Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unstable computer and lock ups after clicking on a link


  • This topic is locked This topic is locked
36 replies to this topic

#1 KKrusher

KKrusher

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 03 August 2017 - 07:14 AM

Good Morning Everyone,

 

Had great help from Bleeping Computer after an infection a couple of years ago so hoping for more now.  My wife was on the computer last night (Win7 fully updated, latest version IE, Norton Internet Security for antivirus and firewall, SAS for malware scans) and clicked on a link in an e-mail that was supposed to take her to a travel site she uses.  IE opened but loaded slowly and became unusable.  The computer then locked up...nothing would open or work so I restarted it from the power button.  I restarted windows into normal mode, which seemed to go fine.  IE would open and all seemed well but within a minute or two IE became slow and unstable.  IE closed and nothing else would open.  Another complete lock up.  Could not CTRL+ALT+DEL and again had to shut down the computer via the power button.  I restarted again in normal mode, got a couple of programs to run for a couple of minutes but it locked up again.  This time I rebooted into Safe Mode.  The computer remained stable and programs would open.  I rebooted back into normal mode and it displayed the same behavior again - became unstable and locked up after a couple of minutes.  This time though I noticed that NIS was not loading properly (had task bar and task manager up).  NIS processes were opening and closing.  I had to manually reboot the computer again...got into Safe Mode to see if NIS would do a scan.  NIS would start in Safe Mode but would crash when the scanner started.  Windows did not lock up however.  I could not keep the computer stable long enough to try running any other scans or download any tools.  Since this started after clicking a link in an e-mail (which my wife cannot confirm was legitimate) and that NIS seems to be getting interfered with, I am thinking an infection.  It was 1am and I was dead tired so I got it shut down from safe mode.

 

Can I get some help with this?  Suggestions for steps forward?  Since I am not sure how long I can keep the computer stable in normal Windows boot mode, I am not sure where to begin.  I am at work now but will jump on this problem when I get home.  Help please!  Please let me know if I can provide more information.

 

Thanks in advance,

 

KKrusher

 

 

Edit - I was able to get into Safe Mode with Networking and run FRST.  See below for my logs.  If I boot into normal mode the computer locks up within a couple of minutes of Windows loading.  Something is also prevent my Norton from running normally.  Other apps will open for a bit and then lock up. 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by William (administrator) on WILLIAM-M6 (03-08-2017 21:16:19)
Running from C:\Users\William\Desktop
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [681256 2009-01-13] (CyberLink Corporation.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2008-12-02] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\MountPoints2: {2f55cd45-c590-11e4-80ed-bcaec50a5d40} - K:\MotoCastSetup.exe -a
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\MountPoints2: {d8caf8ca-fe49-11e5-9ea5-bcaec50a5d40} - K:\MotoCastSetup.exe -a
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-04-20]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DFC8AAF2-A3F1-4713-BD0F-ABDE42783F17}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/
SearchScopes: HKU\S-1-5-21-466371979-3435322015-2013728622-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22.10.0.85&locale=en_US&guid=D5DBB1C5-0040-11E0-845B-BCAEC50A5D40&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-466371979-3435322015-2013728622-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2017-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://my.xfinity.com/?cid=cust
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default [2017-07-18]
CHR Extension: (Google Slides) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-06]
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-06]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-06]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-12]
CHR Extension: (Google Sheets) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-30]
CHR Extension: (Norton Identity Safe) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-12]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-12] (SUPERAntiSpyware.com)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NIS.exe [326144 2017-07-14] (Symantec Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; J:\Programs\Origin\OriginClientService.exe [2122248 2016-06-19] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20170731.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-12-31] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-12-31] (CyberLink Corporation.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20170802.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-11-22] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-03 21:16 - 2017-08-03 21:16 - 000018452 _____ C:\Users\William\Desktop\FRST.txt
2017-08-03 21:16 - 2017-08-03 21:16 - 000000000 ____D C:\FRST
2017-08-03 21:15 - 2017-08-03 21:15 - 002381312 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
2017-08-02 23:55 - 2017-08-03 21:13 - 000783132 _____ C:\Windows\ntbtlog.txt
2017-08-02 23:01 - 2017-08-02 23:01 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-07-23 19:28 - 2017-07-23 19:28 - 000003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-07-23 19:28 - 2017-07-23 19:28 - 000000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2017-07-12 20:54 - 2017-06-30 00:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 20:54 - 2017-06-29 23:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 20:54 - 2017-06-29 22:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 20:54 - 2017-06-29 22:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 20:54 - 2017-06-29 22:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 20:54 - 2017-06-29 22:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 20:54 - 2017-06-29 22:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 20:54 - 2017-06-29 22:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 20:54 - 2017-06-29 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 20:54 - 2017-06-29 22:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 20:54 - 2017-06-29 22:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 20:54 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 20:54 - 2017-06-29 02:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 20:54 - 2017-06-29 02:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 20:54 - 2017-06-29 02:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 20:54 - 2017-06-29 02:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 20:54 - 2017-06-29 02:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 20:54 - 2017-06-29 01:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 20:54 - 2017-06-29 01:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 20:54 - 2017-06-29 01:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 20:54 - 2017-06-29 01:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 20:54 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 20:54 - 2017-06-29 01:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 20:54 - 2017-06-29 01:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 20:54 - 2017-06-29 01:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 20:54 - 2017-06-29 01:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 20:54 - 2017-06-29 01:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 20:54 - 2017-06-29 01:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 20:54 - 2017-06-29 01:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 20:54 - 2017-06-29 01:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 20:54 - 2017-06-29 01:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 20:54 - 2017-06-29 01:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 20:54 - 2017-06-29 01:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 20:54 - 2017-06-29 01:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 20:54 - 2017-06-29 01:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 20:54 - 2017-06-29 01:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 20:54 - 2017-06-29 01:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 20:54 - 2017-06-29 01:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 20:54 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 20:54 - 2017-06-29 01:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 20:54 - 2017-06-29 01:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 20:54 - 2017-06-29 01:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 20:54 - 2017-06-29 01:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 20:54 - 2017-06-29 01:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 20:54 - 2017-06-29 01:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 20:54 - 2017-06-29 01:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 20:54 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 20:54 - 2017-06-29 00:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 20:54 - 2017-06-29 00:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 20:54 - 2017-06-29 00:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 20:54 - 2017-06-29 00:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 20:54 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 20:54 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 20:54 - 2017-06-29 00:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 20:54 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 20:54 - 2017-06-29 00:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 20:54 - 2017-06-29 00:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 20:54 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 20:54 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 20:54 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 20:54 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 20:54 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 20:54 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 20:54 - 2017-06-22 10:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 20:54 - 2017-06-15 16:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 20:54 - 2017-06-12 18:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 20:54 - 2017-06-12 18:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 20:54 - 2017-06-12 18:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 20:54 - 2017-06-12 18:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 20:54 - 2017-06-12 18:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 20:54 - 2017-06-12 18:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 20:54 - 2017-06-12 18:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 20:54 - 2017-06-12 18:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 20:54 - 2017-06-12 18:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 20:54 - 2017-06-12 18:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 20:54 - 2017-06-10 11:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 20:54 - 2017-06-10 11:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 20:54 - 2017-06-09 11:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 20:54 - 2017-06-06 11:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 20:54 - 2017-06-06 11:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 20:54 - 2017-05-30 00:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 20:54 - 2017-05-30 00:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 20:54 - 2017-05-30 00:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 20:54 - 2017-05-21 00:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 20:54 - 2017-05-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 20:54 - 2017-05-16 11:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 20:54 - 2017-05-16 11:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 20:54 - 2017-05-16 11:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-03 21:06 - 2014-08-04 22:53 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-03 21:06 - 2010-11-26 03:09 - 000000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2017-08-03 21:06 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-03 00:16 - 2010-12-05 22:19 - 000000000 ____D C:\Users\William\AppData\Local\CrashDumps
2017-08-03 00:09 - 2016-11-03 20:36 - 000003030 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-08-03 00:09 - 2009-07-14 01:13 - 000786578 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-03 00:09 - 2009-07-14 00:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-03 00:09 - 2009-07-14 00:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-03 00:09 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-02 23:02 - 2010-12-05 21:40 - 000000000 ____D C:\Users\William\Documents\Outlook Files
2017-08-02 22:57 - 2012-03-19 21:04 - 000000000 ____D C:\Users\William\AppData\Roaming\TS3Client
2017-07-30 20:33 - 2013-01-15 21:40 - 000000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-07-28 22:35 - 2009-07-13 22:34 - 000000513 _____ C:\Windows\win.ini
2017-07-28 22:34 - 2010-12-05 20:07 - 000778700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-23 19:53 - 2015-06-09 17:10 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-23 19:28 - 2015-07-03 13:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-07-23 19:28 - 2010-12-10 20:00 - 000002406 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-07-23 19:28 - 2010-12-10 20:00 - 000000000 ____D C:\Windows\system32\Drivers\NISx64
2017-07-23 18:08 - 2010-12-06 20:37 - 000000000 ____D C:\Users\Public\Documents\Sue's Docs
2017-07-23 15:26 - 2010-12-10 20:00 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-07-23 15:26 - 2010-12-10 20:00 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-07-21 21:15 - 2013-09-29 15:28 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-13 14:49 - 2015-11-01 20:34 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 21:49 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-07-12 20:58 - 2009-07-14 00:45 - 000422608 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 20:56 - 2013-07-11 23:56 - 000000000 ____D C:\Windows\system32\MRT
2017-07-12 20:55 - 2010-12-05 03:50 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 20:51 - 2016-09-14 22:53 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 20:51 - 2016-09-14 22:53 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 20:51 - 2011-10-04 20:48 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-12 20:51 - 2010-12-06 20:35 - 000000000 ____D C:\Users\William\AppData\Local\Adobe
2017-07-12 20:51 - 2010-11-23 09:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2012-12-13 20:55 - 2012-12-13 20:55 - 000000017 _____ () C:\Users\William\AppData\Local\resmon.resmoncfg
2015-12-12 15:56 - 2015-12-12 15:56 - 000000057 _____ () C:\ProgramData\Ament.ini
2013-10-01 22:14 - 2015-12-12 11:42 - 000017441 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 08:42

==================== End of FRST.txt ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by William (03-08-2017 21:16:41)
Running from C:\Users\William\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-23 13:02:27)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-466371979-3435322015-2013728622-500 - Administrator - Disabled)
Guest (S-1-5-21-466371979-3435322015-2013728622-501 - Limited - Disabled)
William (S-1-5-21-466371979-3435322015-2013728622-1000 - Administrator - Enabled) => C:\Users\William

