System errors:
=============
Error: (02/05/2017 09:02:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccSet_NS
SymIRON
SymNetS

Error: (02/05/2017 09:02:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:37:27 AM on ‎2/‎5/‎2017 was unexpected.

Error: (02/05/2017 08:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2147416365

Error: (02/05/2017 08:37:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccSet_NS
SymIRON
SymNetS

Error: (02/05/2017 08:31:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
BHDrvx64
ccSet_NS
DfsC
discache
eeCtrl
IDSVia64
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
SRTSPX
SymIRON
SymNetS
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl

Error: (02/05/2017 08:31:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/05/2017 08:31:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/05/2017 08:31:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/05/2017 08:31:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/05/2017 08:31:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2016-09-14 20:57:58.504
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-14 20:57:58.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-14 20:57:58.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-14 20:57:58.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:48.098
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:48.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:48.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:47.958
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-14 21:57:02.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-14 21:57:02.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X4 615e Processor
Percentage of memory in use: 22%
Total physical RAM: 5887.3 MB
Available physical RAM: 4581.6 MB
Total Virtual: 11772.78 MB
Available Virtual: 10127.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.85 GB) (Free:820.43 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:19.56 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (8GB FLASH) (Removable) (Total:7.53 GB) (Free:7.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E2DD96B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

Thank You

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,661 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:05 AM

Posted 07 February 2017 - 05:42 AM

I asked because the log was indicating that Combofix was run hence I was curious.
  • Step # 1ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 07 February 2017 - 04:21 PM

I asked because the log was indicating that Combofix was run hence I was curious.

      • txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
      • Copy and Paste contents of the log file in your next reply.

Hi I did not run any scans prior to coming here and posting. I wonder if that was something Norton ran, she said they did some work and could not find anything. If You point me to where to look I can see if Combofix saved any information and at least get a date when it was run.

I also noticed it appears as if something called AdwCleaner has been run. I gleaned that from the eset log.

 

Here is the Log file as requested, I do not see anything super dangerous OTOH what do I know compared to You.

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=64af8fb06a1a664e9bdb6aa90a2a1fe1
# end=init
# utc_time=2017-02-07 06:10:19
# local_time=2017-02-07 01:10:19 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 32328
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=64af8fb06a1a664e9bdb6aa90a2a1fe1
# end=updated
# utc_time=2017-02-07 06:13:07
# local_time=2017-02-07 01:13:07 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=64af8fb06a1a664e9bdb6aa90a2a1fe1
# engine=32328
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-02-07 07:59:44
# local_time=2017-02-07 02:59:44 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Security'
# compatibility_mode=3604 16777213 100 93 84609 30141370 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 251585 238041034 0 0
# scanned=219986
# found=5
# cleaned=0
# scan_time=6396
sh=8644A2D31B031391EDDC0E529633A3F545BD0286 ft=1 fh=784dc77fd3645ae3 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir"
sh=286DDBA7BE4EFD592EDDB6E31B3B1D7CC40A538B ft=1 fh=6912d26a20bc86be vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\AdwCleaner\Quarantine\files\cdccwqwbpxqefwtsghwhcplvzfdhokqf\uninstall.exe"
sh=9464459974660A99BDCB08E32EB7D890C2509F26 ft=1 fh=80352020f68706bd vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\AdwCleaner\Quarantine\files\eppccbwesntfllhqbkcepbodhhlvbyhn\uninstall.exe"
sh=A542B94C7286009E09CF4707DBC9E1B00ACF4B77 ft=1 fh=f3e8f5faf657ebd7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Francine\AppData\LocalLow\Sun\Java\jre1.7.0_17\java_sp.dll"
sh=8CE421A6A18623292CBC8713DA9B6777C1FA56E2 ft=1 fh=b2522041300821fe vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Windows\CouponPrinter.ocx"
 

Thank You for Your Help

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,661 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:05 AM

Posted 08 February 2017 - 09:26 AM

C:\Qoobox\ComboFix-quarantined-files.txt
See if this file is there. Because the log is not showing any signs of RAT.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 08 February 2017 - 10:14 AM

C:\Qoobox\ComboFix-quarantined-files.txt
See if this file is there. Because the log is not showing any signs of RAT.

Hi

It appears to me if I am interpreting this properly that Someone ran Combofix multiple times. I found Combofix2.txt on Dec 29th 2016 to Combofix5.txt on jan 13 2017 files as well as ComboFix-quarantined-files.txt which I am posting below.

2016-09-15 00:58:33 . 2016-09-15 00:58:33              344 ----a-w-  C:\Qoobox\Quarantine\F\av4.zip
2016-09-15 00:58:33 . 2012-07-16 22:33:00               32 ----a-w-  C:\Qoobox\Quarantine\F\Autorun.inf.vir
2015-05-19 16:31:50 . 2015-05-19 16:31:50              581 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2015-05-18 17:56:54 . 2015-05-18 17:56:54        1,209,171 ----a-w-  C:\Qoobox\Quarantine\C\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D38C306E-3DBC-4E0A-836C-1C7AC000F1A7}.xps.vir
2015-05-18 17:45:35 . 2015-05-18 17:45:35          109,004 ----a-w-  C:\Qoobox\Quarantine\C\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6FBDDA6A-1F6E-4F39-A5FB-A0ED97BA5D90}.xps.vir
2014-12-11 17:07:02 . 2014-12-12 14:30:35          131,072 ----a-w-  C:\Qoobox\Quarantine\C\Users\Francine\AppData\Roaming\svfiles.log.vir
2014-11-23 17:55:10 . 2014-11-23 17:55:10              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-11-23 17:53:02 . 2017-01-13 18:08:31              232 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24}.reg.dat
2014-11-23 17:52:11 . 2014-11-23 17:52:11              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2014-11-23 17:26:06 . 2017-01-13 17:48:24           11,292 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-11-23 16:39:55 . 2017-01-13 17:41:02              663 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-02-02 18:15:35 . 2014-02-02 18:15:35          173,851 ----a-w-  C:\Qoobox\Quarantine\C\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E15F8EE5-E0F0-4DEE-AD79-E91F81C4EFFD}.xps.vir
2014-02-02 18:14:46 . 2014-02-02 18:14:46          173,369 ----a-w-  C:\Qoobox\Quarantine\C\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C85E4B3-1481-4194-9C6D-2425FBFB6BD1}.xps.vir
2014-02-02 18:13:56 . 2014-02-02 18:13:56          173,369 ----a-w-  C:\Qoobox\Quarantine\C\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14FA199F-9262-4BBB-8154-62B14AB8F14B}.xps.vir
2014-01-07 02:47:17 . 2014-01-07 02:47:17           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\Francine\Documents\~WRL0001.tmp.vir
2010-11-21 03:24:25 . 2010-11-21 03:24:25          119,808 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\imm32.dll.vir
2010-11-21 03:23:55 . 2010-11-21 03:23:55           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\userinit.exe.vir
2004-12-14 07:12:06 . 2004-12-14 07:12:06           22,016 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\AdobePDF.dll.vir
 

if it helps this is the Combofix2.txt file, I can post the others too if needed.

