Jump to content


Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum! Like most online communities you must first register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

Please read over Welcome To 247Fixes to learn more about our site.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
  • Add events to our community calendar
  • Get your own profile and make new friends
  • Customize your experience here
Guest Message by DevFuse
 

Photo

Am I Infected?


  • Please log in to reply
17 replies to this topic

#1 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 25 November 2017 - 11:30 AM

was on my computer on 11/23/17 when the screen went black,about 30 seconds later it came back on but looked totally different. everythjng on desktop had moved and was different looking when i opened up a file folder it looked like i had a very earlier version of a windows operating system even in the internet the tabs and search bar look earlier windows but computer still says operating win 10

had a hard time creating restore point but was able

norton won't allow frst do i disable

mbam log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/24/2017
Scan Time: 9:19 PM
Logfile: mbam1124.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.11.24.06
Rootkit Database: v2017.10.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: dad's toy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 523718
Time Elapsed: 33 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#2 seedy21

seedy21

    Advanced Forum Junkie

  • Administrator
  • 129 posts
  • Gender:Male
  • Location:West Yorkshire, UK
  • Interests:IT, malware removal and Radio Stations

Posted 25 November 2017 - 04:39 PM

Hello 4Skag

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

norton won't allow frst do i disable

You will need to disable Norton when you run FRST.


Please note Farbar Recovery Scan Tool has two versions. Please visit How to tell if you are running a 32-bit or 64-bit version of Windows to see which version you need for your system.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.



#3 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 26 November 2017 - 11:38 AM