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Call of Duty Black Ops - Remote Console (HKLM-x32\...\Steam App 42720) (Version:  - Treyarch)
Call of Duty® - World at War™ (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War™ (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (HKLM-x32\...\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}) (Version: 1.1 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (HKLM-x32\...\InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (HKLM-x32\...\{E5141379-B2D9-4BBC-BB2A-5805541571DD}) (Version: 1.2 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (HKLM-x32\...\InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (HKLM-x32\...\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}) (Version: 1.3 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (HKLM-x32\...\InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (HKLM-x32\...\{3BD633E0-4BF8-4499-9149-88F0767D449C}) (Version: 1.4 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (HKLM-x32\...\InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch (HKLM-x32\...\InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.5 Patch (HKLM-x32\...\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}) (Version: 1.5 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version: 1.7 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version:  - Treyarch)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.10.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{14574B7F-75D1-4718-B7F2-EBF6E2862A35}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{199E6632-EB28-4F73-AECB-3E192EB92D18}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{25724802-CC14-4B90-9F3B-3D6955EE27B1}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{50193078-F553-4EBA-AA77-64C9FAA12F98}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{51D718D1-DA81-4FAD-919F-5C1CE3C33379}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{66F78C51-D108-4F0C-A93C-1CBE74CE338F}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{80D03817-7943-4839-8E96-B9F924C5E67D}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{97E5205F-EA4F-438F-B211-F1846419F1C1}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{99A7722D-9ACB-43F3-A222-ABC7133F159E}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{D4D244D1-05E0-4D24-86A2-B2433C435671}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{EAF636A9-F664-4703-A659-85A894DA264F}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2505 - CyberLink Corp.)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.4912 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.3605 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2523 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2206 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2217a - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1111 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
H&R Block Massachusetts 2010 (HKLM-x32\...\{B93677FD-F4C4-4CF9-9D44-B4F2F585D835}) (Version: 1.10.2301 - HRB Technology, LLC.)
H&R Block Massachusetts 2011 (HKLM-x32\...\{7F9C8D01-5B27-454F-8629-9EDAA1D9A0BC}) (Version: 1.11.2801 - HRB Technology, LLC.)
H&R Block Massachusetts 2012 (HKLM-x32\...\{0F648B9A-136F-4F8B-9917-81CB95C70210}) (Version: 1.12.2401 - HRB Technology, LLC.)
H&R Block Massachusetts 2013 (HKLM-x32\...\{F96C58CC-0184-4BF0-99A3-AB4461833E39}) (Version: 1.13.4301 - HRB Technology, LLC.)
H&R Block Massachusetts 2014 (HKLM-x32\...\{745EC575-8132-47BE-B8E6-141D08A74EF0}) (Version: 1.14.3501 - HRB Technology, LLC.)
H&R Block Massachusetts 2015 (HKLM-x32\...\{40A5D1EC-7F45-4306-8A39-18D2BE2D7F9A}) (Version: 1.15.4301 - HRB Technology, LLC.)
H&R Block Massachusetts 2016 (HKLM-x32\...\{16C7CF2E-18F4-42D4-8BF2-9E298D924E9B}) (Version: 1.16.4501 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2010 (HKLM-x32\...\{529A52D1-5521-436B-83AB-1322780DCDAD}) (Version: 10.06.6402 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7801 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2014 (HKLM-x32\...\{CDB1D329-A168-427D-837C-2075CDD3DC62}) (Version: 14.07.7401 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2015 (HKLM-x32\...\{388CC13F-FAC4-4D3E-83BF-C849E5D4552A}) (Version: 15.07.8101 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2016 (HKLM-x32\...\{955568EF-4BB1-4822-B2F4-931418CE2E46}) (Version: 16.07.6301 - HRB Technology, LLC.)
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version:  - Stripf Software)
HP ENVY 7640 series Basic Device Software (HKLM\...\{24BF3898-2667-4645-9448-8C6765B801A5}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.10.0.85 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1010 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.7 - Flagship Industries, Inc.)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WhoCrashed 4.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18DE598E-20AD-4E19-835F-C54E02599E61} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {20C11849-8A9C-4E5D-8865-428527EDB4CD} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-07-17] ()
Task: {4AF314F1-28D7-4959-AB1D-7271A99CFD12} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {4F1BC63E-8066-4DC1-8EA2-5D01546818A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5BD51A64-4E14-420E-A49B-01AA4510A52D} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {8E9BC8C1-F9C6-4008-9B4C-C425F2237763} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {AE7E0720-6319-4A73-AE36-70C15549668F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {C773B686-F784-484A-8C89-F99A7FE78BDC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {CA6B4015-6CDC-4BBB-BC92-2567AB9BB92C} - System32\Tasks\{D4ECABA3-0409-4C6B-9927-D1A6011FC059} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EVGA Precision X\uninstall.exe"
Task: {E3F47791-ADA4-4501-829E-6D18A6513BE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {EB64FD97-C5AA-427F-A1C3-EAEEC9C6803C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {F1BD699E-54BC-4B67-8A7E-4ACFE691B4E4} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2013-06-14] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-16 08:12 - 2015-09-16 08:12 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\William\Documents\B5 team photo.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\B5 team photo2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\chinese chicken salad.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\crunchy chicken.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\mini black bottom cheesecakes.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\Mom's apple kuchen.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\Nick physical 2014 p 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical 2014 p 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical page one 7-17-2015.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical page one 7-17-2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\nick physical page two 7-17-2015.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\nick physical page two 7-17-2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\palatka letter info.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\William\Documents\palatka letter info.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\rec dept payroll info.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-11-09 10:31 - 000450817 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 15466 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\William\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1141DED0-A927-4938-91EC-7E86D4241713}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{109E9C33-51C9-4214-A8D1-B58A2F9E97C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{C8730ECC-317E-44E5-AA58-6A15C55CAC5A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6F95071-A816-4348-83CE-5073D2CBB091}] => (Allow) LPort=2869
FirewallRules: [{B0C9CB0D-A440-4BA9-9899-0BDBDAEBDB38}] => (Allow) LPort=1900
FirewallRules: [{A2FDB530-CE1F-488C-A141-A70CA749DD87}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3760D58C-263C-45F1-9214-FDF9DBA936F0}] => (Allow) J:\Programs\Ventrilo\Ventrilo.exe
FirewallRules: [{27A67B43-2FBA-4F94-8C5B-E16C807BC15E}] => (Allow) J:\Programs\Ventrilo\Ventrilo.exe
FirewallRules: [{BBB1B859-7706-4A2C-B12D-8A7BA30087D9}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{D47F6E5F-F194-4522-A98E-B49B0F8E0AEB}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{A2DA6ED8-B498-466B-A634-33AA1CC7EB98}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{BA45CA11-6CCE-43F2-8A3A-C8AE8E06A528}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{F8B2D318-5E7E-4941-BF4E-2E11988CD3EC}] => (Allow) J:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [{A84822F6-5CE2-4602-B89D-2DC4AB121564}] => (Allow) J:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [{97874B3B-BBF6-48BD-B96B-4B336411C305}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{9265D3B2-8C16-4685-B2E2-CB36DE8155FA}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{EE1019BE-EDDB-4D43-B7CB-FB8D7A898F9A}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{AAEFDC45-B2B8-4538-BEFA-C3AA8A0ABA56}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{80ACA0AE-229D-49D0-AE62-D66D9A68E608}] => (Allow) J:\Programs\Valve\Steam\Steam.exe
FirewallRules: [{3D0315B7-0C26-4100-9631-C9F01D8B7026}] => (Allow) J:\Programs\Valve\Steam\Steam.exe
FirewallRules: [{82391BFF-7C17-408D-9805-039E3C7017F2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops rcon\BlackOpsRcon.exe
FirewallRules: [{D93256FC-07EE-4B0B-A775-EB855C7182BC}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops rcon\BlackOpsRcon.exe
FirewallRules: [{63C49B78-DD98-4323-85F2-45CBDB78372A}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\aliens vs predator demo\AvP.exe
FirewallRules: [{31F3DD45-E9CE-4D0B-86BC-0DC59251F97C}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\aliens vs predator demo\AvP.exe
FirewallRules: [{267D92AA-E32E-47CA-86DA-B205508CB0B2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{CAFD7E46-7CB6-49AB-B035-E27C5123529D}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{3CDFA29C-3E31-418B-BF06-05354138581F}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\alien swarm\srcds.exe
FirewallRules: [{303400D8-0A66-4DF3-A56E-25F725FFC262}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\alien swarm\srcds.exe
FirewallRules: [{F8C3871C-3294-4CB2-82D7-E9B958F39173}] => (Allow) J:\Programs\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{FAA94258-4092-47FE-89C4-5605C8877829}] => (Allow) J:\Programs\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{0D15743F-C4B4-402B-9EC0-21F124D156F6}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{604A14DE-5E0C-412B-8398-2B575A9B6D02}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{CC320441-1089-47F0-91ED-EB2EEFC80C3A}] => (Allow) J:\Programs\Activision\iw3mp.exe
FirewallRules: [{A6EF8CB6-2DC5-4926-9CD5-10AD0D459F28}] => (Allow) J:\Programs\Activision\iw3mp.exe
FirewallRules: [{9C129325-778E-46A9-9484-3146779654CB}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{6F5DE72E-294B-4D40-ACEA-63EC1E4747E7}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{2CF6C8D5-DF7F-4018-9623-0FD7A4C3D329}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{851A7F69-CC03-4B90-81CA-61AF0A615319}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{D367B2D8-AE13-462F-AB83-0B8635B4DBC2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{F866FF2F-22EC-47B0-AB9D-DFC26B027394}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{FBD3C6B0-957B-4B9B-A1C6-C2317C43A94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E4CFC8EC-4F58-4984-80A8-AE45FF466943}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{05D0AF82-060C-412E-9FAF-430439DF431B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ADB0086C-6849-4040-8AE7-71681E3E10D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{3346850B-1024-4DFC-9DD7-2B921B060323}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{7012BD0A-228A-4664-898F-29016EA39FC4}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{AC452E3B-F0F8-46A7-A5F1-55EF31151018}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{E6BF2397-FD42-4DF7-8E8A-AE6E668279C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{08A37292-1720-4612-A132-6783DB669502}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C9EE3798-F835-41D1-855C-A9900678F8A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{3EAABE81-7092-4268-AF6C-EAA592CDF6DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DBA17BDF-F2E1-430C-B90E-F1A3A13D1BA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F42DA253-3AA5-46AE-AFA6-3429DDFECC65}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B878A9EC-F3DD-45AA-ACFE-941C4D8B6314}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{02E58002-3904-48BE-94D7-AEF6EE2BD4AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9EC7E59B-BEFC-437D-9945-456A165CEC1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{EFCD9998-DA65-4FD8-9AE3-061A01B0BAE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{98CE7484-8341-4A51-B083-E49719DABF9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{D97F3068-60D8-42B5-91EB-9A19FD460F9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{25F43728-6A01-4AF3-8F27-3AA0C4C349D7}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{20E1523F-DAC2-48FB-AFAF-231CD9771206}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{672C3371-8898-46B4-9CDB-18BE76894BDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6273189A-B47F-4ABE-873C-BC4E93238663}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0A885689-FEFC-4B00-AE00-FAC00FB2C78A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{91E0B321-DABB-4A50-934B-1E46893137CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{8144FE65-C841-4F3E-92DB-06F25D99A82A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7A290FE2-51B5-4023-8408-83776551E3DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8BF4B6A6-BFC9-4466-99DB-C7BE8BA05240}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{09CDD34C-833B-4330-BD7D-38ACEE090EEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE10AF99-3E18-4733-97B3-5740FF5BE509}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{B6BD89ED-E052-4832-B943-49C5C8D117A6}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C1E02006-5BC0-4EEC-8100-BF4F14F00737}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B180FAE8-1100-4375-BEA9-EDD0F0B629F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A46A103-A2B7-4BC8-8777-994710396755}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24B21B96-3F5F-4A35-BF35-53B09260BABA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5232D42C-9FBA-4855-8D05-D162B4A39B62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{AD4673C2-3F55-4BE2-B197-9C3450E92910}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{622BF3AF-BA30-42CB-BBE0-CA28A4A20DB8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{79503576-66E1-4867-82FE-70D991C01ADA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F714B44-4CB5-4C5F-B02C-C4FB35C95CE4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{86EE8BCC-EC4F-4470-A6F5-1385B541A8B1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D4A70D94-1A61-4221-A191-FDD1630618D3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{23B80B47-F3C8-4D84-9E52-0668D0F16A89}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B9E9A64E-62AC-4ABE-8CEA-8989ACDC83E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{809F9C4A-6476-47E8-8AB7-200BF53F30AA}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{E797E2C2-777C-48F5-96B4-2091AA025F30}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{62844DBC-9002-4A69-A5D2-E982157D0D36}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3C785191-1E25-4A0A-BCB4-6C6E0087C7B6}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{7AB81EEA-604D-4ADB-A12D-867993033986}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{6B1BFCC2-A4B6-458E-8D24-95EC7ADB8AC7}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{E9D2D388-E491-4DD7-B278-3BB932734DAF}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{3DDBB56C-F9DD-4572-97F9-2BB49DFF78C3}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C481E1CE-C2DB-4568-883B-ACFDACBE54ED}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{6D062E5A-E581-4FD9-8F69-54E6FA8D4420}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{FD97C704-D506-414B-AE30-F205A172464D}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{897BAF90-1D64-4B42-BA52-291201EFDB0E}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DDE564B7-DCF0-42FB-B015-115E00669C98}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CDD66ECF-1074-47F0-B67D-50728AE34F61}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{43DE52EC-DDCA-41FD-9B1C-7117E9592FE1}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{97A6F143-A83A-4A0B-9E63-B655A8C54C80}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{42882AF9-2CCA-43AF-81EA-35D09C43D568}] => (Allow) J:\Programs\Valve\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE1E1E00-EE24-4A7A-B4EC-C9E1E1CAB2C8}] => (Allow) J:\Programs\Valve\Steam\bin\steamwebhelper.exe
FirewallRules: [{41547868-2AF8-41FF-87CC-9363FD8D555F}] => (Allow) J:\Programs\Battle.net\Battle.net.exe
FirewallRules: [{CD72EFDB-30AE-4B51-BD5A-1584B54B6728}] => (Allow) J:\Programs\Battle.net\Battle.net.exe
FirewallRules: [{5A6156AF-12B5-4C4F-A3EF-0317BD3D312E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{B2F07098-4981-4BDA-8364-2DF9A3BC8DC5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{BA03FD10-CF0A-4EE3-9C8D-4492C67432E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{9B59AE15-90B8-44B5-9BEE-F3958AE0E9B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A02425FB-76CA-4B29-8754-7A88A23BF85B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{3329F535-3D5E-4DBE-BAAB-E225302E6C51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{D8D9D444-99D6-48ED-A772-4A06A934C14B}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{1473BED7-CE9A-476A-8E99-20B82E31C3DA}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{2E00A5C9-9276-45F9-810B-8A904CD60350}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS41F5\HPDiagnosticCoreUI.exe
FirewallRules: [{804A0D5E-C11B-4833-8F1D-3DC96DB79B1D}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS41F5\HPDiagnosticCoreUI.exe
FirewallRules: [{01E600B3-9F64-4152-B274-28E2464263EE}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS5995\HPDiagnosticCoreUI.exe
FirewallRules: [{6EBEEBB1-3561-4862-8804-FC708B49C02D}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS5995\HPDiagnosticCoreUI.exe
FirewallRules: [{38BFA610-FD0C-49DA-9E0A-9FF00B11EE74}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS76BC\setup\hpznui40.exe
FirewallRules: [{A86976E3-56E9-4112-86D1-7044B69C245C}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS6FA3\hppiw.exe
FirewallRules: [{D2AC25A1-9153-4CBF-BC6B-11A5935E8BD5}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS6FA3\hppiw.exe
FirewallRules: [{22F294AF-6F7D-489B-BAE6-9AFA89F4899A}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS71C4\hppiw.exe
FirewallRules: [{FC0E1769-239E-4ADA-B823-C9702E1E745E}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS71C4\hppiw.exe
FirewallRules: [{FB37C437-B682-4740-847F-665BFD4DD6FA}] => (Allow) J:\Programs\Battlefield 4\bf4_x86.exe
FirewallRules: [{8DE9D8F0-7220-4211-8BB3-EECE7CA13396}] => (Allow) J:\Programs\Battlefield 4\bf4_x86.exe
FirewallRules: [{CDAD35A0-D49D-4014-B74F-6D86050D3476}] => (Allow) J:\Programs\Battlefield 4\bf4.exe
FirewallRules: [{7CDDEDF5-FE7D-4709-9699-9591C46DFB5E}] => (Allow) J:\Programs\Battlefield 4\bf4.exe
FirewallRules: [{4259210B-4ACC-4635-B203-05BC08934423}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9F66D614-0489-44B2-8CD6-C274E454C8DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{44BE852C-C5EC-48B5-B541-634AEC821EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F16C3378-2277-4F44-9F26-68F04E5505D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7CCB4F6-D351-45B2-91E3-6D3F2F1B2367}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE3942A5-AE44-4C9E-9116-6F2B66164AF9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{AA2D4608-4C73-42E6-9D4C-716FDF217A42}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{6C3F8BF2-41FF-4242-82A3-495B05E97100}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{0B9543B7-B568-462E-BA88-FFB16B5A29DC}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{A0738FCC-5A0F-4DD3-9DCA-AD49F1BE2C33}] => (Allow) LPort=5357
FirewallRules: [{9C835B53-F721-418C-B516-14A259A9F387}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{71C26990-BB07-49B6-98E9-872B04804489}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS1A16\HPDiagnosticCoreUI.exe
FirewallRules: [{5750C242-F05B-446E-A859-CF76439154A5}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS1A16\HPDiagnosticCoreUI.exe
FirewallRules: [{20C2D803-A482-444F-8D06-D4ED264DA478}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{2502582C-F873-4960-8270-10A386270E4E}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{E0D6EE6F-20DF-407E-8B85-6249E0EB4EEC}] => (Allow) J:\Programs\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{59279579-A0BB-49B6-A5D6-4AD31DFBB47C}] => (Allow) J:\Programs\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{37421B36-54F0-457F-B087-242127A03142}] => (Allow) J:\Programs\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{85D9E911-9F2D-45E2-B96D-2507658E24C1}] => (Allow) J:\Programs\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{14710DA1-6225-42E3-B573-ED5D132DF40B}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{4C0BD878-234B-4BDD-8326-A4D99CF62BC9}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{96187D7E-0B2B-4F6E-B666-A484A90DBE6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BF56D6A8-D497-4CF5-BB20-869FBC50DAC1}] => (Allow) J:\Programs\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA89C779-7AC4-4FD9-9DD6-353EFC8956F3}] => (Allow) J:\Programs\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E27868CF-4AA8-420D-9B22-CF0BDFE906EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-07-2017 21:15:16 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-07-2017 21:15:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
28-07-2017 22:33:47 Windows Update
01-08-2017 18:00:01 Windows Backup