ComboFix 16-12-15.01 - Francine 12/29/2016  12:05:36.10.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.3711 [GMT -5:00]
Running from: c:\users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97W7C93U\ComboFix.exe
AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-11-28 to 2016-12-29  )))))))))))))))))))))))))))))))
.
.
2016-12-29 17:13 . 2016-12-29 17:13    --------    d-----w-    c:\users\Public\AppData\Local\temp
2016-12-29 17:13 . 2016-12-29 17:13    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-12-28 23:45 . 2016-12-28 23:45    --------    d-----w-    c:\programdata\vrq_logs
2016-12-28 23:11 . 2016-12-29 01:08    --------    d-----w-    c:\users\Francine\AppData\Local\LogMeIn Rescue Applet
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-13 16:18 . 2012-03-29 19:03    802904    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-12-13 16:18 . 2011-09-27 14:36    144472    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-12 03:10 . 2016-11-18 16:01    567512    ----a-w-    c:\windows\system32\drivers\NSx64\1608010.00E\symnets.sys
2016-11-12 03:10 . 2016-11-18 16:01    1628888    ----a-w-    c:\windows\system32\drivers\NSx64\1608010.00E\symefasi64.sys
2016-11-12 03:08 . 2016-11-18 16:01    289520    ----a-w-    c:\windows\system32\drivers\NSx64\1608010.00E\ironx64.sys
2016-11-12 03:07 . 2016-11-18 16:01    784624    ----a-w-    c:\windows\system32\drivers\NSx64\1608010.00E\srtsp64.sys
2016-11-12 03:07 . 2016-11-18 16:01    49400    ----a-w-    c:\windows\system32\drivers\NSx64\1608010.00E\srtspx64.sys
2016-11-11 23:23 . 2011-09-23 14:35    144749672    ----a-w-    c:\windows\system32\MRT.exe
2016-10-20 15:28 . 2016-09-19 16:07    97856    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-13 00:11 . 2016-02-13 03:55    100592    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2016-10-05 23:44 . 2016-09-15 14:56    28272    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-25 02:31    329376    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-06-25 02:31    329376    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-06-25 02:31    329376    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-25 02:31    329376    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-25 02:31    329376    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20161220.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [x]
S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1608010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1608010.00E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20161228.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20161228.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1608010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1608010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NSx64\1608010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NSx64\1608010.00E\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.8.1.14\NS.exe;c:\program files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55    322232    ----a-w-    c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-25 02:31    358064    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-06-25 02:31    358064    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-06-25 02:31    358064    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-25 02:31    358064    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-25 02:31    358064    ----a-w-    c:\users\Francine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-01 11:58    2351920    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-01 11:58    2351920    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-01 11:58    2351920    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: ditechsecuredocs.net\www
Trusted Zone: elynx.com\gateway
Trusted Zone: elynx.com\stest.lane100
Trusted Zone: elynx.com\stest.lane200
Trusted Zone: elynx.net\aegis
Trusted Zone: elynx.net\ctest
Trusted Zone: elynx.net\ctest.lane100
Trusted Zone: elynx.net\forms
Trusted Zone: elynx.net\gateway
Trusted Zone: elynx.net\gateway.ctest
Trusted Zone: elynx.net\gmacforms
Trusted Zone: elynx.net\pro
Trusted Zone: elynx.net\secure
Trusted Zone: elynx.net\ssctest
Trusted Zone: elynx.net\stest
Trusted Zone: elynx.net\webpost
Trusted Zone: gmacmsecuredocs.net\www
Trusted Zone: hsbc.com\mortgage-esign.us
Trusted Zone: swiftsend.com\docs
Trusted Zone: swiftsend.com\gateway
Trusted Zone: swiftsend.com\loandocs
Trusted Zone: swiftsend.com\loandocs.ss3
Trusted Zone: swiftsend.com\www
Trusted Zone: swiftsend2.com\docs
Trusted Zone: swiftsend2.com\loandocs
Trusted Zone: swiftview.com\products
Trusted Zone: swiftview.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Coupon Printer for Windows5.0.2.1 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NS]
"ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.8.1.14\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.8.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\SystemRoot\System32\Drivers\NSx64\1608010.00E\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.8.1.14;c:\program files (x86)\Norton Security\Engine64\22.8.1.14"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Completion time: 2016-12-29  12:20:30 - machine was rebooted
ComboFix-quarantined-files.txt  2016-12-29 17:20
ComboFix2.txt  2016-12-28 21:31
ComboFix3.txt  2016-12-15 01:31
ComboFix4.txt  2016-10-13 00:07
ComboFix5.txt  2016-12-29 17:04
.
Pre-Run: 878,061,260,800 bytes free
Post-Run: 877,988,237,312 bytes free
.
- - End Of File - - 9AFA7F1236490BDAAC20BF23E653CC4B
4DD9E6C102DD582E6B3B7ECECB641280
 

Hopefully this helps, I will need to talk to her and see when she saw the problem happening and who ran Combofix.

 

Thank You

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,661 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:05 AM

Posted 08 February 2017 - 12:17 PM

It appears to me if I am interpreting this properly that Someone ran Combofix multiple times.

You are correct.

The current log is showing nothing out of ordinary. If I were to accept the premise that there was indeed a Remote Access Trojan(RAT) in the system, I incline to believe that combofix catched it. Specially the following lines--

2016-09-15 00:58:33 . 2016-09-15 00:58:33 344 ----a-w- C:\Qoobox\Quarantine\F\av4.zip
2016-09-15 00:58:33 . 2012-07-16 22:33:00 32 ----a-w- C:\Qoobox\Quarantine\F\Autorun.inf.vir
2010-11-21 03:24:25 . 2010-11-21 03:24:25 119,808 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\imm32.dll.vir
2010-11-21 03:23:55 . 2010-11-21 03:23:55 26,624 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\userinit.exe.vir
2004-12-14 07:12:06 . 2004-12-14 07:12:06 22,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\AdobePDF.dll.vir
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe


If she was infected by a RAT, I implore her to change all her login credentials.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 08 February 2017 - 02:04 PM

Hi

I will have to tell her that, I had not thought beyond telling her to change her password for windows and having it be necessary to Login or wake up windows.

 

Do You think the computer has a clean bill of health then?

 

Thank You

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,661 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:05 AM

Posted 09 February 2017 - 03:52 AM

Give me a fresh set of FRST scan log. Just to check if I missed something.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 09 February 2017 - 03:06 PM

Give me a fresh set of FRST scan log. Just to check if I missed something.