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart 2600 series
Description: Photosmart 2600 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2017 12:16:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x5f0
Faulting application start time: 0x01d30c0f478dca22
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 8eb3ef3a-7802-11e7-abbc-d29b9466f135

Error: (08/03/2017 12:15:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x51c
Faulting application start time: 0x01d30c0f29878ece
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 7111adb1-7802-11e7-abbc-d29b9466f135

Error: (08/03/2017 12:04:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 15.0.0.80, time stamp: 0x59407d82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000011000000
Faulting process id: 0x1798
Faulting application start time: 0x01d30c0d8fb0d8eb
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NIS.exe
Faulting module path: unknown
Report Id: cda74db2-7800-11e7-9744-bcaec50a5d40

Error: (08/03/2017 12:03:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000005
Fault offset: 0x000000000004da56
Faulting process id: 0x12c4
Faulting application start time: 0x01d30c0d7c7f16fa
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: baa37a48-7800-11e7-9744-bcaec50a5d40

Error: (08/02/2017 08:25:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x92c
Faulting application start time: 0x01d30b8a706b45e7
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: afba940d-777d-11e7-99d9-bcaec50a5d40

Error: (08/02/2017 08:25:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (08/02/2017 08:21:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/01/2017 08:11:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x162c
Faulting application start time: 0x01d30abf56ef85a5
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 96009247-76b2-11e7-89ec-bcaec50a5d40

Error: (08/01/2017 08:11:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (08/01/2017 08:07:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (08/03/2017 09:16:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:16:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/03/2017 09:14:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 16%
Total physical RAM: 6135.11 MB
Available physical RAM: 5153.15 MB
Total Virtual: 12268.4 MB
Available Virtual: 11345.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:27.55 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:931.51 GB) (Free:130.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 41B2C038)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 639628BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Please help!

 

KKrusher

 

 

Moved from AII, FRST log

NickAu


Edited by NickAu, 03 August 2017 - 09:10 PM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 04 August 2017 - 07:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please Boot to Safe mode with Networking.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.
===

Restart the computer normally. If successful please run the Farbar tool and post fresh FRST and Addition.txt logs.

To create a new Addition.txt file make sure the the box to create the Addition.txt log is marked.

#3 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 August 2017 - 07:13 AM

Good Morning Nasdaq!  I literally just got to work and had just entered the forums.  Suddenly my post jumped to the top with your reply!  Great timing! 

 

Without the computer crashing, I have to do something a boot to get the computer to intentionally go into Safe Mode with Networking.  Is that correct?  It is using the F8 or DEL key or something at the bios boot screen if I remember correctly.

 

I am heading home from work early today.  I will go through your instructions and post back this afternoon!  Thanks for the assistance!

 

KKrusher



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 04 August 2017 - 09:31 AM

F8 key should work.

http://support.eset.com/kb2268/?locale=en_US

#5 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 August 2017 - 02:22 PM

Followed instructions to run Zoek.exe

When it finished it wanted a reboot.  I could not get it back into Safe Mode so it booted into normal Windows mode.  The behavior was pretty much the same.  It was stable for a couple of minutes but Norton was not loading and IE became unstable.  Finally everything locked up.  I will post the Zoek log below and generate new FRST logs in Safe Mode with Networking.  I will try and get logs from normal Windows mode as well.

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by William on Fri 08/04/2017 at 15:04:57.23.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\William\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\Program Files\Symantec deleted successfully
C:\Users\William\AppData\Roaming\Skinux deleted successfully
C:\Users\William\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\William\AppData\Local\EmieSiteList deleted successfully
C:\Users\William\AppData\Local\EmieUserList deleted successfully
C:\Users\William\AppData\Local\KodakGallery deleted successfully
C:\Users\William\AppData\Local\MigWiz deleted successfully
C:\Users\William\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-466371979-3435322015-2013728622-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Origin Games not found
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\William\AppData\Local\CrashRpt deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon" [07/23/2017 07:28 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon" [07/23/2017 07:28 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx[07/14/2017 05:15 PM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Norton Security Toolbar - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Media Router - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://my.xfinity.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://my.xfinity.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-466371979-3435322015-2013728622-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_USERS\S-1-5-21-466371979-3435322015-2013728622-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=41 folders=52 107492238 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\William\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\William\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 08/04/2017 at 15:13:06.23 ======================

 

More coming...



#6 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 August 2017 - 02:26 PM

New FRST.txt from Safe Mode with Networking

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by William (administrator) on WILLIAM-M6 (04-08-2017 15:23:07)
Running from C:\Users\William\Desktop
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [681256 2009-01-13] (CyberLink Corporation.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2008-12-02] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\MountPoints2: {2f55cd45-c590-11e4-80ed-bcaec50a5d40} - K:\MotoCastSetup.exe -a
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\MountPoints2: {d8caf8ca-fe49-11e5-9ea5-bcaec50a5d40} - K:\MotoCastSetup.exe -a
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-04-20]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DFC8AAF2-A3F1-4713-BD0F-ABDE42783F17}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/
SearchScopes: HKU\S-1-5-21-466371979-3435322015-2013728622-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-466371979-3435322015-2013728622-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2017-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://my.xfinity.com/?cid=cust
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default [2017-08-04]
CHR Extension: (Google Slides) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-06]
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-06]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-06]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-12]
CHR Extension: (Google Sheets) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-30]
CHR Extension: (Norton Identity Safe) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-12]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-12] (SUPERAntiSpyware.com)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NIS.exe [326144 2017-07-14] (Symantec Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; J:\Programs\Origin\OriginClientService.exe [2122248 2016-06-19] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20170731.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-12-31] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-12-31] (CyberLink Corporation.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20170802.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-11-22] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 15:23 - 2017-08-04 15:23 - 000018195 _____ C:\Users\William\Desktop\FRST.txt
2017-08-04 15:13 - 2017-08-04 15:13 - 000000000 ____D C:\Users\William\AppData\Local\VirtualStore
2017-08-04 15:11 - 2017-08-04 15:04 - 000024064 _____ C:\Windows\zoek-delete.exe
2017-08-04 15:04 - 2017-08-04 15:10 - 000000000 ____D C:\zoek_backup
2017-08-04 15:04 - 2017-08-04 15:04 - 001309184 _____ C:\Users\William\Desktop\zoek.exe
2017-08-03 21:16 - 2017-08-04 15:23 - 000000000 ____D C:\FRST
2017-08-03 21:15 - 2017-08-03 21:15 - 002381312 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
2017-08-02 23:55 - 2017-08-04 15:18 - 001016344 _____ C:\Windows\ntbtlog.txt
2017-08-02 23:01 - 2017-08-02 23:01 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-07-23 19:28 - 2017-07-23 19:28 - 000003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-07-23 19:28 - 2017-07-23 19:28 - 000000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2017-07-12 20:54 - 2017-06-30 00:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 20:54 - 2017-06-29 23:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 20:54 - 2017-06-29 22:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 20:54 - 2017-06-29 22:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 20:54 - 2017-06-29 22:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 20:54 - 2017-06-29 22:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 20:54 - 2017-06-29 22:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 20:54 - 2017-06-29 22:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 20:54 - 2017-06-29 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 20:54 - 2017-06-29 22:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 20:54 - 2017-06-29 22:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 20:54 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 20:54 - 2017-06-29 02:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 20:54 - 2017-06-29 02:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 20:54 - 2017-06-29 02:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 20:54 - 2017-06-29 02:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 20:54 - 2017-06-29 02:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 20:54 - 2017-06-29 01:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 20:54 - 2017-06-29 01:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 20:54 - 2017-06-29 01:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 20:54 - 2017-06-29 01:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 20:54 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 20:54 - 2017-06-29 01:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 20:54 - 2017-06-29 01:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 20:54 - 2017-06-29 01:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 20:54 - 2017-06-29 01:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 20:54 - 2017-06-29 01:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 20:54 - 2017-06-29 01:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 20:54 - 2017-06-29 01:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 20:54 - 2017-06-29 01:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 20:54 - 2017-06-29 01:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 20:54 - 2017-06-29 01:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 20:54 - 2017-06-29 01:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 20:54 - 2017-06-29 01:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 20:54 - 2017-06-29 01:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 20:54 - 2017-06-29 01:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 20:54 - 2017-06-29 01:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 20:54 - 2017-06-29 01:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 20:54 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 20:54 - 2017-06-29 01:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 20:54 - 2017-06-29 01:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 20:54 - 2017-06-29 01:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 20:54 - 2017-06-29 01:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 20:54 - 2017-06-29 01:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 20:54 - 2017-06-29 01:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 20:54 - 2017-06-29 01:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 20:54 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 20:54 - 2017-06-29 00:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 20:54 - 2017-06-29 00:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 20:54 - 2017-06-29 00:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 20:54 - 2017-06-29 00:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 20:54 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 20:54 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 20:54 - 2017-06-29 00:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 20:54 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 20:54 - 2017-06-29 00:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 20:54 - 2017-06-29 00:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 20:54 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 20:54 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 20:54 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 20:54 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 20:54 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 20:54 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 20:54 - 2017-06-22 10:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 20:54 - 2017-06-15 16:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 20:54 - 2017-06-12 18:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 20:54 - 2017-06-12 18:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 20:54 - 2017-06-12 18:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 20:54 - 2017-06-12 18:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 20:54 - 2017-06-12 18:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 20:54 - 2017-06-12 18:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 20:54 - 2017-06-12 18:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 20:54 - 2017-06-12 18:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 20:54 - 2017-06-12 18:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 20:54 - 2017-06-12 18:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 20:54 - 2017-06-10 11:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 20:54 - 2017-06-10 11:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 20:54 - 2017-06-09 11:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 20:54 - 2017-06-06 11:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 20:54 - 2017-06-06 11:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 20:54 - 2017-05-30 00:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 20:54 - 2017-05-30 00:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 20:54 - 2017-05-30 00:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 20:54 - 2017-05-21 00:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 20:54 - 2017-05-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 20:54 - 2017-05-16 11:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 20:54 - 2017-05-16 11:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 20:54 - 2017-05-16 11:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 15:22 - 2009-07-14 01:13 - 000786578 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-04 15:22 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-04 15:13 - 2010-11-26 03:09 - 000000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2017-08-04 15:12 - 2014-08-04 22:53 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-04 15:12 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-04 15:06 - 2010-12-05 22:19 - 000000000 ____D C:\Users\William\AppData\Local\CrashDumps
2017-08-03 00:09 - 2016-11-03 20:36 - 000003030 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-08-03 00:09 - 2009-07-14 00:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-03 00:09 - 2009-07-14 00:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-02 23:02 - 2010-12-05 21:40 - 000000000 ____D C:\Users\William\Documents\Outlook Files
2017-08-02 22:57 - 2012-03-19 21:04 - 000000000 ____D C:\Users\William\AppData\Roaming\TS3Client
2017-07-30 20:33 - 2013-01-15 21:40 - 000000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-07-28 22:35 - 2009-07-13 22:34 - 000000513 _____ C:\Windows\win.ini
2017-07-28 22:34 - 2010-12-05 20:07 - 000778700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-23 19:53 - 2015-06-09 17:10 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-23 19:28 - 2015-07-03 13:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-07-23 19:28 - 2010-12-10 20:00 - 000002406 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-07-23 19:28 - 2010-12-10 20:00 - 000000000 ____D C:\Windows\system32\Drivers\NISx64
2017-07-23 18:08 - 2010-12-06 20:37 - 000000000 ____D C:\Users\Public\Documents\Sue's Docs
2017-07-23 15:26 - 2010-12-10 20:00 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-07-23 15:26 - 2010-12-10 20:00 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-07-13 14:49 - 2015-11-01 20:34 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 21:49 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-07-12 20:58 - 2009-07-14 00:45 - 000422608 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 20:56 - 2013-07-11 23:56 - 000000000 ____D C:\Windows\system32\MRT
2017-07-12 20:55 - 2010-12-05 03:50 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 20:51 - 2016-09-14 22:53 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 20:51 - 2016-09-14 22:53 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 20:51 - 2011-10-04 20:48 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-12 20:51 - 2010-12-06 20:35 - 000000000 ____D C:\Users\William\AppData\Local\Adobe
2017-07-12 20:51 - 2010-11-23 09:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2012-12-13 20:55 - 2012-12-13 20:55 - 000000017 _____ () C:\Users\William\AppData\Local\resmon.resmoncfg
2015-12-12 15:56 - 2015-12-12 15:56 - 000000057 _____ () C:\ProgramData\Ament.ini
2013-10-01 22:14 - 2015-12-12 11:42 - 000017441 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 08:42