Hi

here they are I'll break into two posts.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Francine (administrator) on FRANCINE-HP (09-02-2017 14:16:19)
Running from F:\
Loaded Profiles: Francine (Available Profiles: Francine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\dleacoms.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\ns.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\wscstub.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2011-03-09] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Print Software.lnk [2011-11-18]
ShortcutTarget: Marketsplash Print Software.lnk -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6FC241E4-B85A-4094-8903-47811E27FF66}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/
HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {BE20B894-7F93-434C-AB01-926DEE96F2B5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000 -> {12D51509-9BEE-4A3A-A14D-9823971EB0D4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: (No Name) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2017-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @swiftview.com/SwiftView -> C:\Program Files (x86)\SwiftView\npsview.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2004777051-2563597916-3389062613-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Francine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-29] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Slides) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-25]
CHR Extension: (Google Docs) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-25]
CHR Extension: (Google Drive) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-25]
CHR Extension: (Yahoo Partner) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2017-01-26]
CHR Extension: (YouTube) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-25]
CHR Extension: (No Name) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-26]
CHR Extension: (Google Search) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]
CHR Extension: (Google Sheets) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (Norton Identity Safe) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-26]
CHR Extension: (Gmail) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2011-11-16] (Adobe Systems) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-09] (Portrait Displays, Inc.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [289080 2016-11-12] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20161208.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20161208.005\IDSvia64.sys [1012952 2016-10-28] (Symantec Corporation)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [36560 2016-03-10] (ITE Tech. Inc. )
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-12] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20161121.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20161121.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 13:10 - 2017-02-07 13:10 - 00000000 ____D C:\Program Files (x86)\ESET
2017-02-05 12:08 - 2017-02-09 14:15 - 00000000 ____D C:\FRST
2017-02-01 15:41 - 2017-02-02 09:38 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForFrancine.job
2017-02-01 15:41 - 2017-02-01 17:43 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFrancine
2017-01-30 18:57 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-30 18:57 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-28 18:11 - 2016-09-12 16:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-01-28 18:11 - 2016-09-12 16:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-01-28 18:11 - 2016-09-09 10:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-01-28 18:10 - 2016-05-13 17:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-28 18:10 - 2016-05-13 17:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-28 18:10 - 2016-05-13 17:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-28 18:10 - 2016-05-13 17:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-01-28 18:10 - 2016-05-13 16:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-28 18:10 - 2016-05-13 16:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-28 18:10 - 2016-05-13 16:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-28 18:10 - 2016-05-13 16:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-28 18:10 - 2016-05-13 16:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-28 18:10 - 2016-05-13 16:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-28 18:10 - 2016-05-13 16:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-01-28 18:10 - 2016-05-13 16:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-01-28 18:10 - 2016-05-13 16:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-28 18:10 - 2016-05-13 16:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-01-28 18:10 - 2016-05-13 16:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-01-28 18:10 - 2016-05-13 16:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-01-28 18:10 - 2016-05-12 10:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-28 18:07 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-28 18:07 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-28 18:07 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-28 18:07 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-28 18:07 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-01-28 18:07 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-01-28 18:07 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-01-28 18:07 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-01-28 18:07 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-01-28 18:07 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-01-28 18:07 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-01-28 18:07 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-01-28 18:07 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-01-28 18:07 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-01-28 18:07 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-01-28 18:07 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-28 18:07 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-01-28 18:07 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-01-28 18:07 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-01-28 18:07 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-01-28 18:07 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-01-28 18:07 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-01-28 18:07 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-01-28 18:07 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-01-28 18:07 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-01-28 18:07 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-01-28 18:07 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-01-28 18:07 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-01-28 18:07 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-01-28 18:07 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-01-28 18:07 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-01-28 18:07 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-01-28 18:07 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-01-28 18:07 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-01-28 18:07 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-01-28 18:07 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-01-28 18:07 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-01-28 18:07 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-01-28 18:07 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-01-28 18:07 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-01-28 18:07 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-01-28 18:07 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-01-28 18:07 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-01-28 18:07 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-01-28 18:07 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-01-28 18:07 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-01-28 18:07 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-01-28 18:07 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-01-28 18:07 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-01-28 18:07 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-28 18:07 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-01-28 18:07 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-01-28 18:07 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-01-28 18:07 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-01-28 18:07 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-01-28 18:07 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-01-28 18:07 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-01-28 18:07 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-01-28 18:07 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-01-28 18:07 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-01-28 18:07 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-01-28 18:07 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-01-28 18:07 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-01-28 18:07 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-01-28 18:07 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-01-28 18:07 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-01-28 18:07 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-01-28 18:07 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-01-28 18:07 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-01-28 18:07 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-01-28 18:07 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-01-28 18:07 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-01-28 18:07 - 2016-08-12 11:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-01-28 18:07 - 2016-08-12 11:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-01-28 18:07 - 2016-08-12 11:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-01-28 18:07 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-01-28 18:07 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-01-28 18:07 - 2016-08-06 10:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-01-28 18:07 - 2016-08-06 09:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-01-28 18:07 - 2016-08-06 09:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-01-28 18:07 - 2016-08-06 09:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-01-28 18:07 - 2016-06-14 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-01-28 18:07 - 2016-06-14 10:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-01-28 18:07 - 2016-06-14 10:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-01-28 18:06 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-28 18:06 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-28 18:06 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-28 18:06 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-28 18:06 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-28 18:06 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-28 18:06 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-28 18:06 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-28 18:06 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-28 18:06 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-01-28 18:06 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-28 18:06 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-01-28 18:06 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-01-28 18:06 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-01-28 18:06 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-01-28 18:06 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-01-28 18:06 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-01-28 18:06 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-01-28 18:06 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-01-28 18:06 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-01-28 18:06 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-01-28 18:06 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-01-28 18:06 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-01-28 18:06 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-01-28 18:06 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-28 18:06 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-01-28 18:06 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-01-28 18:06 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-01-28 18:06 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-01-28 18:06 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-01-28 18:06 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-01-28 18:06 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-01-28 18:06 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-01-28 18:06 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-01-28 18:06 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-01-28 18:06 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-01-28 18:06 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-01-28 18:06 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-01-28 18:06 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-01-28 18:06 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-28 18:06 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-01-28 18:06 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-01-28 18:06 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-01-28 18:06 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-01-28 18:06 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-01-28 18:06 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-01-28 18:06 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-01-28 