==================== End of FRST.txt ============================

 

New Addition.txt from Safe Mode with Networking

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by William (04-08-2017 15:23:28)
Running from C:\Users\William\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-23 13:02:27)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-466371979-3435322015-2013728622-500 - Administrator - Disabled)
Guest (S-1-5-21-466371979-3435322015-2013728622-501 - Limited - Disabled)
William (S-1-5-21-466371979-3435322015-2013728622-1000 - Administrator - Enabled) => C:\Users\William

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Call of Duty Black Ops - Remote Console (HKLM-x32\...\Steam App 42720) (Version:  - Treyarch)
Call of Duty® - World at War™ (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War™ (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (HKLM-x32\...\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}) (Version: 1.1 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (HKLM-x32\...\InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (HKLM-x32\...\{E5141379-B2D9-4BBC-BB2A-5805541571DD}) (Version: 1.2 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (HKLM-x32\...\InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (HKLM-x32\...\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}) (Version: 1.3 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (HKLM-x32\...\InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (HKLM-x32\...\{3BD633E0-4BF8-4499-9149-88F0767D449C}) (Version: 1.4 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (HKLM-x32\...\InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch (HKLM-x32\...\InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.5 Patch (HKLM-x32\...\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}) (Version: 1.5 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version: 1.7 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version:  - Treyarch)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.10.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{14574B7F-75D1-4718-B7F2-EBF6E2862A35}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{199E6632-EB28-4F73-AECB-3E192EB92D18}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{25724802-CC14-4B90-9F3B-3D6955EE27B1}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{50193078-F553-4EBA-AA77-64C9FAA12F98}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{51D718D1-DA81-4FAD-919F-5C1CE3C33379}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{66F78C51-D108-4F0C-A93C-1CBE74CE338F}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{80D03817-7943-4839-8E96-B9F924C5E67D}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{97E5205F-EA4F-438F-B211-F1846419F1C1}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{99A7722D-9ACB-43F3-A222-ABC7133F159E}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{D4D244D1-05E0-4D24-86A2-B2433C435671}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{EAF636A9-F664-4703-A659-85A894DA264F}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2505 - CyberLink Corp.)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.4912 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.3605 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2523 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2206 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2217a - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1111 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
H&R Block Massachusetts 2010 (HKLM-x32\...\{B93677FD-F4C4-4CF9-9D44-B4F2F585D835}) (Version: 1.10.2301 - HRB Technology, LLC.)
H&R Block Massachusetts 2011 (HKLM-x32\...\{7F9C8D01-5B27-454F-8629-9EDAA1D9A0BC}) (Version: 1.11.2801 - HRB Technology, LLC.)
H&R Block Massachusetts 2012 (HKLM-x32\...\{0F648B9A-136F-4F8B-9917-81CB95C70210}) (Version: 1.12.2401 - HRB Technology, LLC.)
H&R Block Massachusetts 2013 (HKLM-x32\...\{F96C58CC-0184-4BF0-99A3-AB4461833E39}) (Version: 1.13.4301 - HRB Technology, LLC.)
H&R Block Massachusetts 2014 (HKLM-x32\...\{745EC575-8132-47BE-B8E6-141D08A74EF0}) (Version: 1.14.3501 - HRB Technology, LLC.)
H&R Block Massachusetts 2015 (HKLM-x32\...\{40A5D1EC-7F45-4306-8A39-18D2BE2D7F9A}) (Version: 1.15.4301 - HRB Technology, LLC.)
H&R Block Massachusetts 2016 (HKLM-x32\...\{16C7CF2E-18F4-42D4-8BF2-9E298D924E9B}) (Version: 1.16.4501 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2010 (HKLM-x32\...\{529A52D1-5521-436B-83AB-1322780DCDAD}) (Version: 10.06.6402 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7801 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2014 (HKLM-x32\...\{CDB1D329-A168-427D-837C-2075CDD3DC62}) (Version: 14.07.7401 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2015 (HKLM-x32\...\{388CC13F-FAC4-4D3E-83BF-C849E5D4552A}) (Version: 15.07.8101 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2016 (HKLM-x32\...\{955568EF-4BB1-4822-B2F4-931418CE2E46}) (Version: 16.07.6301 - HRB Technology, LLC.)
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version:  - Stripf Software)
HP ENVY 7640 series Basic Device Software (HKLM\...\{24BF3898-2667-4645-9448-8C6765B801A5}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.10.0.85 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1010 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.7 - Flagship Industries, Inc.)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WhoCrashed 4.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18DE598E-20AD-4E19-835F-C54E02599E61} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {20C11849-8A9C-4E5D-8865-428527EDB4CD} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-07-17] ()
Task: {4AF314F1-28D7-4959-AB1D-7271A99CFD12} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {4F1BC63E-8066-4DC1-8EA2-5D01546818A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5BD51A64-4E14-420E-A49B-01AA4510A52D} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {8E9BC8C1-F9C6-4008-9B4C-C425F2237763} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {AE7E0720-6319-4A73-AE36-70C15549668F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {C773B686-F784-484A-8C89-F99A7FE78BDC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {CA6B4015-6CDC-4BBB-BC92-2567AB9BB92C} - System32\Tasks\{D4ECABA3-0409-4C6B-9927-D1A6011FC059} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EVGA Precision X\uninstall.exe"
Task: {E3F47791-ADA4-4501-829E-6D18A6513BE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {EB64FD97-C5AA-427F-A1C3-EAEEC9C6803C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {F1BD699E-54BC-4B67-8A7E-4ACFE691B4E4} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2013-06-14] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-16 08:12 - 2015-09-16 08:12 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\William\Documents\B5 team photo.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\B5 team photo2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\chinese chicken salad.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\crunchy chicken.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\mini black bottom cheesecakes.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\Mom's apple kuchen.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\Nick physical 2014 p 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical 2014 p 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical page one 7-17-2015.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical page one 7-17-2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\nick physical page two 7-17-2015.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\nick physical page two 7-17-2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\palatka letter info.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\William\Documents\palatka letter info.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\rec dept payroll info.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-11-09 10:31 - 000450817 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 15466 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\William\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1141DED0-A927-4938-91EC-7E86D4241713}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{109E9C33-51C9-4214-A8D1-B58A2F9E97C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{C8730ECC-317E-44E5-AA58-6A15C55CAC5A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6F95071-A816-4348-83CE-5073D2CBB091}] => (Allow) LPort=2869
FirewallRules: [{B0C9CB0D-A440-4BA9-9899-0BDBDAEBDB38}] => (Allow) LPort=1900
FirewallRules: [{A2FDB530-CE1F-488C-A141-A70CA749DD87}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3760D58C-263C-45F1-9214-FDF9DBA936F0}] => (Allow) J:\Programs\Ventrilo\Ventrilo.exe
FirewallRules: [{27A67B43-2FBA-4F94-8C5B-E16C807BC15E}] => (Allow) J:\Programs\Ventrilo\Ventrilo.exe
FirewallRules: [{BBB1B859-7706-4A2C-B12D-8A7BA30087D9}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{D47F6E5F-F194-4522-A98E-B49B0F8E0AEB}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{A2DA6ED8-B498-466B-A634-33AA1CC7EB98}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{BA45CA11-6CCE-43F2-8A3A-C8AE8E06A528}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{F8B2D318-5E7E-4941-BF4E-2E11988CD3EC}] => (Allow) J:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [{A84822F6-5CE2-4602-B89D-2DC4AB121564}] => (Allow) J:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [{97874B3B-BBF6-48BD-B96B-4B336411C305}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{9265D3B2-8C16-4685-B2E2-CB36DE8155FA}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{EE1019BE-EDDB-4D43-B7CB-FB8D7A898F9A}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{AAEFDC45-B2B8-4538-BEFA-C3AA8A0ABA56}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{80ACA0AE-229D-49D0-AE62-D66D9A68E608}] => (Allow) J:\Programs\Valve\Steam\Steam.exe
FirewallRules: [{3D0315B7-0C26-4100-9631-C9F01D8B7026}] => (Allow) J:\Programs\Valve\Steam\Steam.exe
FirewallRules: [{82391BFF-7C17-408D-9805-039E3C7017F2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops rcon\BlackOpsRcon.exe
FirewallRules: [{D93256FC-07EE-4B0B-A775-EB855C7182BC}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops rcon\BlackOpsRcon.exe
FirewallRules: [{63C49B78-DD98-4323-85F2-45CBDB78372A}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\aliens vs predator demo\AvP.exe
FirewallRules: [{31F3DD45-E9CE-4D0B-86BC-0DC59251F97C}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\aliens vs predator demo\AvP.exe
FirewallRules: [{267D92AA-E32E-47CA-86DA-B205508CB0B2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{CAFD7E46-7CB6-49AB-B035-E27C5123529D}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{3CDFA29C-3E31-418B-BF06-05354138581F}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\alien swarm\srcds.exe
FirewallRules: [{303400D8-0A66-4DF3-A56E-25F725FFC262}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\alien swarm\srcds.exe
FirewallRules: [{F8C3871C-3294-4CB2-82D7-E9B958F39173}] => (Allow) J:\Programs\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{FAA94258-4092-47FE-89C4-5605C8877829}] => (Allow) J:\Programs\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{0D15743F-C4B4-402B-9EC0-21F124D156F6}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{604A14DE-5E0C-412B-8398-2B575A9B6D02}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{CC320441-1089-47F0-91ED-EB2EEFC80C3A}] => (Allow) J:\Programs\Activision\iw3mp.exe
FirewallRules: [{A6EF8CB6-2DC5-4926-9CD5-10AD0D459F28}] => (Allow) J:\Programs\Activision\iw3mp.exe
FirewallRules: [{9C129325-778E-46A9-9484-3146779654CB}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{6F5DE72E-294B-4D40-ACEA-63EC1E4747E7}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{2CF6C8D5-DF7F-4018-9623-0FD7A4C3D329}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{851A7F69-CC03-4B90-81CA-61AF0A615319}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{D367B2D8-AE13-462F-AB83-0B8635B4DBC2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{F866FF2F-22EC-47B0-AB9D-DFC26B027394}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{FBD3C6B0-957B-4B9B-A1C6-C2317C43A94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E4CFC8EC-4F58-4984-80A8-AE45FF466943}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{05D0AF82-060C-412E-9FAF-430439DF431B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ADB0086C-6849-4040-8AE7-71681E3E10D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{3346850B-1024-4DFC-9DD7-2B921B060323}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{7012BD0A-228A-4664-898F-29016EA39FC4}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{AC452E3B-F0F8-46A7-A5F1-55EF31151018}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{E6BF2397-FD42-4DF7-8E8A-AE6E668279C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{08A37292-1720-4612-A132-6783DB669502}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C9EE3798-F835-41D1-855C-A9900678F8A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{3EAABE81-7092-4268-AF6C-EAA592CDF6DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DBA17BDF-F2E1-430C-B90E-F1A3A13D1BA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F42DA253-3AA5-46AE-AFA6-3429DDFECC65}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B878A9EC-F3DD-45AA-ACFE-941C4D8B6314}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{02E58002-3904-48BE-94D7-AEF6EE2BD4AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9EC7E59B-BEFC-437D-9945-456A165CEC1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{EFCD9998-DA65-4FD8-9AE3-061A01B0BAE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{98CE7484-8341-4A51-B083-E49719DABF9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{D97F3068-60D8-42B5-91EB-9A19FD460F9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{25F43728-6A01-4AF3-8F27-3AA0C4C349D7}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{20E1523F-DAC2-48FB-AFAF-231CD9771206}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{672C3371-8898-46B4-9CDB-18BE76894BDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6273189A-B47F-4ABE-873C-BC4E93238663}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0A885689-FEFC-4B00-AE00-FAC00FB2C78A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{91E0B321-DABB-4A50-934B-1E46893137CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{8144FE65-C841-4F3E-92DB-06F25D99A82A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7A290FE2-51B5-4023-8408-83776551E3DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8BF4B6A6-BFC9-4466-99DB-C7BE8BA05240}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{09CDD34C-833B-4330-BD7D-38ACEE090EEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE10AF99-3E18-4733-97B3-5740FF5BE509}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{B6BD89ED-E052-4832-B943-49C5C8D117A6}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C1E02006-5BC0-4EEC-8100-BF4F14F00737}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B180FAE8-1100-4375-BEA9-EDD0F0B629F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A46A103-A2B7-4BC8-8777-994710396755}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24B21B96-3F5F-4A35-BF35-53B09260BABA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5232D42C-9FBA-4855-8D05-D162B4A39B62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{AD4673C2-3F55-4BE2-B197-9C3450E92910}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{622BF3AF-BA30-42CB-BBE0-CA28A4A20DB8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{79503576-66E1-4867-82FE-70D991C01ADA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F714B44-4CB5-4C5F-B02C-C4FB35C95CE4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{86EE8BCC-EC4F-4470-A6F5-1385B541A8B1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D4A70D94-1A61-4221-A191-FDD1630618D3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{23B80B47-F3C8-4D84-9E52-0668D0F16A89}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B9E9A64E-62AC-4ABE-8CEA-8989ACDC83E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{809F9C4A-6476-47E8-8AB7-200BF53F30AA}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{E797E2C2-777C-48F5-96B4-2091AA025F30}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{62844DBC-9002-4A69-A5D2-E982157D0D36}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3C785191-1E25-4A0A-BCB4-6C6E0087C7B6}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{7AB81EEA-604D-4ADB-A12D-867993033986}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{6B1BFCC2-A4B6-458E-8D24-95EC7ADB8AC7}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{E9D2D388-E491-4DD7-B278-3BB932734DAF}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{3DDBB56C-F9DD-4572-97F9-2BB49DFF78C3}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C481E1CE-C2DB-4568-883B-ACFDACBE54ED}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{6D062E5A-E581-4FD9-8F69-54E6FA8D4420}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{FD97C704-D506-414B-AE30-F205A172464D}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{897BAF90-1D64-4B42-BA52-291201EFDB0E}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DDE564B7-DCF0-42FB-B015-115E00669C98}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CDD66ECF-1074-47F0-B67D-50728AE34F61}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{43DE52EC-DDCA-41FD-9B1C-7117E9592FE1}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{97A6F143-A83A-4A0B-9E63-B655A8C54C80}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{42882AF9-2CCA-43AF-81EA-35D09C43D568}] => (Allow) J:\Programs\Valve\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE1E1E00-EE24-4A7A-B4EC-C9E1E1CAB2C8}] => (Allow) J:\Programs\Valve\Steam\bin\steamwebhelper.exe
FirewallRules: [{41547868-2AF8-41FF-87CC-9363FD8D555F}] => (Allow) J:\Programs\Battle.net\Battle.net.exe
FirewallRules: [{CD72EFDB-30AE-4B51-BD5A-1584B54B6728}] => (Allow) J:\Programs\Battle.net\Battle.net.exe
FirewallRules: [{5A6156AF-12B5-4C4F-A3EF-0317BD3D312E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{B2F07098-4981-4BDA-8364-2DF9A3BC8DC5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{BA03FD10-CF0A-4EE3-9C8D-4492C67432E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{9B59AE15-90B8-44B5-9BEE-F3958AE0E9B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A02425FB-76CA-4B29-8754-7A88A23BF85B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{3329F535-3D5E-4DBE-BAAB-E225302E6C51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{D8D9D444-99D6-48ED-A772-4A06A934C14B}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{1473BED7-CE9A-476A-8E99-20B82E31C3DA}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{2E00A5C9-9276-45F9-810B-8A904CD60350}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS41F5\HPDiagnosticCoreUI.exe
FirewallRules: [{804A0D5E-C11B-4833-8F1D-3DC96DB79B1D}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS41F5\HPDiagnosticCoreUI.exe
FirewallRules: [{01E600B3-9F64-4152-B274-28E2464263EE}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS5995\HPDiagnosticCoreUI.exe
FirewallRules: [{6EBEEBB1-3561-4862-8804-FC708B49C02D}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS5995\HPDiagnosticCoreUI.exe
FirewallRules: [{38BFA610-FD0C-49DA-9E0A-9FF00B11EE74}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS76BC\setup\hpznui40.exe
FirewallRules: [{A86976E3-56E9-4112-86D1-7044B69C245C}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS6FA3\hppiw.exe
FirewallRules: [{D2AC25A1-9153-4CBF-BC6B-11A5935E8BD5}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS6FA3\hppiw.exe
FirewallRules: [{22F294AF-6F7D-489B-BAE6-9AFA89F4899A}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS71C4\hppiw.exe
FirewallRules: [{FC0E1769-239E-4ADA-B823-C9702E1E745E}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS71C4\hppiw.exe
FirewallRules: [{FB37C437-B682-4740-847F-665BFD4DD6FA}] => (Allow) J:\Programs\Battlefield 4\bf4_x86.exe
FirewallRules: [{8DE9D8F0-7220-4211-8BB3-EECE7CA13396}] => (Allow) J:\Programs\Battlefield 4\bf4_x86.exe
FirewallRules: [{CDAD35A0-D49D-4014-B74F-6D86050D3476}] => (Allow) J:\Programs\Battlefield 4\bf4.exe
FirewallRules: [{7CDDEDF5-FE7D-4709-9699-9591C46DFB5E}] => (Allow) J:\Programs\Battlefield 4\bf4.exe
FirewallRules: [{4259210B-4ACC-4635-B203-05BC08934423}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9F66D614-0489-44B2-8CD6-C274E454C8DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{44BE852C-C5EC-48B5-B541-634AEC821EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F16C3378-2277-4F44-9F26-68F04E5505D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7CCB4F6-D351-45B2-91E3-6D3F2F1B2367}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE3942A5-AE44-4C9E-9116-6F2B66164AF9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{AA2D4608-4C73-42E6-9D4C-716FDF217A42}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{6C3F8BF2-41FF-4242-82A3-495B05E97100}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{0B9543B7-B568-462E-BA88-FFB16B5A29DC}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{A0738FCC-5A0F-4DD3-9DCA-AD49F1BE2C33}] => (Allow) LPort=5357
FirewallRules: [{9C835B53-F721-418C-B516-14A259A9F387}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{71C26990-BB07-49B6-98E9-872B04804489}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS1A16\HPDiagnosticCoreUI.exe
FirewallRules: [{5750C242-F05B-446E-A859-CF76439154A5}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS1A16\HPDiagnosticCoreUI.exe
FirewallRules: [{20C2D803-A482-444F-8D06-D4ED264DA478}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{2502582C-F873-4960-8270-10A386270E4E}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{E0D6EE6F-20DF-407E-8B85-6249E0EB4EEC}] => (Allow) J:\Programs\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{59279579-A0BB-49B6-A5D6-4AD31DFBB47C}] => (Allow) J:\Programs\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{37421B36-54F0-457F-B087-242127A03142}] => (Allow) J:\Programs\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{85D9E911-9F2D-45E2-B96D-2507658E24C1}] => (Allow) J:\Programs\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{14710DA1-6225-42E3-B573-ED5D132DF40B}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{4C0BD878-234B-4BDD-8326-A4D99CF62BC9}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{96187D7E-0B2B-4F6E-B666-A484A90DBE6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BF56D6A8-D497-4CF5-BB20-869FBC50DAC1}] => (Allow) J:\Programs\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA89C779-7AC4-4FD9-9DD6-353EFC8956F3}] => (Allow) J:\Programs\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E27868CF-4AA8-420D-9B22-CF0BDFE906EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-07-2017 21:15:16 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-07-2017 21:15:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
28-07-2017 22:33:47 Windows Update
01-08-2017 18:00:01 Windows Backup

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart 2600 series
Description: Photosmart 2600 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2017 03:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000005
Fault offset: 0x000000000004da56
Faulting process id: 0xd20
Faulting application start time: 0x01d30d55a57faf73
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: e36ee0db-7948-11e7-aaed-bcaec50a5d40

Error: (08/04/2017 03:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915fe14
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x780
Faulting application start time: 0x01d30d54b22d13c6
Faulting application path: C:\Users\William\AppData\Local\Temp\DaS_21.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: f9024a14-7947-11e7-8214-bcaec50a5d40

Error: (08/04/2017 03:05:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])

Error: (08/04/2017 03:05:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = zoek.exe restore point; Error = 0x8007043c).

Error: (08/03/2017 09:29:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x6c8
Faulting application start time: 0x01d30cc119116c6b
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 6096c88e-78b4-11e7-ac80-bcaec50a5d40

Error: (08/03/2017 12:16:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x5f0
Faulting application start time: 0x01d30c0f478dca22
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 8eb3ef3a-7802-11e7-abbc-d29b9466f135

Error: (08/03/2017 12:15:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x51c
Faulting application start time: 0x01d30c0f29878ece
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 7111adb1-7802-11e7-abbc-d29b9466f135

Error: (08/03/2017 12:04:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 15.0.0.80, time stamp: 0x59407d82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000011000000
Faulting process id: 0x1798
Faulting application start time: 0x01d30c0d8fb0d8eb
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NIS.exe
Faulting module path: unknown
Report Id: cda74db2-7800-11e7-9744-bcaec50a5d40

Error: (08/03/2017 12:03:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000005
Fault offset: 0x000000000004da56
Faulting process id: 0x12c4
Faulting application start time: 0x01d30c0d7c7f16fa
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: baa37a48-7800-11e7-9744-bcaec50a5d40

Error: (08/02/2017 08:25:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915f98e
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x92c
Faulting application start time: 0x01d30b8a706b45e7
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: afba940d-777d-11e7-99d9-bcaec50a5d40

System errors:
=============
Error: (08/04/2017 03:23:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:23:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:23:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:23:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:23:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:23:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:20:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:20:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:20:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:18:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 16%
Total physical RAM: 6135.11 MB
Available physical RAM: 5131.11 MB
Total Virtual: 12268.4 MB
Available Virtual: 11326.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:27.72 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:931.51 GB) (Free:130.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 41B2C038)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 639628BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Will try to do this in normal Windows next



#7 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 August 2017 - 02:39 PM

So I rebooted the computer into Normal Windows mode and it was stable for about 2 minutes.  I was able to get FRST to run and give me a FRST.txt and Addition.txt before it locked up.  Same behavior as described above.

 