18:06 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-01-28 18:06 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-01-28 18:06 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-01-28 18:06 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-01-28 18:06 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-01-28 18:06 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-01-28 18:06 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-28 18:06 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-01-28 18:06 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-01-28 18:06 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-01-28 18:06 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-01-28 18:06 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-01-28 18:06 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-01-28 18:06 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-28 18:06 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-01-28 18:06 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-01-28 18:06 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-01-28 18:06 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-01-28 18:06 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-01-28 18:06 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-01-28 18:06 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-01-28 18:06 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-01-28 18:06 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-01-28 18:06 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-01-28 18:06 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-01-28 18:06 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-01-28 18:06 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-01-28 18:06 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-01-28 18:06 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-01-28 18:06 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-01-28 18:06 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-01-28 18:06 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-01-28 18:06 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-01-28 18:06 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-01-28 18:06 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-01-28 18:06 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-01-28 18:06 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-01-28 18:06 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-01-28 18:06 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-01-28 18:06 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-01-28 18:06 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-01-28 18:06 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-01-28 18:06 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-01-28 18:06 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-01-28 18:06 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-01-28 18:06 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-01-28 18:06 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-01-28 18:06 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-01-28 18:06 - 2016-08-12 12:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-01-28 18:06 - 2016-08-12 12:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-01-28 18:06 - 2016-08-12 12:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-01-28 18:06 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-01-28 18:06 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-01-28 18:06 - 2016-08-12 11:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-01-28 18:06 - 2016-08-06 10:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-01-28 18:06 - 2016-08-06 10:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-01-28 18:06 - 2016-08-06 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-01-28 18:06 - 2016-07-07 10:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-01-28 18:06 - 2016-07-07 10:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-01-28 18:06 - 2016-07-07 10:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-01-28 18:06 - 2016-07-07 10:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-01-28 18:06 - 2016-06-14 12:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-01-28 18:06 - 2016-06-14 12:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-01-28 18:06 - 2016-06-14 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-01-28 18:06 - 2016-06-14 12:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-01-28 18:06 - 2016-06-14 10:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-01-28 18:06 - 2016-06-14 10:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-01-28 18:06 - 2016-06-14 10:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-01-28 18:06 - 2016-06-14 10:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-01-28 18:06 - 2016-06-14 10:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-01-28 18:05 - 2016-08-29 10:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-28 18:05 - 2016-08-29 10:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-01-28 18:05 - 2016-08-29 10:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-28 18:05 - 2016-08-29 10:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-01-28 18:05 - 2016-08-29 10:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-01-28 18:05 - 2016-08-29 09:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-01-28 18:05 - 2016-08-16 15:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-01-28 18:05 - 2016-08-16 15:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-01-26 23:36 - 2017-01-26 23:36 - 07680000 _____ C:\Program Files (x86)\GUT9AC9.tmp
2017-01-26 23:36 - 2017-01-26 23:36 - 00000000 ____D C:\Program Files (x86)\GUM9A6A.tmp
2017-01-26 11:24 - 2016-08-12 11:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-01-26 11:24 - 2016-08-12 11:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-01-26 11:24 - 2016-08-12 11:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-01-24 11:43 - 2017-01-24 11:44 - 00000061 _____ C:\Users\Francine\Desktop\norton Info.txt
2017-01-23 13:46 - 2017-01-23 13:46 - 00002412 _____ C:\ProgramData\SMRResults510.dat
2017-01-23 13:34 - 2017-01-24 11:13 - 00000000 ____D C:\ProgramData\Norton VRQ
2017-01-23 13:34 - 2017-01-24 11:13 - 00000000 ____D C:\Program Files (x86)\VRQ
2017-01-22 19:36 - 2017-01-22 19:36 - 00000000 ____D C:\Users\Francine\AppData\Local\IsolatedStorage
2017-01-22 19:29 - 2017-01-23 10:18 - 00000000 ____D C:\ProgramData\VIPRE
2017-01-22 19:26 - 2017-01-24 11:15 - 00000000 ____D C:\Program Files (x86)\VIPRE
2017-01-22 19:25 - 2017-01-22 19:36 - 00000000 ____D C:\Users\Francine\AppData\Roaming\VIPRE
2017-01-22 19:25 - 2017-01-22 19:25 - 00000000 ____D C:\Users\Francine\AppData\Local\VIPRE
2017-01-21 13:58 - 2017-01-21 13:58 - 00056310 _____ C:\Users\Francine\Documents\credit counseling.pdf
2017-01-17 20:09 - 2017-01-16 14:06 - 00801972 _____ C:\Users\Francine\Documents\Hippaa.RRoseHIPAAWeb031016.pdf
2017-01-17 19:33 - 2017-01-16 14:05 - 00200132 _____ C:\Users\Francine\Documents\Hippa Supplement.pdf
2017-01-14 17:33 - 2017-01-26 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Cloud
2017-01-14 17:33 - 2017-01-14 17:33 - 00000000 ____D C:\ProgramData\Piriform
2017-01-14 17:32 - 2017-01-26 23:29 - 00000000 ____D C:\Program Files (x86)\CCleaner Cloud
2017-01-13 13:09 - 2017-01-13 13:09 - 00024765 _____ C:\ComboFix.txt
2017-01-13 12:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-11 14:39 - 2017-01-16 11:02 - 00000000 ____D C:\Users\Francine\Desktop\Hunnaman
2017-01-10 14:53 - 2017-01-10 14:53 - 00356001 _____ C:\Users\Francine\Documents\Hunnaman.thoracic.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-09 14:13 - 2011-09-12 16:23 - 00000000 ____D C:\ProgramData\PDFC
2017-02-09 14:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-08 10:02 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-08 10:02 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-07 15:18 - 2012-03-29 14:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 13:10 - 2011-09-19 14:42 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D71B77C-82A1-4597-B38C-FB1768D59DB1}
2017-02-05 08:31 - 2016-11-18 15:59 - 00246134 _____ C:\Windows\ntbtlog.txt
2017-02-05 08:13 - 2009-07-14 00:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-05 08:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-01 17:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-30 21:09 - 2015-11-01 20:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-29 19:17 - 2009-07-13 23:45 - 00338488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-29 19:15 - 2014-12-10 12:06 - 00000000 ____D C:\Windows\system32\appraiser
2017-01-29 19:15 - 2014-05-06 15:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-01-29 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-01-29 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2017-01-28 21:33 - 2013-07-25 11:27 - 00000000 ____D C:\Windows\system32\MRT
2017-01-28 21:28 - 2011-09-23 09:35 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-28 19:57 - 2013-12-12 14:54 - 00438272 ___SH C:\Users\Francine\Documents\Thumbs.db
2017-01-28 17:51 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2017-01-28 13:15 - 2011-02-11 12:15 - 00775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-01-27 09:18 - 2012-03-29 14:03 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-27 09:18 - 2012-03-29 14:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-27 09:18 - 2011-11-17 11:39 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-27 09:18 - 2011-09-27 09:36 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-27 09:18 - 2011-09-12 16:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-27 09:09 - 2016-04-25 17:45 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-27 09:09 - 2016-04-25 17:45 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-27 08:55 - 2015-06-24 21:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-27 08:55 - 2015-06-24 21:20 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-27 08:54 - 2014-12-28 16:29 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-26 23:35 - 2011-09-19 14:25 - 00000000 ____D C:\Users\Francine
2017-01-26 23:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-26 23:32 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-26 23:30 - 2016-11-21 09:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2017-01-26 23:30 - 2015-12-10 10:08 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-01-26 23:30 - 2014-11-23 11:26 - 00000000 ____D C:\Windows\erdnt
2017-01-26 23:30 - 2012-04-26 09:25 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2017-01-26 23:30 - 2012-04-24 12:59 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-01-26 23:30 - 2011-12-05 14:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-01-26 23:30 - 2011-09-12 15:57 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-01-26 23:30 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-01-26 23:29 - 2016-11-18 16:10 - 00000000 ___SD C:\ComboFix
2017-01-26 23:29 - 2016-10-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-26 23:29 - 2016-10-12 18:32 - 00000000 ____D C:\Program Files\CCleaner
2017-01-26 23:29 - 2016-09-19 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-26 23:29 - 2016-09-15 09:56 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-26 23:29 - 2016-09-15 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-26 23:29 - 2016-09-15 09:56 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-26 23:29 - 2016-04-10 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-26 23:29 - 2016-04-10 17:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-26 23:29 - 2016-02-12 22:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-01-26 23:29 - 2016-02-12 22:55 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-01-26 23:29 - 2016-02-12 22:54 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-01-26 23:29 - 2016-01-11 23:28 - 00000000 ____D C:\FixMeStick
2017-01-26 23:29 - 2011-09-19 14:37 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-01-26 23:29 - 2011-09-12 16:41 - 00000000 ____D C:\ProgramData\Norton
2017-01-26 23:29 - 2011-09-12 16:09 - 00000000 ____D C:\ProgramData\RoxioNow
2017-01-26 23:28 - 2014-09-26 22:11 - 00000000 ____D C:\Windows\Minidump
2017-01-26 23:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-01-26 23:11 - 2011-12-19 20:41 - 00000000 ____D C:\Users\Francine\AppData\LocalLow\Google
2017-01-26 23:11 - 2011-12-05 14:41 - 00000000 ____D C:\Users\Francine\AppData\Roaming\SoftGrid Client
2017-01-26 23:09 - 2014-11-23 11:26 - 00000000 ____D C:\Qoobox
2017-01-26 23:09 - 2014-04-18 11:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 23:07 - 2014-10-20 22:40 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-26 23:07 - 2014-02-28 11:29 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-26 23:07 - 2011-09-12 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-26 21:39 - 2011-11-16 11:51 - 00000000 ____D C:\Users\Francine\AppData\Local\CrashDumps
2017-01-26 20:41 - 2016-12-28 18:11 - 00000000 ____D C:\Users\Francine\AppData\Local\LogMeIn Rescue Applet
2017-01-26 11:20 - 2016-04-14 10:39 - 00000000 ____D C:\Users\Francine\Desktop\douglas
2017-01-24 11:31 - 2014-11-10 17:19 - 00000000 ____D C:\Users\Francine\AppData\Local\Deployment
2017-01-22 21:57 - 2011-11-22 12:22 - 00000000 ____D C:\Users\Francine\AppData\Local\ElevatedDiagnostics
2017-01-22 16:10 - 2015-01-26 22:46 - 00000000 ____D C:\Users\Francine\AppData\Local\NPE
2017-01-16 12:31 - 2015-01-26 22:47 - 00000000 ____D C:\NPE
2017-01-13 12:36 - 2016-08-10 19:03 - 00002498 _____ C:\Users\Francine\Desktop\Rkill.txt
2017-01-10 07:26 - 2016-01-12 03:42 - 00000000 ____D C:\FixMeStick Quarantine