FRST.txt in Normal Mode

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by William (administrator) on WILLIAM-M6 (04-08-2017 15:28:27)
Running from C:\Users\William\Desktop
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\nis.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [681256 2009-01-13] (CyberLink Corporation.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2008-12-02] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\MountPoints2: {2f55cd45-c590-11e4-80ed-bcaec50a5d40} - K:\MotoCastSetup.exe -a
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\MountPoints2: {d8caf8ca-fe49-11e5-9ea5-bcaec50a5d40} - K:\MotoCastSetup.exe -a
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-04-20]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DFC8AAF2-A3F1-4713-BD0F-ABDE42783F17}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/
SearchScopes: HKU\S-1-5-21-466371979-3435322015-2013728622-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-466371979-3435322015-2013728622-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2017-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://my.xfinity.com/?cid=cust
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default [2017-08-04]
CHR Extension: (Google Slides) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-06]
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-06]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-06]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-12]
CHR Extension: (Google Sheets) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-30]
CHR Extension: (Norton Identity Safe) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-12]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-12] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NIS.exe [326144 2017-07-14] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; J:\Programs\Origin\OriginClientService.exe [2122248 2016-06-19] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20170731.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-12-31] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-12-31] (CyberLink Corporation.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20170802.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-11-22] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 15:28 - 2017-08-04 15:28 - 000021483 _____ C:\Users\William\Desktop\FRST.txt
2017-08-04 15:13 - 2017-08-04 15:13 - 000000000 ____D C:\Users\William\AppData\Local\VirtualStore
2017-08-04 15:11 - 2017-08-04 15:04 - 000024064 _____ C:\Windows\zoek-delete.exe
2017-08-04 15:04 - 2017-08-04 15:10 - 000000000 ____D C:\zoek_backup
2017-08-04 15:04 - 2017-08-04 15:04 - 001309184 _____ C:\Users\William\Desktop\zoek.exe
2017-08-03 21:16 - 2017-08-04 15:28 - 000000000 ____D C:\FRST
2017-08-03 21:15 - 2017-08-03 21:15 - 002381312 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
2017-08-02 23:55 - 2017-08-04 15:18 - 001016344 _____ C:\Windows\ntbtlog.txt
2017-08-02 23:01 - 2017-08-02 23:01 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-07-23 19:28 - 2017-07-23 19:28 - 000003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-07-23 19:28 - 2017-07-23 19:28 - 000000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2017-07-12 20:54 - 2017-06-30 00:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 20:54 - 2017-06-29 23:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 20:54 - 2017-06-29 22:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 20:54 - 2017-06-29 22:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 20:54 - 2017-06-29 22:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 20:54 - 2017-06-29 22:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 20:54 - 2017-06-29 22:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 20:54 - 2017-06-29 22:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 20:54 - 2017-06-29 22:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 20:54 - 2017-06-29 22:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 20:54 - 2017-06-29 22:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 20:54 - 2017-06-29 22:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 20:54 - 2017-06-29 22:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 20:54 - 2017-06-29 02:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 20:54 - 2017-06-29 02:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 20:54 - 2017-06-29 02:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 20:54 - 2017-06-29 02:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 20:54 - 2017-06-29 02:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 20:54 - 2017-06-29 02:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 20:54 - 2017-06-29 02:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 20:54 - 2017-06-29 01:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 20:54 - 2017-06-29 01:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 20:54 - 2017-06-29 01:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 20:54 - 2017-06-29 01:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 20:54 - 2017-06-29 01:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 20:54 - 2017-06-29 01:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 20:54 - 2017-06-29 01:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 20:54 - 2017-06-29 01:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 20:54 - 2017-06-29 01:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 20:54 - 2017-06-29 01:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 20:54 - 2017-06-29 01:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 20:54 - 2017-06-29 01:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 20:54 - 2017-06-29 01:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 20:54 - 2017-06-29 01:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 20:54 - 2017-06-29 01:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 20:54 - 2017-06-29 01:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 20:54 - 2017-06-29 01:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 20:54 - 2017-06-29 01:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 20:54 - 2017-06-29 01:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 20:54 - 2017-06-29 01:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 20:54 - 2017-06-29 01:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 20:54 - 2017-06-29 01:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 20:54 - 2017-06-29 01:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 20:54 - 2017-06-29 01:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 20:54 - 2017-06-29 01:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 20:54 - 2017-06-29 01:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 20:54 - 2017-06-29 01:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 20:54 - 2017-06-29 01:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 20:54 - 2017-06-29 01:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 20:54 - 2017-06-29 01:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 20:54 - 2017-06-29 01:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 20:54 - 2017-06-29 01:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 20:54 - 2017-06-29 00:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 20:54 - 2017-06-29 00:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 20:54 - 2017-06-29 00:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 20:54 - 2017-06-29 00:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 20:54 - 2017-06-29 00:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 20:54 - 2017-06-29 00:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 20:54 - 2017-06-29 00:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 20:54 - 2017-06-29 00:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 20:54 - 2017-06-29 00:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 20:54 - 2017-06-29 00:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 20:54 - 2017-06-29 00:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 20:54 - 2017-06-29 00:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 20:54 - 2017-06-29 00:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 20:54 - 2017-06-29 00:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 20:54 - 2017-06-29 00:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 20:54 - 2017-06-29 00:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 20:54 - 2017-06-29 00:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 20:54 - 2017-06-22 10:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 20:54 - 2017-06-15 16:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 20:54 - 2017-06-12 18:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 20:54 - 2017-06-12 18:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 20:54 - 2017-06-12 18:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 20:54 - 2017-06-12 18:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 20:54 - 2017-06-12 18:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 20:54 - 2017-06-12 18:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 20:54 - 2017-06-12 18:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 20:54 - 2017-06-12 18:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 20:54 - 2017-06-12 18:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 20:54 - 2017-06-12 18:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 20:54 - 2017-06-12 18:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 20:54 - 2017-06-12 18:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 20:54 - 2017-06-12 18:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 20:54 - 2017-06-12 18:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 20:54 - 2017-06-12 18:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 20:54 - 2017-06-12 18:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 20:54 - 2017-06-10 11:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 20:54 - 2017-06-10 11:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 20:54 - 2017-06-09 11:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 20:54 - 2017-06-06 11:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 20:54 - 2017-06-06 11:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 20:54 - 2017-05-30 00:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 20:54 - 2017-05-30 00:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 20:54 - 2017-05-30 00:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 20:54 - 2017-05-21 00:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 20:54 - 2017-05-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 20:54 - 2017-05-16 11:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 20:54 - 2017-05-16 11:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 20:54 - 2017-05-16 11:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-04 15:28 - 2014-08-04 22:53 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-04 15:28 - 2010-11-26 03:09 - 000000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2017-08-04 15:28 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-04 15:22 - 2009-07-14 01:13 - 000786578 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-04 15:22 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-04 15:06 - 2010-12-05 22:19 - 000000000 ____D C:\Users\William\AppData\Local\CrashDumps
2017-08-03 00:09 - 2016-11-03 20:36 - 000003030 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-08-03 00:09 - 2009-07-14 00:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-03 00:09 - 2009-07-14 00:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-02 23:02 - 2010-12-05 21:40 - 000000000 ____D C:\Users\William\Documents\Outlook Files
2017-08-02 22:57 - 2012-03-19 21:04 - 000000000 ____D C:\Users\William\AppData\Roaming\TS3Client
2017-07-30 20:33 - 2013-01-15 21:40 - 000000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-07-28 22:35 - 2009-07-13 22:34 - 000000513 _____ C:\Windows\win.ini
2017-07-28 22:34 - 2010-12-05 20:07 - 000778700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-23 19:53 - 2015-06-09 17:10 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-23 19:28 - 2015-07-03 13:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-07-23 19:28 - 2010-12-10 20:00 - 000002406 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-07-23 19:28 - 2010-12-10 20:00 - 000000000 ____D C:\Windows\system32\Drivers\NISx64
2017-07-23 18:08 - 2010-12-06 20:37 - 000000000 ____D C:\Users\Public\Documents\Sue's Docs
2017-07-23 15:26 - 2010-12-10 20:00 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-07-23 15:26 - 2010-12-10 20:00 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-07-13 14:49 - 2015-11-01 20:34 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 21:49 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-07-12 20:58 - 2009-07-14 00:45 - 000422608 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 20:56 - 2013-07-11 23:56 - 000000000 ____D C:\Windows\system32\MRT
2017-07-12 20:55 - 2010-12-05 03:50 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 20:51 - 2016-09-14 22:53 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 20:51 - 2016-09-14 22:53 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 20:51 - 2011-10-04 20:48 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-12 20:51 - 2010-12-06 20:35 - 000000000 ____D C:\Users\William\AppData\Local\Adobe
2017-07-12 20:51 - 2010-11-23 09:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2012-12-13 20:55 - 2012-12-13 20:55 - 000000017 _____ () C:\Users\William\AppData\Local\resmon.resmoncfg
2015-12-12 15:56 - 2015-12-12 15:56 - 000000057 _____ () C:\ProgramData\Ament.ini
2013-10-01 22:14 - 2015-12-12 11:42 - 000017441 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 08:42

==================== End of FRST.txt ============================

 

Addition.txt in Normal Mode

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by William (04-08-2017 15:28:48)
Running from C:\Users\William\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-23 13:02:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-466371979-3435322015-2013728622-500 - Administrator - Disabled)
Guest (S-1-5-21-466371979-3435322015-2013728622-501 - Limited - Disabled)
William (S-1-5-21-466371979-3435322015-2013728622-1000 - Administrator - Enabled) => C:\Users\William