==================== Files in the root of some directories =======

2017-01-26 23:36 - 2017-01-26 23:36 - 7680000 _____ () C:\Program Files (x86)\GUT9AC9.tmp
2015-05-28 19:31 - 2015-05-28 19:32 - 0131072 ____H () C:\Users\Francine\AppData\Roaming\svfiles.log
2014-12-11 10:48 - 2015-05-28 20:38 - 0000114 _____ () C:\Users\Francine\AppData\Roaming\sview.ini
2012-07-17 12:49 - 2012-07-17 12:49 - 0081056 _____ () C:\Users\Francine\AppData\Local\tmp2012 018_2.JPG
2012-11-16 18:01 - 2012-11-16 18:01 - 0006865 _____ () C:\Users\Francine\AppData\Local\tmpHALLOWEEN2012.1.0
2012-11-16 18:01 - 2012-11-16 18:01 - 0007052 _____ () C:\Users\Francine\AppData\Local\tmpHALLOWEEN2012.1.JPG
2014-11-19 22:55 - 2014-11-19 22:55 - 0131212 _____ () C:\Users\Francine\AppData\Local\tmpIMG_6918_2.JPG
2012-07-17 12:49 - 2012-07-17 12:49 - 0081056 _____ () C:\Users\Francine\AppData\Local\tmpOri2012 018_2.JPG
2012-09-11 19:44 - 2012-09-11 19:44 - 0046622 _____ () C:\Users\Francine\AppData\Local\tmpOriGF ORDER 1OF2_2.0
2012-09-11 19:44 - 2012-09-11 19:44 - 0063214 _____ () C:\Users\Francine\AppData\Local\tmpOriGF ORDER 1OF2_2.1
2012-11-16 18:01 - 2012-11-16 18:01 - 0006865 _____ () C:\Users\Francine\AppData\Local\tmpOriHALLOWEEN2012.1.0
2012-11-16 18:01 - 2012-11-16 18:01 - 0007052 _____ () C:\Users\Francine\AppData\Local\tmpOriHALLOWEEN2012.1.JPG
2013-05-28 22:27 - 2013-05-28 22:27 - 0129842 _____ () C:\Users\Francine\AppData\Local\tmpOriIMG_20130528_223840_014_2.0
2013-05-28 22:27 - 2013-05-28 22:27 - 0178414 _____ () C:\Users\Francine\AppData\Local\tmpOriIMG_20130528_223840_014_2.1
2014-11-19 22:55 - 2014-11-19 22:55 - 0131212 _____ () C:\Users\Francine\AppData\Local\tmpOriIMG_6918_2.JPG
2012-05-28 20:27 - 2012-05-28 20:27 - 0080951 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0009_2.0
2012-05-28 20:27 - 2012-05-28 20:27 - 0113858 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0009_2.JPG
2013-02-04 23:00 - 2013-02-04 23:00 - 0066056 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_2.0
2013-02-04 23:00 - 2013-02-04 23:00 - 0049767 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_2.JPG
2013-03-06 21:50 - 2013-03-06 21:50 - 0104884 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_3.0
2013-03-06 21:50 - 2013-03-06 21:50 - 0082368 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0077_3.JPG
2013-02-08 19:27 - 2013-02-08 19:27 - 0064033 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0079_2.0
2013-04-03 16:07 - 2013-04-03 16:07 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_2.0
2013-04-03 16:07 - 2013-04-03 16:07 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_2.JPG
2013-04-03 16:12 - 2013-04-03 16:12 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_3.0
2013-04-03 16:12 - 2013-04-03 16:12 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0086_3.JPG
2013-04-04 14:13 - 2013-04-04 14:13 - 0053771 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0087_2.0
2013-04-04 14:13 - 2013-04-04 14:13 - 0071938 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0087_2.JPG
2013-04-04 14:14 - 2013-04-04 14:14 - 0083923 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0089_2.0
2013-04-04 14:14 - 2013-04-04 14:14 - 0065350 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0089_2.JPG
2013-04-04 14:20 - 2013-04-04 14:20 - 0073489 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0090_2.0
2013-04-04 14:20 - 2013-04-04 14:20 - 0056218 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0090_2.JPG
2013-03-10 11:42 - 2013-03-10 11:42 - 0088421 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0093_2.0
2014-10-27 19:08 - 2014-10-27 19:08 - 0106324 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0107_2.0
2013-06-21 18:47 - 2013-06-21 18:47 - 0176204 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0109_2.0
2013-06-21 18:51 - 2013-06-21 18:51 - 0158175 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0110_2.0
2013-06-21 18:51 - 2013-06-21 18:51 - 0127221 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0110_2.1
2013-06-21 18:51 - 2013-06-21 18:51 - 0127279 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0110_2.2
2011-12-23 11:18 - 2011-12-23 11:18 - 0081742 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0111_2.0
2011-12-23 11:18 - 2011-12-23 11:18 - 0064474 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0111_2.JPG
2013-06-21 18:54 - 2013-06-21 18:54 - 0173529 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0111_3.0
2013-03-04 11:09 - 2013-03-04 11:09 - 0083576 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0116_2.0
2013-03-04 11:09 - 2013-03-04 11:09 - 0064451 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0116_2.JPG
2012-11-16 18:12 - 2012-11-16 18:12 - 0071141 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0117_6.0
2012-11-16 18:12 - 2012-11-16 18:12 - 0053834 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0117_6.JPG
2013-03-18 18:43 - 2013-03-18 18:43 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_2.0
2013-03-18 18:43 - 2013-03-18 18:43 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_2.JPG
2013-03-18 18:53 - 2013-03-18 18:53 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_3.0
2013-03-18 19:00 - 2013-03-18 19:00 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_4.0
2013-03-18 19:00 - 2013-03-18 19:00 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0118_4.JPG
2012-04-26 10:59 - 2012-04-26 10:59 - 0044026 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0119_2.0
2012-04-26 10:59 - 2012-04-26 10:59 - 0065751 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0119_2.JPG
2012-05-21 10:29 - 2012-05-21 10:29 - 0042026 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0120_2.0
2012-05-21 10:27 - 2012-05-21 10:27 - 0086166 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0121_2.0
2012-05-21 09:51 - 2012-05-21 09:51 - 0057639 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0124_2.0
2012-05-21 09:47 - 2012-05-21 09:47 - 0079124 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0125 (1)_2.0
2012-05-21 09:47 - 2012-05-21 09:47 - 0061552 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0125 (1)_2.JPG
2013-06-21 18:17 - 2013-06-21 18:17 - 0138064 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0128_4.0
2013-06-21 18:17 - 2013-06-21 18:17 - 0110205 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0128_4.JPG
2014-10-03 14:15 - 2014-10-03 14:15 - 0092969 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0130_3.0
2012-06-18 11:23 - 2012-06-18 11:23 - 0105555 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_2.0
2013-06-21 19:15 - 2013-06-21 19:15 - 0156315 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_3.0
2014-09-15 15:29 - 2014-09-15 15:29 - 0097034 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_4.0
2014-09-15 15:29 - 2014-09-15 15:29 - 0074218 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0131_4.JPG
2012-06-24 18:44 - 2012-06-24 19:21 - 0067313 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_2.0
2012-06-24 18:54 - 2012-06-24 18:54 - 0111335 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_3.0
2012-06-24 18:54 - 2012-06-24 18:54 - 0089921 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_3.JPG
2013-06-21 18:45 - 2013-06-21 18:45 - 0177151 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0133_4.0
2013-06-21 18:41 - 2013-06-21 18:41 - 0109323 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0134_2.0
2013-06-21 18:41 - 2013-06-21 18:41 - 0087952 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0134_2.JPG
2013-06-21 18:24 - 2013-06-21 18:24 - 0129680 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0135_4.0
2013-01-06 21:42 - 2013-01-06 21:41 - 0092502 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0136_2.0
2014-09-27 21:36 - 2014-09-27 21:36 - 0109699 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0138_2.0
2014-09-27 21:36 - 2014-09-27 21:36 - 0086283 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0138_2.JPG
2014-09-26 21:50 - 2014-09-26 21:50 - 0122876 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0140_2.0
2014-09-26 21:50 - 2014-09-26 21:50 - 0097546 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0140_2.JPG
2014-09-26 21:48 - 2014-09-26 21:48 - 0140661 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0141_2.0
2014-09-26 21:48 - 2014-09-26 21:48 - 0112874 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0141_2.JPG
2014-09-26 19:42 - 2014-09-26 19:42 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_2.0
2014-09-26 19:44 - 2014-09-26 19:44 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_3.0
2014-09-26 19:44 - 2014-09-26 19:44 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_3.JPG
2014-09-26 22:30 - 2014-09-26 22:30 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_5.0
2014-09-26 22:30 - 2014-09-26 22:30 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0142_5.JPG
2014-10-27 09:56 - 2014-10-27 09:56 - 0089054 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0159_3.0
2014-10-27 09:56 - 2014-10-27 09:56 - 0067952 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0159_3.JPG
2013-08-07 10:40 - 2013-08-07 10:40 - 0065533 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0160_2.0
2013-08-07 10:40 - 2013-08-07 10:40 - 0048563 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0160_2.JPG
2014-08-01 12:14 - 2014-08-01 12:14 - 0095997 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0190_2.0
2014-08-01 12:14 - 2014-08-01 12:14 - 0075519 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO-0190_2.JPG
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.0
2014-08-12 20:42 - 2014-08-12 20:42 - 0101482 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.1
2014-08-12 20:42 - 2014-08-12 20:42 - 0103900 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.2
2014-08-12 20:42 - 2014-08-12 20:42 - 0102720 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.3
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpOriPHOTO_5.JPG
2012-04-26 15:58 - 2012-04-26 15:58 - 0005398 _____ () C:\Users\Francine\AppData\Local\tmpOriPICINMANSION.0
2012-04-26 15:58 - 2012-04-26 15:58 - 0005551 _____ () C:\Users\Francine\AppData\Local\tmpOriPICINMANSION.JPG
2012-05-28 20:27 - 2012-05-28 20:27 - 0080951 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0009_2.0
2012-05-28 20:27 - 2012-05-28 20:27 - 0113858 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0009_2.JPG
2013-02-04 23:00 - 2013-02-04 23:00 - 0066056 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_2.0
2013-02-04 23:00 - 2013-02-04 23:00 - 0049767 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_2.JPG
2013-03-06 21:50 - 2013-03-06 21:50 - 0104884 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_3.0
2013-03-06 21:50 - 2013-03-06 21:50 - 0082368 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0077_3.JPG
2013-04-03 16:07 - 2013-04-03 16:07 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_2.0
2013-04-03 16:07 - 2013-04-03 16:07 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_2.JPG
2013-04-03 16:12 - 2013-04-03 16:12 - 0087398 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_3.0
2013-04-03 16:12 - 2013-04-03 16:12 - 0068577 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0086_3.JPG
2013-04-04 14:13 - 2013-04-04 14:13 - 0053771 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0087_2.0
2013-04-04 14:13 - 2013-04-04 14:13 - 0071938 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0087_2.JPG
2013-04-04 14:14 - 2013-04-04 14:14 - 0083923 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0089_2.0
2013-04-04 14:14 - 2013-04-04 14:14 - 0065350 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0089_2.JPG
2013-04-04 14:20 - 2013-04-04 14:20 - 0073489 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0090_2.0
2013-04-04 14:20 - 2013-04-04 14:20 - 0056218 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0090_2.JPG
2011-12-23 11:18 - 2011-12-23 11:18 - 0081742 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0111_2.0
2011-12-23 11:18 - 2011-12-23 11:18 - 0064474 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0111_2.JPG
2013-03-04 11:09 - 2013-03-04 11:09 - 0083576 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0116_2.0
2013-03-04 11:09 - 2013-03-04 11:09 - 0064451 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0116_2.JPG
2012-11-16 18:12 - 2012-11-16 18:12 - 0071141 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0117_6.0
2012-11-16 18:12 - 2012-11-16 18:12 - 0053834 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0117_6.JPG
2013-03-18 18:43 - 2013-03-18 18:43 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_2.0
2013-03-18 18:43 - 2013-03-18 18:43 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_2.JPG
2013-03-18 19:00 - 2013-03-18 19:00 - 0080686 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_4.0
2013-03-18 19:00 - 2013-03-18 19:00 - 0062497 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0118_4.JPG
2012-04-26 10:59 - 2012-04-26 10:59 - 0044026 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0119_2.0
2012-04-26 10:59 - 2012-04-26 10:59 - 0065751 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0119_2.1
2012-04-26 10:59 - 2012-04-26 10:59 - 0084806 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0119_2.JPG
2012-05-21 09:47 - 2012-05-21 09:47 - 0079124 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0125 (1)_2.0
2012-05-21 09:48 - 2012-05-21 09:47 - 0061552 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0125 (1)_2.JPG
2013-06-21 18:17 - 2013-06-21 18:17 - 0138064 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0128_4.0
2013-06-21 18:17 - 2013-06-21 18:17 - 0110205 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0128_4.JPG
2014-09-15 15:29 - 2014-09-15 15:29 - 0097034 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0131_4.0
2014-09-15 15:29 - 2014-09-15 15:29 - 0074218 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0131_4.JPG
2012-06-24 18:54 - 2012-06-24 18:54 - 0111335 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0133_3.0
2012-06-24 18:54 - 2012-06-24 18:54 - 0089921 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0133_3.JPG
2013-06-21 18:41 - 2013-06-21 18:41 - 0109323 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0134_2.0
2013-06-21 18:41 - 2013-06-21 18:41 - 0087952 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0134_2.JPG
2014-09-27 21:36 - 2014-09-27 21:36 - 0109699 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0138_2.0
2014-09-27 21:36 - 2014-09-27 21:36 - 0086283 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0138_2.JPG
2014-09-26 21:50 - 2014-09-26 21:50 - 0122876 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0140_2.0
2014-09-26 21:50 - 2014-09-26 21:50 - 0097546 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0140_2.JPG
2014-09-26 21:48 - 2014-09-26 21:48 - 0140661 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0141_2.0
2014-09-26 21:48 - 2014-09-26 21:48 - 0112874 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0141_2.JPG
2014-09-26 19:44 - 2014-09-26 19:44 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_3.0
2014-09-26 19:44 - 2014-09-26 19:44 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_3.JPG
2014-09-26 22:30 - 2014-09-26 22:30 - 0077602 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_5.0
2014-09-26 22:30 - 2014-09-26 22:30 - 0060820 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0142_5.JPG
2014-10-27 09:56 - 2014-10-27 09:56 - 0089054 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.0
2014-10-27 09:56 - 2014-10-27 09:56 - 0067952 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.1
2014-10-27 09:57 - 2014-10-27 09:56 - 0075766 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.2
2014-10-27 09:57 - 2014-10-27 09:57 - 0073401 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0159_3.JPG
2013-08-07 10:40 - 2013-08-07 10:40 - 0065533 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0160_2.0
2013-08-07 10:40 - 2013-08-07 10:40 - 0048563 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0160_2.JPG
2014-08-01 12:14 - 2014-08-01 12:14 - 0095997 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0190_2.0
2014-08-01 12:14 - 2014-08-01 12:14 - 0075519 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO-0190_2.JPG
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.0
2014-08-12 20:42 - 2014-08-12 20:42 - 0101482 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.1
2014-08-12 20:42 - 2014-08-12 20:42 - 0103900 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.2
2014-08-12 20:42 - 2014-08-12 20:42 - 0102720 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.3
2014-08-12 20:42 - 2014-08-12 20:42 - 0071871 _____ () C:\Users\Francine\AppData\Local\tmpPHOTO_5.JPG
2012-04-26 15:58 - 2012-04-26 15:58 - 0005398 _____ () C:\Users\Francine\AppData\Local\tmpPICINMANSION.0
2012-04-26 15:58 - 2012-04-26 15:58 - 0005551 _____ () C:\Users\Francine\AppData\Local\tmpPICINMANSION.1
2012-04-26 15:58 - 2012-04-26 15:58 - 0006720 _____ () C:\Users\Francine\AppData\Local\tmpPICINMANSION.JPG
2011-11-14 22:29 - 2011-11-14 22:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-23 13:46 - 2017-01-23 13:46 - 0002412 _____ () C:\ProgramData\SMRResults510.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults510.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-07 15:37