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Call of Duty Black Ops - Remote Console (HKLM-x32\...\Steam App 42720) (Version:  - Treyarch)
Call of Duty® - World at War™ (HKLM-x32\...\{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War™ (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (HKLM-x32\...\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}) (Version: 1.1 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (HKLM-x32\...\InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (HKLM-x32\...\{E5141379-B2D9-4BBC-BB2A-5805541571DD}) (Version: 1.2 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (HKLM-x32\...\InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (HKLM-x32\...\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}) (Version: 1.3 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (HKLM-x32\...\InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (HKLM-x32\...\{3BD633E0-4BF8-4499-9149-88F0767D449C}) (Version: 1.4 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (HKLM-x32\...\InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch (HKLM-x32\...\InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.5 Patch (HKLM-x32\...\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}) (Version: 1.5 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version: 1.7 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version:  - Treyarch)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.10.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{14574B7F-75D1-4718-B7F2-EBF6E2862A35}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{199E6632-EB28-4F73-AECB-3E192EB92D18}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{25724802-CC14-4B90-9F3B-3D6955EE27B1}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{50193078-F553-4EBA-AA77-64C9FAA12F98}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{51D718D1-DA81-4FAD-919F-5C1CE3C33379}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{66F78C51-D108-4F0C-A93C-1CBE74CE338F}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{80D03817-7943-4839-8E96-B9F924C5E67D}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{97E5205F-EA4F-438F-B211-F1846419F1C1}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{99A7722D-9ACB-43F3-A222-ABC7133F159E}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{D4D244D1-05E0-4D24-86A2-B2433C435671}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes - FAKEMSI (HKLM-x32\...\{EAF636A9-F664-4703-A659-85A894DA264F}) (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2505 - CyberLink Corp.)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.4912 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.3605 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2523 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2206 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2217a - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1111 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
H&R Block Massachusetts 2010 (HKLM-x32\...\{B93677FD-F4C4-4CF9-9D44-B4F2F585D835}) (Version: 1.10.2301 - HRB Technology, LLC.)
H&R Block Massachusetts 2011 (HKLM-x32\...\{7F9C8D01-5B27-454F-8629-9EDAA1D9A0BC}) (Version: 1.11.2801 - HRB Technology, LLC.)
H&R Block Massachusetts 2012 (HKLM-x32\...\{0F648B9A-136F-4F8B-9917-81CB95C70210}) (Version: 1.12.2401 - HRB Technology, LLC.)
H&R Block Massachusetts 2013 (HKLM-x32\...\{F96C58CC-0184-4BF0-99A3-AB4461833E39}) (Version: 1.13.4301 - HRB Technology, LLC.)
H&R Block Massachusetts 2014 (HKLM-x32\...\{745EC575-8132-47BE-B8E6-141D08A74EF0}) (Version: 1.14.3501 - HRB Technology, LLC.)
H&R Block Massachusetts 2015 (HKLM-x32\...\{40A5D1EC-7F45-4306-8A39-18D2BE2D7F9A}) (Version: 1.15.4301 - HRB Technology, LLC.)
H&R Block Massachusetts 2016 (HKLM-x32\...\{16C7CF2E-18F4-42D4-8BF2-9E298D924E9B}) (Version: 1.16.4501 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2010 (HKLM-x32\...\{529A52D1-5521-436B-83AB-1322780DCDAD}) (Version: 10.06.6402 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7801 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2014 (HKLM-x32\...\{CDB1D329-A168-427D-837C-2075CDD3DC62}) (Version: 14.07.7401 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2015 (HKLM-x32\...\{388CC13F-FAC4-4D3E-83BF-C849E5D4552A}) (Version: 15.07.8101 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2016 (HKLM-x32\...\{955568EF-4BB1-4822-B2F4-931418CE2E46}) (Version: 16.07.6301 - HRB Technology, LLC.)
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version:  - Stripf Software)
HP ENVY 7640 series Basic Device Software (HKLM\...\{24BF3898-2667-4645-9448-8C6765B801A5}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.10.0.85 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1010 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.7 - Flagship Industries, Inc.)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WhoCrashed 4.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18DE598E-20AD-4E19-835F-C54E02599E61} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {20C11849-8A9C-4E5D-8865-428527EDB4CD} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-07-17] ()
Task: {4AF314F1-28D7-4959-AB1D-7271A99CFD12} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {4F1BC63E-8066-4DC1-8EA2-5D01546818A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5BD51A64-4E14-420E-A49B-01AA4510A52D} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {8E9BC8C1-F9C6-4008-9B4C-C425F2237763} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {AE7E0720-6319-4A73-AE36-70C15549668F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {C773B686-F784-484A-8C89-F99A7FE78BDC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {CA6B4015-6CDC-4BBB-BC92-2567AB9BB92C} - System32\Tasks\{D4ECABA3-0409-4C6B-9927-D1A6011FC059} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EVGA Precision X\uninstall.exe"
Task: {E3F47791-ADA4-4501-829E-6D18A6513BE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {EB64FD97-C5AA-427F-A1C3-EAEEC9C6803C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {F1BD699E-54BC-4B67-8A7E-4ACFE691B4E4} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2013-06-14] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-08-04 22:53 - 2015-12-16 10:53 - 000126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-02 11:00 - 2006-10-19 21:44 - 000047616 _____ () C:\Windows\System32\pdf995mon64.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-27 12:36 - 2016-06-14 21:14 - 000369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-11-27 12:36 - 2016-06-14 21:14 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-11-27 12:36 - 2016-06-14 21:14 - 003613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-18 22:11 - 2016-06-14 21:14 - 000289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2010-12-07 21:56 - 2013-12-26 13:23 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-11-26 03:13 - 2008-11-25 11:27 - 000247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-07-17 20:28 - 2013-07-17 20:28 - 000627016 _____ () C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
2013-06-14 06:19 - 2013-06-14 06:19 - 000185856 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2015-09-16 08:12 - 2015-09-16 08:12 - 000043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-11-27 12:36 - 2016-06-14 21:14 - 002667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-11-27 12:36 - 2016-06-14 21:14 - 001990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-11-27 12:36 - 2016-06-14 21:14 - 001842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-18 22:11 - 2016-06-14 21:14 - 000208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2012-08-30 13:46 - 2013-10-03 10:42 - 000069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2016-11-27 12:36 - 2016-06-14 21:14 - 000035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-11-27 12:36 - 2016-06-14 21:14 - 000921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2013-05-15 12:49 - 2013-05-15 12:49 - 000071680 _____ () C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
2013-05-15 12:48 - 2013-05-15 12:48 - 000056832 _____ () C:\Program Files (x86)\EVGA Precision X\RTFC.dll
2013-05-15 12:49 - 2013-05-15 12:49 - 000216064 _____ () C:\Program Files (x86)\EVGA Precision X\RTCore.dll
2013-05-15 12:49 - 2013-05-15 12:49 - 000127488 _____ () C:\Program Files (x86)\EVGA Precision X\RTUI.dll
2013-05-15 12:49 - 2013-05-15 12:49 - 000587776 _____ () C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
2013-06-13 07:32 - 2013-06-13 07:32 - 000124928 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2013-06-10 07:04 - 2013-06-10 07:04 - 000056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2013-06-10 07:04 - 2013-06-10 07:04 - 000127488 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2013-06-10 07:04 - 2013-06-10 07:04 - 000071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2015-04-04 13:28 - 2016-06-14 21:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2010-02-22 15:19 - 2010-02-22 15:19 - 002121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-02-22 15:19 - 2010-02-22 15:19 - 007745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-02-22 15:19 - 2010-02-22 15:19 - 000135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2012-08-30 13:39 - 2013-10-03 10:42 - 000112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2010-11-26 03:09 - 2007-04-10 19:01 - 008357424 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2008-08-27 20:32 - 2008-08-27 20:32 - 000619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 13:55 - 2008-06-09 13:55 - 000013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\William\Documents\B5 team photo.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\B5 team photo2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\chinese chicken salad.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\crunchy chicken.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\mini black bottom cheesecakes.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\Mom's apple kuchen.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\William\Documents\Nick physical 2014 p 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical 2014 p 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical page one 7-17-2015.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\Nick physical page one 7-17-2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\nick physical page two 7-17-2015.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\William\Documents\nick physical page two 7-17-2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\palatka letter info.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\William\Documents\palatka letter info.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\William\Documents\rec dept payroll info.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-466371979-3435322015-2013728622-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-11-09 10:31 - 000450817 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 15466 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-466371979-3435322015-2013728622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\William\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1141DED0-A927-4938-91EC-7E86D4241713}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{109E9C33-51C9-4214-A8D1-B58A2F9E97C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{C8730ECC-317E-44E5-AA58-6A15C55CAC5A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6F95071-A816-4348-83CE-5073D2CBB091}] => (Allow) LPort=2869
FirewallRules: [{B0C9CB0D-A440-4BA9-9899-0BDBDAEBDB38}] => (Allow) LPort=1900
FirewallRules: [{A2FDB530-CE1F-488C-A141-A70CA749DD87}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3760D58C-263C-45F1-9214-FDF9DBA936F0}] => (Allow) J:\Programs\Ventrilo\Ventrilo.exe
FirewallRules: [{27A67B43-2FBA-4F94-8C5B-E16C807BC15E}] => (Allow) J:\Programs\Ventrilo\Ventrilo.exe
FirewallRules: [{BBB1B859-7706-4A2C-B12D-8A7BA30087D9}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{D47F6E5F-F194-4522-A98E-B49B0F8E0AEB}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicCOH.exe
FirewallRules: [{A2DA6ED8-B498-466B-A634-33AA1CC7EB98}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{BA45CA11-6CCE-43F2-8A3A-C8AE8E06A528}] => (Allow) J:\Programs\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe
FirewallRules: [{F8B2D318-5E7E-4941-BF4E-2E11988CD3EC}] => (Allow) J:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [{A84822F6-5CE2-4602-B89D-2DC4AB121564}] => (Allow) J:\Programs\StarCraft II\StarCraft II.exe
FirewallRules: [{97874B3B-BBF6-48BD-B96B-4B336411C305}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{9265D3B2-8C16-4685-B2E2-CB36DE8155FA}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaWmp.exe
FirewallRules: [{EE1019BE-EDDB-4D43-B7CB-FB8D7A898F9A}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{AAEFDC45-B2B8-4538-BEFA-C3AA8A0ABA56}] => (Allow) J:\Programs\Activision\Call of Duty - World at War\CoDWaW.exe
FirewallRules: [{80ACA0AE-229D-49D0-AE62-D66D9A68E608}] => (Allow) J:\Programs\Valve\Steam\Steam.exe
FirewallRules: [{3D0315B7-0C26-4100-9631-C9F01D8B7026}] => (Allow) J:\Programs\Valve\Steam\Steam.exe
FirewallRules: [{82391BFF-7C17-408D-9805-039E3C7017F2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops rcon\BlackOpsRcon.exe
FirewallRules: [{D93256FC-07EE-4B0B-A775-EB855C7182BC}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops rcon\BlackOpsRcon.exe
FirewallRules: [{63C49B78-DD98-4323-85F2-45CBDB78372A}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\aliens vs predator demo\AvP.exe
FirewallRules: [{31F3DD45-E9CE-4D0B-86BC-0DC59251F97C}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\aliens vs predator demo\AvP.exe
FirewallRules: [{267D92AA-E32E-47CA-86DA-B205508CB0B2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{CAFD7E46-7CB6-49AB-B035-E27C5123529D}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{3CDFA29C-3E31-418B-BF06-05354138581F}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\alien swarm\srcds.exe
FirewallRules: [{303400D8-0A66-4DF3-A56E-25F725FFC262}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\alien swarm\srcds.exe
FirewallRules: [{F8C3871C-3294-4CB2-82D7-E9B958F39173}] => (Allow) J:\Programs\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{FAA94258-4092-47FE-89C4-5605C8877829}] => (Allow) J:\Programs\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{0D15743F-C4B4-402B-9EC0-21F124D156F6}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{604A14DE-5E0C-412B-8398-2B575A9B6D02}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{CC320441-1089-47F0-91ED-EB2EEFC80C3A}] => (Allow) J:\Programs\Activision\iw3mp.exe
FirewallRules: [{A6EF8CB6-2DC5-4926-9CD5-10AD0D459F28}] => (Allow) J:\Programs\Activision\iw3mp.exe
FirewallRules: [{9C129325-778E-46A9-9484-3146779654CB}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{6F5DE72E-294B-4D40-ACEA-63EC1E4747E7}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{2CF6C8D5-DF7F-4018-9623-0FD7A4C3D329}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{851A7F69-CC03-4B90-81CA-61AF0A615319}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{D367B2D8-AE13-462F-AB83-0B8635B4DBC2}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{F866FF2F-22EC-47B0-AB9D-DFC26B027394}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{FBD3C6B0-957B-4B9B-A1C6-C2317C43A94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E4CFC8EC-4F58-4984-80A8-AE45FF466943}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{05D0AF82-060C-412E-9FAF-430439DF431B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ADB0086C-6849-4040-8AE7-71681E3E10D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{3346850B-1024-4DFC-9DD7-2B921B060323}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{7012BD0A-228A-4664-898F-29016EA39FC4}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{AC452E3B-F0F8-46A7-A5F1-55EF31151018}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{E6BF2397-FD42-4DF7-8E8A-AE6E668279C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{08A37292-1720-4612-A132-6783DB669502}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C9EE3798-F835-41D1-855C-A9900678F8A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{3EAABE81-7092-4268-AF6C-EAA592CDF6DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DBA17BDF-F2E1-430C-B90E-F1A3A13D1BA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F42DA253-3AA5-46AE-AFA6-3429DDFECC65}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B878A9EC-F3DD-45AA-ACFE-941C4D8B6314}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{02E58002-3904-48BE-94D7-AEF6EE2BD4AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9EC7E59B-BEFC-437D-9945-456A165CEC1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{EFCD9998-DA65-4FD8-9AE3-061A01B0BAE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{98CE7484-8341-4A51-B083-E49719DABF9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{D97F3068-60D8-42B5-91EB-9A19FD460F9C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{25F43728-6A01-4AF3-8F27-3AA0C4C349D7}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{20E1523F-DAC2-48FB-AFAF-231CD9771206}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{672C3371-8898-46B4-9CDB-18BE76894BDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6273189A-B47F-4ABE-873C-BC4E93238663}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0A885689-FEFC-4B00-AE00-FAC00FB2C78A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{91E0B321-DABB-4A50-934B-1E46893137CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{8144FE65-C841-4F3E-92DB-06F25D99A82A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7A290FE2-51B5-4023-8408-83776551E3DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8BF4B6A6-BFC9-4466-99DB-C7BE8BA05240}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{09CDD34C-833B-4330-BD7D-38ACEE090EEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EE10AF99-3E18-4733-97B3-5740FF5BE509}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{B6BD89ED-E052-4832-B943-49C5C8D117A6}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C1E02006-5BC0-4EEC-8100-BF4F14F00737}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B180FAE8-1100-4375-BEA9-EDD0F0B629F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A46A103-A2B7-4BC8-8777-994710396755}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24B21B96-3F5F-4A35-BF35-53B09260BABA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5232D42C-9FBA-4855-8D05-D162B4A39B62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{AD4673C2-3F55-4BE2-B197-9C3450E92910}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{622BF3AF-BA30-42CB-BBE0-CA28A4A20DB8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{79503576-66E1-4867-82FE-70D991C01ADA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F714B44-4CB5-4C5F-B02C-C4FB35C95CE4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{86EE8BCC-EC4F-4470-A6F5-1385B541A8B1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D4A70D94-1A61-4221-A191-FDD1630618D3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{23B80B47-F3C8-4D84-9E52-0668D0F16A89}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B9E9A64E-62AC-4ABE-8CEA-8989ACDC83E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{809F9C4A-6476-47E8-8AB7-200BF53F30AA}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{E797E2C2-777C-48F5-96B4-2091AA025F30}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{62844DBC-9002-4A69-A5D2-E982157D0D36}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3C785191-1E25-4A0A-BCB4-6C6E0087C7B6}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{7AB81EEA-604D-4ADB-A12D-867993033986}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{6B1BFCC2-A4B6-458E-8D24-95EC7ADB8AC7}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{E9D2D388-E491-4DD7-B278-3BB932734DAF}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{3DDBB56C-F9DD-4572-97F9-2BB49DFF78C3}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C481E1CE-C2DB-4568-883B-ACFDACBE54ED}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{6D062E5A-E581-4FD9-8F69-54E6FA8D4420}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{FD97C704-D506-414B-AE30-F205A172464D}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{897BAF90-1D64-4B42-BA52-291201EFDB0E}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DDE564B7-DCF0-42FB-B015-115E00669C98}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CDD66ECF-1074-47F0-B67D-50728AE34F61}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{43DE52EC-DDCA-41FD-9B1C-7117E9592FE1}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{97A6F143-A83A-4A0B-9E63-B655A8C54C80}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{42882AF9-2CCA-43AF-81EA-35D09C43D568}] => (Allow) J:\Programs\Valve\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE1E1E00-EE24-4A7A-B4EC-C9E1E1CAB2C8}] => (Allow) J:\Programs\Valve\Steam\bin\steamwebhelper.exe
FirewallRules: [{41547868-2AF8-41FF-87CC-9363FD8D555F}] => (Allow) J:\Programs\Battle.net\Battle.net.exe
FirewallRules: [{CD72EFDB-30AE-4B51-BD5A-1584B54B6728}] => (Allow) J:\Programs\Battle.net\Battle.net.exe
FirewallRules: [{5A6156AF-12B5-4C4F-A3EF-0317BD3D312E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{B2F07098-4981-4BDA-8364-2DF9A3BC8DC5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{BA03FD10-CF0A-4EE3-9C8D-4492C67432E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{9B59AE15-90B8-44B5-9BEE-F3958AE0E9B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A02425FB-76CA-4B29-8754-7A88A23BF85B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{3329F535-3D5E-4DBE-BAAB-E225302E6C51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{D8D9D444-99D6-48ED-A772-4A06A934C14B}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{1473BED7-CE9A-476A-8E99-20B82E31C3DA}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{2E00A5C9-9276-45F9-810B-8A904CD60350}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS41F5\HPDiagnosticCoreUI.exe
FirewallRules: [{804A0D5E-C11B-4833-8F1D-3DC96DB79B1D}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS41F5\HPDiagnosticCoreUI.exe
FirewallRules: [{01E600B3-9F64-4152-B274-28E2464263EE}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS5995\HPDiagnosticCoreUI.exe
FirewallRules: [{6EBEEBB1-3561-4862-8804-FC708B49C02D}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS5995\HPDiagnosticCoreUI.exe
FirewallRules: [{38BFA610-FD0C-49DA-9E0A-9FF00B11EE74}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS76BC\setup\hpznui40.exe
FirewallRules: [{A86976E3-56E9-4112-86D1-7044B69C245C}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS6FA3\hppiw.exe
FirewallRules: [{D2AC25A1-9153-4CBF-BC6B-11A5935E8BD5}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS6FA3\hppiw.exe
FirewallRules: [{22F294AF-6F7D-489B-BAE6-9AFA89F4899A}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS71C4\hppiw.exe
FirewallRules: [{FC0E1769-239E-4ADA-B823-C9702E1E745E}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS71C4\hppiw.exe
FirewallRules: [{FB37C437-B682-4740-847F-665BFD4DD6FA}] => (Allow) J:\Programs\Battlefield 4\bf4_x86.exe
FirewallRules: [{8DE9D8F0-7220-4211-8BB3-EECE7CA13396}] => (Allow) J:\Programs\Battlefield 4\bf4_x86.exe
FirewallRules: [{CDAD35A0-D49D-4014-B74F-6D86050D3476}] => (Allow) J:\Programs\Battlefield 4\bf4.exe
FirewallRules: [{7CDDEDF5-FE7D-4709-9699-9591C46DFB5E}] => (Allow) J:\Programs\Battlefield 4\bf4.exe
FirewallRules: [{4259210B-4ACC-4635-B203-05BC08934423}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9F66D614-0489-44B2-8CD6-C274E454C8DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{44BE852C-C5EC-48B5-B541-634AEC821EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F16C3378-2277-4F44-9F26-68F04E5505D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7CCB4F6-D351-45B2-91E3-6D3F2F1B2367}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE3942A5-AE44-4C9E-9116-6F2B66164AF9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{AA2D4608-4C73-42E6-9D4C-716FDF217A42}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{6C3F8BF2-41FF-4242-82A3-495B05E97100}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{0B9543B7-B568-462E-BA88-FFB16B5A29DC}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{A0738FCC-5A0F-4DD3-9DCA-AD49F1BE2C33}] => (Allow) LPort=5357
FirewallRules: [{9C835B53-F721-418C-B516-14A259A9F387}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{71C26990-BB07-49B6-98E9-872B04804489}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS1A16\HPDiagnosticCoreUI.exe
FirewallRules: [{5750C242-F05B-446E-A859-CF76439154A5}] => (Allow) C:\Users\William\AppData\Local\Temp\7zS1A16\HPDiagnosticCoreUI.exe
FirewallRules: [{20C2D803-A482-444F-8D06-D4ED264DA478}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{2502582C-F873-4960-8270-10A386270E4E}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{E0D6EE6F-20DF-407E-8B85-6249E0EB4EEC}] => (Allow) J:\Programs\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{59279579-A0BB-49B6-A5D6-4AD31DFBB47C}] => (Allow) J:\Programs\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{37421B36-54F0-457F-B087-242127A03142}] => (Allow) J:\Programs\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{85D9E911-9F2D-45E2-B96D-2507658E24C1}] => (Allow) J:\Programs\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{14710DA1-6225-42E3-B573-ED5D132DF40B}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{4C0BD878-234B-4BDD-8326-A4D99CF62BC9}] => (Allow) J:\Programs\Valve\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{96187D7E-0B2B-4F6E-B666-A484A90DBE6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BF56D6A8-D497-4CF5-BB20-869FBC50DAC1}] => (Allow) J:\Programs\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA89C779-7AC4-4FD9-9DD6-353EFC8956F3}] => (Allow) J:\Programs\Valve\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E27868CF-4AA8-420D-9B22-CF0BDFE906EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-07-2017 21:15:16 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-07-2017 21:15:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
28-07-2017 22:33:47 Windows Update
01-08-2017 18:00:01 Windows Backup