==================== End of FRST.txt ============================


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#12 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 09 February 2017 - 03:07 PM

And here is the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Francine (09-02-2017 14:18:49)
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-19 19:25:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2004777051-2563597916-3389062613-500 - Administrator - Disabled)
Francine (S-1-5-21-2004777051-2563597916-3389062613-1000 - Administrator - Enabled) => C:\Users\Francine
Guest (S-1-5-21-2004777051-2563597916-3389062613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2004777051-2563597916-3389062613-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACH Origination Application (x32 Version: 5.1.1.3 - Fiserv) Hidden
AddressBook Viewer (HKLM\...\{5DBF8535-FEAA-42E7-B4B3-F679113B0844}) (Version: 1.17.000 - Oki Data Corporation)
Adobe Acrobat 7.1.0 Standard (HKLM-x32\...\Adobe Acrobat 7.0 Standard) (Version: 7.1.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Downloader (HKLM-x32\...\{9B126205-473E-4659-853C-4F57830E223F}) (Version: 1.16.000 - Oki Data Corporation)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.03.021 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Apps Center (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4913 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.4913 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1513D}) (Version: 3.0.4024.33750 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.4928 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3603 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marketsplash Print Software (HKLM-x32\...\{61933675-EFC7-4190-90B6-5AD56E1D9294}) (Version: 1.0.1.31 - Hewlett-Packard)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.6112.5001 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0080-0409-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.8.1.14 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
OKI MC7x0/ES74x0 MFP(TWAIN) (HKLM-x32\...\{6FECB09C-5CC0-4B1B-B53F-457F2F3663C7}) (Version: 1.16.000 - Oki Data Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
R.U.S.E. for TouchSmart (HKLM-x32\...\{E6753FCB-B508-4C74-9686-17032281AF38}_is1) (Version: 1.0.0.0 - Ubisoft)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Remote Scan driver (HKLM-x32\...\{D241BBE8-07BF-4D4A-A620-E5B843367C18}) (Version: 1.16.000 - Oki Data Corporation)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0396D381-14D4-4611-9530-A9840FCC3775} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {05A8938B-E091-4F31-B6D5-86DEBBAA29CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-27] (Adobe Systems Incorporated)
Task: {0683B6DF-B501-45D6-902A-67E2FF9E7287} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-12-03] (CyberLink)
Task: {0DE37640-2935-46E6-A9BB-46C8457891BE} - System32\Tasks\{C012C864-5B3F-4955-8304-5E8D357C51E1} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {1900F2F4-ECAC-4049-B2E5-30E2DAEADC1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {24002266-D879-490F-B168-0151D9716CF9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\SymErr.exe
Task: {2D347C23-55A2-4F14-B84E-4D77748B6E73} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\SymErr.exe
Task: {317C12DF-AFAF-4D3F-98EF-B9EDAE9FC1C7} - System32\Tasks\HPCeeScheduleForFrancine => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {332CD4C8-7D05-4B63-A12B-78AFD7169205} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {39A6CC12-EFA6-409C-A9AB-11F1F872B429} - System32\Tasks\{4F4F1800-32FD-4753-8E83-940B16DA8484} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2015-03-18] (Microsoft Corporation)
Task: {40CDACFC-EC46-431B-850F-2944015F4A37} - System32\Tasks\{53BF563B-3F85-4802-9A40-7C1F3D151A92} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {53FB4A73-5F7D-493F-A0FB-1A7650F340CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {550300AE-73E8-4738-9CF0-8374BBA4E3AF} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {5A64891B-E197-4888-87DB-D0387CAA9BC3} - System32\Tasks\{16ABD7FC-462B-4C37-8D45-70B4D649D326} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {60348D2D-5F15-4936-8537-C5AEB80329FE} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe
Task: {67D9A954-4EE0-466A-90DE-028A6E92B143} - System32\Tasks\{6AF39446-9D15-4334-8BB5-04C7F05E97D1} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {6F210FFE-BFBF-43EC-8254-5D85B3AF327B} - System32\Tasks\{5C2806E0-3EC3-47E3-B153-B6FBD4FC3E73} => pcalua.exe -a "C:\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0LAI121\sp51358.exe" -d C:\Users\Francine\Desktop
Task: {762CA89B-A65D-4029-93E1-4494E3C5F700} - System32\Tasks\{BC7D1C8D-2F73-4B1F-9BAD-407525C5A8E6} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2015-03-18] (Microsoft Corporation)
Task: {79FB3DA0-33C9-497F-9B60-E4684D4D718E} - System32\Tasks\{36CC44DA-EEC6-4AAA-9A67-E9B2D345D513} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {7E64F894-B044-401D-B252-09D4BEA7DDFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {7F8E26A2-949D-4DA3-8B98-11F1D4DAD87E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {8F318259-E251-4D4D-B999-27915453CA4E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-11] (Symantec Corporation)
Task: {A16D15BB-AFDC-4287-97A6-248B48204756} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {A824251B-E0C0-4DB9-8496-4018C4C61033} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {AAC5A864-ABED-4BF3-BE44-90DC9F3FF37C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AB7D6EAF-7E2F-4D7D-B41D-194B571B3D72} - System32\Tasks\{9A285A0E-29BB-4968-BDD2-281D9F039EAE} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {AC890A9E-C6D1-4AED-9EDE-A224F95EBF71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {AF829934-D716-4CE6-A9F4-27E828EB9D24} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {B556F4F8-2868-4A20-8F4E-2D219143B8FA} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {B5684915-1695-4AEA-A22F-D7101E25AED3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BACB5469-B222-421F-8954-2E286243F529} - System32\Tasks\{50DB77E7-C3B2-4BD5-9C9A-F2F29D214B6B} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {C5A02B1E-FD41-4C0B-9D9E-3D0E32DDB392} - System32\Tasks\{F9C65906-0B2C-4395-B28B-BCB4C5DA9553} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2016-11-16] (Microsoft Corporation)
Task: {D7F95A4E-431A-4627-8F01-0789F492DF54} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\AnVir Task Manager Free\anvir.exe
Task: {DCC9E818-61D5-4832-83C0-1D7FE62E31FC} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {F3048323-9EB1-4B19-ADB6-15E8202B2A34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {F4423358-65CD-428F-A41F-FC79FE4863A5} - System32\Tasks\{65845973-D94C-413F-BEA4-FFCF056DE019} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {F78C94DD-B549-4E5E-BE22-44BB9E14DE1F} - System32\Tasks\{D038583C-94C0-48C7-85A4-BD2492336EB4} => pcalua.exe -a "C:\Users\Francine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0LAI121\AdobeAIRInstaller.exe" -d C:\Users\Francine\Desktop
Task: {FEC23BDA-6A55-4D42-A093-699B922CF3D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFrancine.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-09-19 14:38 - 2009-11-04 07:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2015-06-24 21:20 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-25 13:41 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-12 16:11 - 2009-07-02 16:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2009-06-08 18:45 - 2009-06-08 18:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-09-12 15:56 - 2011-09-12 15:56 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-12 16:19 - 2011-02-15 12:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [296]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\.DEFAULT\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\.DEFAULT\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\.DEFAULT\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\.DEFAULT\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\.DEFAULT\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\.DEFAULT\...\swiftview.com -> hxxp://products.swiftview.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-19\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\S-1-5-19\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\S-1-5-19\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-19\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-19\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\S-1-5-19\...\swiftview.com -> hxxp://products.swiftview.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-20\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\S-1-5-20\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\S-1-5-20\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-20\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-20\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\S-1-5-20\...\swiftview.com -> hxxp://products.swiftview.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend.com -> hxxps://docs.swiftsend.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend.com -> hxxp://docs.swiftsend.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend2.com -> hxxps://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftsend2.com -> hxxp://docs.swiftsend2.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftview.com -> hxxps://products.swiftview.com
IE trusted site: HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\...\swiftview.com -> hxxp://products.swiftview.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-09-29 13:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Francine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AEE4981-BF02-4072-86E3-380ECA751750}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe
FirewallRules: [{D50721AA-9D91-4FE0-AF87-64DF406C1A9E}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe
FirewallRules: [{B01772AC-FE63-4DA6-B6AE-F05144CFE109}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe
FirewallRules: [{DE015D48-9993-4194-837C-6717532FA5F4}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe
FirewallRules: [{D19AA83D-EC76-4A6F-86F4-1603E443F037}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe
FirewallRules: [{E454AC54-5D8D-4E1C-AA76-A728A17BD6D5}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe
FirewallRules: [{C6116CC7-2A1D-4BF6-B55D-38C2CE9FCC75}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{99788C81-5197-4CA6-B9E4-256C2A6330DD}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{FD6A8945-2226-4DF3-99F8-9FC6DA248276}] => C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{82B38456-A2B9-441C-A3B1-7E7D279FD191}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{D7255524-4FFE-475C-A961-C54A1512DE77}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{F58680B1-D407-43E5-A955-216572315129}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{778313DC-4227-47B0-8A0B-228055985D3C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05A24886-4D31-4537-AE92-E82D8358FF0D}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5815331-A03F-45D8-8440-3A9BFE8CB201}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6BC11DF7-A88D-4E6E-BCB8-A1222F674215}] => LPort=2869
FirewallRules: [{0D6B7D67-5E76-4DBD-BB75-9A24A437EC32}] => LPort=1900
FirewallRules: [{5712F10E-605B-47C2-8A6F-D52BFAEBF232}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DD4570B5-18F8-446F-A7D3-59BE9CE6A577}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{760B80D5-28EE-4A10-94DC-D729335EB733}] => C:\Windows\system32\dleacoms.exe
FirewallRules: [{645739B3-F9C3-470D-B509-B1719D94E8F2}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{E7FBA852-B931-41D7-8CE5-6291F999B207}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{596904FB-D78F-447B-83F8-DAF98E19432F}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4F0B46B2-5D38-4F7C-AEF3-8FF6F7A49349}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7BD2CC92-4164-43F5-85C3-80E01A4BBFDE}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{570EBC05-3D13-4E37-A925-2ACB18398AE7}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{8DD57D3D-7539-4FD1-87F6-6F96ACE1BA3F}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{BF975F09-ECF4-4A87-B762-C3CEF1BE0B68}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{14CB0D31-5B17-4172-9137-BC026598C633}] => C:\Users\Francine\AppData\Local\Temp\7zS16C7\HPDiagnosticCoreUI.exe
FirewallRules: [{526032AC-DDCC-4A31-912C-D4AC713E8A10}] => C:\Users\Francine\AppData\Local\Temp\7zS16C7\HPDiagnosticCoreUI.exe
FirewallRules: [{8CD0AAC4-205E-4474-B224-A08082E8CFFD}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{2B1287B3-2BF4-4D63-B4A0-C1FD89950275}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{4B58170D-1B80-4D7F-98E7-2B8D857FF2A4}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{8495B3DA-AC86-4A09-9C2B-E569E185FAD2}] => C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe
FirewallRules: [{41FE199D-D44D-4F1A-975A-97D52E681AC1}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{399B75F2-05E0-437C-9D67-6C7778D2B9D0}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{93C8E36F-2793-488E-A877-7AE93D1537A2}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{9C72EFD9-17A1-4AC5-91C8-CA5FE2416D68}] => C:\Program Files (x86)\Hp\HP Officejet Pro 8500 A910\bin\HPScan.exe
FirewallRules: [{49EC675B-6050-468F-AA12-8C64786130B6}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{FA611EE1-6F8B-4B0E-BCEA-D7A65387A6E8}] => C:\Users\Francine\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{978D7E32-D7A5-4E67-8E15-BF5ECE2187DB}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{74084926-3706-408E-B30B-FCE74F79CD0D}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{0F6F9FB3-F390-46B9-9637-D81CC63B5809}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{5679E772-703B-4937-B63C-72590A13264F}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{8EA7669F-188A-4179-9C11-EF3E02521976}C:\program files (x86)\unidenremoteservice\ugrs2service.exe] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [UDP Query User{A5661815-04F8-4579-BD17-A50FFA8840B4}C:\program files (x86)\unidenremoteservice\ugrs2service.exe] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [{B832B7EB-9492-449A-A1BF-502FE93F8E63}] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [{B2F015FF-CA83-4837-96D5-944F951AC6A4}] => C:\program files (x86)\unidenremoteservice\ugrs2service.exe
FirewallRules: [TCP Query User{82AD0D26-6FCA-454F-9182-7261098305AC}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9E76FA67-4E91-4C2E-9A0A-A2CB5FE29AEB}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{16A6F619-7CBC-4050-AB56-38B9D89C0E41}] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{5F710047-468D-4003-8E64-001735E040CA}] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{949CADF6-B4E2-49D4-A70E-1C8615C32EFA}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{47D1774F-04BC-4406-B308-15707B08E85B}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{491F8842-3BDD-41C1-92F3-9F6CF83C69D2}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{6BD7432B-54DA-42D0-A93F-8A203C4DBA6A}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{079BC443-211A-4F4A-9B65-DAEDC3027C8E}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{AB43CF08-139D-4248-8062-CAA98960332D}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{615C5DBB-F066-4C3D-BC8C-84CCEA259FE9}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{46D0D8B6-04C4-4187-8060-A0A7751F7BD4}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{09A04B1A-2D63-4530-8804-EFD3BB7EB1CF}] => C:\Users\Francine\AppData\Local\Temp\7zSE6B6.tmp\SymNRT.exe
FirewallRules: [{7486C547-2199-4C01-B696-3631A811A581}] => C:\Users\Francine\AppData\Local\Temp\7zSE6B6.tmp\SymNRT.exe
FirewallRules: [{75437201-0992-4638-91AC-44F17D166EA2}] => C:\Users\Francine\AppData\Local\Temp\7zS5DCA\HPDiagnosticCoreUI.exe
FirewallRules: [{CCB9FDF8-8898-4FED-B0C8-15D3835C39E1}] => C:\Users\Francine\AppData\Local\Temp\7zS5DCA\HPDiagnosticCoreUI.exe
FirewallRules: [{751F0F22-027D-4D12-A751-9AC11199ADFE}] => C:\Users\Francine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{7CD9447B-7E37-4F0F-8975-8CC289298896}] => C:\Users\Francine\AppData\Local\Temp\7zSF519.tmp\SymNRT.exe
FirewallRules: [{6346D60E-5892-4642-8CFC-491B9B2E5BC0}] => C:\Users\Francine\AppData\Local\Temp\7zSF519.tmp\SymNRT.exe
FirewallRules: [{4A753850-F212-4AA5-AF19-121C2A164C89}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Restore Points =========================