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart 2600 series
Description: Photosmart 2600 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2017 03:24:24 PM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (1644) IndexedDb: Database recovery/restore failed with unexpected error -1216.

Error: (08/04/2017 03:24:24 PM) (Source: ESENT) (EventID: 494) (User: )
Description: DllHost (1644) IndexedDb: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\William\AppData\Local\Microsoft\Internet Explorer\Indexed DB\Internet.edb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (08/04/2017 03:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000005
Fault offset: 0x000000000004da56
Faulting process id: 0xd20
Faulting application start time: 0x01d30d55a57faf73
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: e36ee0db-7948-11e7-aaed-bcaec50a5d40

Error: (08/04/2017 03:06:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23807, time stamp: 0x5915fe14
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x780
Faulting application start time: 0x01d30d54b22d13c6
Faulting application path: C:\Users\William\AppData\Local\Temp\DaS_21.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: f9024a14-7947-11e7-8214-bcaec50a5d40

Error: (08/04/2017 03:05:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])

Error: (08/04/2017 03:05:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = zoek.exe restore point; Error = 0x8007043c).

Error: (08/03/2017 09:29:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x6c8
Faulting application start time: 0x01d30cc119116c6b
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 6096c88e-78b4-11e7-ac80-bcaec50a5d40

Error: (08/03/2017 12:16:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x5f0
Faulting application start time: 0x01d30c0f478dca22
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 8eb3ef3a-7802-11e7-abbc-d29b9466f135

Error: (08/03/2017 12:15:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Navw32.exe, version: 22.10.0.85, time stamp: 0x596940b9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000013000000
Faulting process id: 0x51c
Faulting application start time: 0x01d30c0f29878ece
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Navw32.exe
Faulting module path: unknown
Report Id: 7111adb1-7802-11e7-abbc-d29b9466f135

Error: (08/03/2017 12:04:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 15.0.0.80, time stamp: 0x59407d82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000011000000
Faulting process id: 0x1798
Faulting application start time: 0x01d30c0d8fb0d8eb
Faulting application path: C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NIS.exe
Faulting module path: unknown
Report Id: cda74db2-7800-11e7-9744-bcaec50a5d40

System errors:
=============
Error: (08/04/2017 03:25:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:25:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:25:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/04/2017 03:23:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 27%
Total physical RAM: 6135.11 MB
Available physical RAM: 4454.64 MB
Total Virtual: 12268.4 MB
Available Virtual: 10607.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:27.73 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:931.51 GB) (Free:130.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 639628BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 41B2C038)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Waiting on next steps.

 

Another question - I have other computers in my house but have kept them off my network router since this happened.  I want to avoid infection.  Can I put these computers safely back on my home network if I keep the questionable one off?  Or should I wait to do that until we make progress with this computer?  I do not want to cross contaminate machines.

 

And again - thanks for the help.

 

KKrusher



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 05 August 2017 - 07:53 AM



Hi,

I do not see any malware on this computer.

However both the Norton and Windows 7 Firewalls are enabled.
This is not good. You should never have 2 Firewall in the enabled.

Disable to Windows 7 firewall.
https://www.computerhope.com/issues/ch000551.htm

Let me know the status of this computer.

===

My assumption at the moment are

1 - Norton could be corrupted/damaged (see the NIS errors on your Addition.txt log.

2 - The computer closing without a BSOD could mean hardware/drive problems or bad RAM.


p.s.
I also noticed that your Restore points service is not working.
===


Another question - I have other computers in my house but have kept them off my network router since this happened. I want to avoid infection. Can I put these computers safely back on my home network


I would connect one Computer and test for a few hours. If all is well do an other ONE etc..

If you have problems with any of them please start new topic for each compromised computer.
We only serve one computer per topic.

You can post the URL of the topic in your next reply and I will expedite the matter.

#9 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 05 August 2017 - 11:23 AM

Dear Nasdaq,

 

Thank you for the quick reply.  I booted up the computer today into normal mode and checked the Windows firewall.  It was indeed on.  The computer locked up before I could change the settings.  I rebooted into Safe Mode with Networking and turned off the Windows firewall.  I rebooted into Normal Mode and there was no change in behavior.  The computer booted, I confirmed that Windows firewall was off, and after about 1 minute the computer locked up.  I am back in Safe Mode with Networking now.  It seems stable here.

 

I checked my RAM sticks when this first happened.  No matter what ram sticks I put in the computer I saw this same behavior (lock ups in Normal but okay in Safe Mode).  I have not checked the health of my hard drive.  And I am very concerned about the Restore Points Service.  I have scheduled back ups so why that is not working confuses me.  I guess if my Norton had a bad update that could cause this but how do I fix this in its current state?

 

Please advise.  And again thanks for the help!

 

KKrusher



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 05 August 2017 - 01:22 PM


Boot to Safe Mode with Networking.
Run this tool in Safe mode.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

#11 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 05 August 2017 - 02:30 PM

Dear Nasdaq,

 

Thanks for the instructions.  I will work on them next.

 

Just so you know, I was on one of my other computers for about 2 hours and had no issues.  It is an older WinXP system I hung on to just in case of emergencies.  Will test the other one later. 

 

On to your instructions...

 

KKrusher



#12 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 05 August 2017 - 02:45 PM

Dear Nasdaq,

 

I just completed your instructions and have rebooted into Safe Mode with Networking.  When Zoek was running, in its very first steps and error message popped up.  It said that "DaS21.exe had stopped working and needed to close".  It seemed like Zoek was no longer running, so I clicked on the "close program" option for DaS21.exe.  The error message closed and Zoek kept running.  The log is attached below:

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by William on Sat 08/05/2017 at 15:31:25.49.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\William\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-08-04-191306.log 6405 bytes

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\Users\William\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon" [07/23/2017 07:28 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon" [07/23/2017 07:28 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx[07/14/2017 05:15 PM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Norton Security Toolbar - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Media Router - William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://my.xfinity.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://my.xfinity.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=41 folders=52 107492238 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\William\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\William\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 08/05/2017 at 15:40:33.82 ======================

 

I will boot into normal mode, see how things run and post back in a couple of minutes.

 

KKrusher



#13 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 05 August 2017 - 02:58 PM

Dear Nasdaq,

 

I booted into Windows normal mode.  It took a little longer for the desktop to come up but it did.  It sat for a couple of minutes, the cursor changed to spinning a couple of times and then the same behavior.  It locked up.  Let me give a little more information, when I mean locked up, the mouse cursor is an arrow and moves fine on the desktop.  Nothing will open or highlight or right click however.  I can do nothing from the keyboard either.

 

Still in the same situation...no joy.  Please advise.  And thanks for the continued help!

 

KKrusher



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 06 August 2017 - 07:45 AM

Run this tool in Safe Mode with Networking.
Powerlinks_Cleaner.

Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Keep me posted

#15 KKrusher

KKrusher
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 06 August 2017 - 11:39 AM

Dear Nasdaq,

 

I ran your instructions.  No Poweliks infection found.  Log attached below.  I have not provided you any new FRST logs in a while.  Do you need new ones?

 

Log file:

 

[2017.08.06 12:35:22.719] - Begin
[2017.08.06 12:35:22.719] -
[2017.08.06 12:35:22.719] -     ....................................
[2017.08.06 12:35:22.719] -   ..::::::::::::::::::....................
[2017.08.06 12:35:22.719] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2017.08.06 12:35:22.719] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.2.0
[2017.08.06 12:35:22.719] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Feb 28 2017
[2017.08.06 12:35:22.719] -  .::EE:::::::::::::SS:.EE..........TT......
[2017.08.06 12:35:22.719] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2017.08.06 12:35:22.719] -   ..::::::::::::::::::....................    1992-2017. All rights reserved.
[2017.08.06 12:35:22.719] -     ....................................
[2017.08.06 12:35:22.719] -
[2017.08.06 12:35:22.719] - --------------------------------------------------------------------------------
[2017.08.06 12:35:22.719] -
[2017.08.06 12:35:22.719] - INFO: OS: 6.1.7601 SP1
[2017.08.06 12:35:22.719] - INFO: Product Type: Workstation
[2017.08.06 12:35:22.719] - INFO: WoW64: True
[2017.08.06 12:35:22.719] - INFO: Machine guid: 3E7D094B-ACBD-404B-9B61-419B6A11F8D8
[2017.08.06 12:35:22.719] -
[2017.08.06 12:35:22.719] - INFO: Scanning for system infection...
[2017.08.06 12:35:22.719] - --------------------------------------------------------------------------------
[2017.08.06 12:35:22.719] -
[2017.08.06 12:35:22.719] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2017.08.06 12:35:22.719] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2017.08.06 12:35:22.719] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2017.08.06 12:35:22.719] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2017.08.06 12:35:22.719] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2017.08.06 12:35:22.719] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2017.08.06 12:35:22.719] - INFO: Processing classes...
[2017.08.06 12:35:22.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-466371979-3435322015-2013728622-1000\SOFTWARE\Classes\CLSID\{3BDE30A3-D07E-D702-DD89-CC6E47CFEC31}]
[2017.08.06 12:35:22.734] - INFO: Processing clsid [\Registry\User\S-1-5-21-466371979-3435322015-2013728622-1000\SOFTWARE\Classes\CLSID\{736C773A-36F2-F015-A859-A2D9C303D66E}]
[2017.08.06 12:35:22.734] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2017.08.06 12:35:22.734] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2017.08.06 12:35:22.734] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2017.08.06 12:35:22.734] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2017.08.06 12:35:22.734] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2017.08.06 12:35:22.734] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2017.08.06 12:35:22.734] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2017.08.06 12:35:22.734] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2017.08.06 12:35:22.734] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2017.08.06 12:35:22.734] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2017.08.06 12:35:22.734] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2017.08.06 12:35:22.734] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2017.08.06 12:35:22.734] - INFO: (XSW) Scanning for XSW variant...
[2017.08.06 12:35:22.734] - INFO: Processing [HKCU\Classes\*\shell\open\command]
[2017.08.06 12:35:22.734] - INFO: Processing [SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[2017.08.06 12:35:22.734] - INFO: Win32/Poweliks Win32/Kovter not found
[2017.08.06 12:35:25.215] - End

 

Since nothing has changed I have not attempted to boot back into Normal Windows mode.  Please advise to next steps and thanks again for the help!

 

KKrusher
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users