28-01-2017 13:09:46 Windows Update
28-01-2017 13:19:31 Windows Backup
28-01-2017 21:26:59 Windows Update
29-01-2017 19:28:29 Windows Backup
29-01-2017 19:39:39 Windows Update
30-01-2017 21:15:42 Windows Backup
30-01-2017 23:09:09 Windows Update
03-02-2017 17:06:02 Windows Update
07-02-2017 13:12:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Network Security WFP Driver
Description: Symantec Network Security WFP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymNetS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NS Settings Manager
Description: NS Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2017 02:16:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.2.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1470

Start Time: 01d28308a771fbc6

Termination Time: 15

Application Path: F:\FRST64.exe

Report Id: 202c4a07-eefc-11e6-a6ed-e89a8f151dba

Error: (02/09/2017 02:15:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/09/2017 02:15:06 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/09/2017 02:13:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/08/2017 09:57:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/08/2017 09:56:44 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/08/2017 09:56:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/07/2017 04:13:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/07/2017 01:28:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "f:\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/07/2017 01:23:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).


System errors:
=============
Error: (02/09/2017 02:12:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccSet_NS
SymIRON
SymNetS

Error: (02/08/2017 09:55:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccSet_NS
SymIRON
SymNetS

Error: (02/07/2017 01:12:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (02/07/2017 01:12:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Francine\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/07/2017 01:12:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (02/07/2017 01:12:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Francine\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/07/2017 01:12:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (02/07/2017 01:12:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Francine\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/07/2017 01:11:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (02/07/2017 01:11:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Francine\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
  Date: 2016-09-14 20:57:58.504
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-14 20:57:58.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-14 20:57:58.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-14 20:57:58.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:48.098
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:48.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:48.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-19 12:25:47.958
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-14 21:57:02.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-14 21:57:02.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X4 615e Processor
Percentage of memory in use: 43%
Total physical RAM: 5887.3 MB
Available physical RAM: 3303.17 MB
Total Virtual: 11772.78 MB
Available Virtual: 9196.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.85 GB) (Free:817.25 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:19.56 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (8GB FLASH) (Removable) (Total:7.53 GB) (Free:7.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E2DD96B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#13 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 09 February 2017 - 03:08 PM

Thank You

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#14 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:03:05 PM

Posted 10 February 2017 - 04:22 PM

Hi

I asked Her about the problem and this was the reply.

 

1. I do not want Windows 10.

 

2. It acts up everyday now all day. As soon as I turn it on, within minutes it starts. Usually it starts by popping up the keyboard or opening files.

 

3. I ran all those scans. I tried every virus program, malware, etc I could get my hands on.

 

4. Norton made the remote access about 4 or 5 times.

 

5. So far, my friends computer I am using has not acted up so it has to be somewhere hidden in that computer.

 

Do You have any suggestions beyond Nuking the computer ?

 

Thank You

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#15 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,661 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:05 AM

Posted 12 February 2017 - 01:22 AM

Hi,

Sorry for the delay.

1. I do not want Windows 10.

2. It acts up everyday now all day. As soon as I turn it on, within minutes it starts. Usually it starts by popping up the keyboard or opening files.

By keyboard and pop-ups does she me on-screen keyboard and browser pop-ups. If not, which file is being opened?
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      CHR HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-2004777051-2563597916-3389062613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      SearchScopes: HKLM-x32 -> DefaultScope value is missing
      CHR Extension: (No Name) - C:\Users\Francine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-26]
      CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
      AlternateDataStreams: C:\ProgramData\Temp:430C6D84 [127]
      AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [296]
      Folder: C:\Program Files (x86)\GUM9A6A.tmp
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 


If she is logged in to Google Chome, please, ask her to log out and Reset your browsers.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users