sorry for the delay computer did a lengthy windows update

got frst to work

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
Ran by dad's toy (administrator) on DEC2010 (26-11-2017 06:27:17)
Running from C:\Users\dad's toy\Downloads
Loaded Profiles: dad's toy (Available Profiles: dad's toy & Administrator)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\nsbu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\nsbu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1171480 2017-09-27] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-12-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-07-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-12-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-07-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\dad's toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fa1204f1-7136-433c-9662-ed5517bf784c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.jw.org/
SearchScopes: HKLM -> {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {BF8B6B74-025D-48FF-BF15-8118EF25D913} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BF8B6B74-025D-48FF-BF15-8118EF25D913} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000 -> {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={F576B9A6-D3E1-4B4F-B4E2-C9627B615574}&mid=7457f70a072247d29b3f05cc227f799c-db705dca175027c62438171fd54e33ad94cf8f17&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-07-21 17:48:39&v=18.1.8.643&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000 -> {BF8B6B74-025D-48FF-BF15-8118EF25D913} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-20] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-07-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-20] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine32\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-07-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine32\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7F245E01-651F-48E5-8A85-4752EC65E4ED} hxxp://hensandgardens.dyndns.org:1024/Cisco210Viewer.cab
DPF: HKLM-x32 {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40530.7121180556
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\dad's toy\AppData\Roaming\Mozilla\Firefox\Profiles\hy0oml5u.default-1456525307174 [2017-11-26]
FF Extension: (Norton Safe Search) - C:\Users\dad's toy\AppData\Roaming\Mozilla\Firefox\Profiles\hy0oml5u.default-1456525307174\Extensions\[email protected] [2017-11-23]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\dad's toy\AppData\Roaming\Mozilla\Firefox\Profiles\hy0oml5u.default-1456525307174\features\{9dfc4305-3f54-4583-8cbb-045acf76ac34}\[email protected] [2017-11-24] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-03] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-19] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn => not found
FF HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1852320340-3763420829-3560972882-1000: @hulu.com/Hulu Desktop -> C:\Users\dad's toy\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-24]
CHR Extension: (Google Docs) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-24]
CHR Extension: (Google Drive) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-24]
CHR Extension: (YouTube) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-24]
CHR Extension: (Google Search) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-24]
CHR Extension: (Google Sheets) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-24]
CHR Extension: (Hola Better Internet) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-24]
CHR Extension: (Norton Identity Safe) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-24]
CHR Extension: (Girl haven) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jicldofcnocabdemldgcbockgjcgpiok [2014-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-09-24]
CHR Extension: (TextNow) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjdngkmnogclafejjgbgjjegoaahihg [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-09-24]
CHR Extension: (Gmail) - C:\Users\dad's toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950848 2016-07-04] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
S2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\NSBU.exe [326144 2017-11-10] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\BASHDefs\20171120.003\BHDrvx64.sys [1872024 2017-10-11] (Symantec Corporation)
R1 ccSet_NSBU; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\ccSetx64.sys [187544 2017-11-10] (Symantec Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 CpqDfw; C:\WINDOWS\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-10-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158360 2017-10-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.1.0.9\Definitions\IPSDefs\20171124.001\IDSvia64.sys [1056920 2017-10-13] (Symantec Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 SRTSP; C:\WINDOWS\System32\Drivers\NSBUx64\160B020.007\SRTSP64.SYS [812696 2017-11-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\SRTSPX64.SYS [49304 2017-11-10] (Symantec Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [15712 2013-02-02] ()
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSBUx64\160B020.007\SYMEFASI64.SYS [1938584 2017-11-10] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSBUx64\160B020.007\SymELAM.sys [24608 2017-11-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\Ironx64.SYS [309984 2017-11-10] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSBUx64\160B020.007\SYMNETS.SYS [566936 2017-11-10] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 06:27 - 2017-11-26 06:28 - 000028029 _____ C:\Users\dad's toy\Downloads\FRST.txt
2017-11-26 06:25 - 2017-11-26 06:27 - 000000000 ____D C:\FRST
2017-11-26 06:25 - 2017-11-26 06:26 - 000001559 _____ C:\Users\dad's toy\Desktop\FRST64.exe - Shortcut.lnk
2017-11-26 06:24 - 2017-11-26 06:24 - 002393088 _____ (Farbar) C:\Users\dad's toy\Downloads\FRST64.exe
2017-11-26 06:07 - 2017-11-26 06:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-26 06:07 - 2017-11-26 06:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-26 06:05 - 2017-11-26 06:05 - 000000000 ___HD C:\Users\dad's toy\MicrosoftEdgeBackups
2017-11-26 06:03 - 2017-11-26 06:03 - 000000020 ___SH C:\Users\dad's toy\ntuser.ini
2017-11-26 06:00 - 2017-11-26 06:01 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-11-26 06:00 - 2017-11-26 06:01 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-11-26 05:57 - 2017-11-26 05:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Identity Safe
2017-11-26 05:38 - 2017-11-26 06:11 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1852320340-3763420829-3560972882-1000
2017-11-26 05:38 - 2017-11-26 05:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2017-11-26 05:38 - 2017-11-26 05:38 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-26 05:38 - 2017-11-26 05:38 - 000003302 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D42A4610-65D5-4F86-A00B-E6E5E2004080}
2017-11-26 05:38 - 2017-11-26 05:38 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-26 05:38 - 2017-11-26 05:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-26 05:38 - 2017-11-26 05:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1852320340-3763420829-3560972882-1000
2017-11-26 05:38 - 2017-11-26 05:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-11-26 05:38 - 2017-11-26 05:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-11-26 05:29 - 2017-11-26 05:29 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-26 05:29 - 2017-11-26 05:29 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-26 05:29 - 2017-11-26 05:29 - 000000000 ____D C:\ProgramData\USOShared
2017-11-26 05:29 - 2017-11-26 05:29 - 000000000 ____D C:\ProgramData\USOShared
2017-11-26 05:22 - 2017-11-26 06:21 - 000000000 ____D C:\Users\dad's toy\AppData\Local\Packages
2017-11-26 05:21 - 2017-11-26 06:05 - 000000000 ____D C:\Users\dad's toy
2017-11-26 05:21 - 2017-11-26 05:42 - 000928828 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-26 05:21 - 2017-11-26 05:40 - 000000000 ____D C:\Users\Administrator
2017-11-26 05:19 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-26 05:17 - 2017-11-26 06:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-25 19:55 - 2017-11-26 06:02 - 000000000 ____D C:\Windows.old
2017-11-25 16:59 - 2017-11-26 05:35 - 000438800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-25 16:28 - 2017-11-18 16:50 - 000008471 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-11-25 16:28 - 2017-05-21 18:12 - 000102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-11-25 16:27 - 2017-11-25 16:27 - 000000000 ___DL C:\Users\Public\Recorded TV (1)
2017-11-25 16:26 - 2017-11-25 19:55 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-25 16:26 - 2017-11-25 16:26 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-11-25 16:24 - 2017-11-25 16:26 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-25 16:20 - 2017-11-25 16:20 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-25 16:20 - 2017-11-25 16:20 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-25 16:20 - 2017-11-25 16:20 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-25 16:20 - 2017-11-25 16:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-25 16:19 - 2017-11-25 16:19 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-25 16:19 - 2017-11-25 16:19 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-25 16:19 - 2017-11-25 16:19 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-25 16:12 - 2017-11-25 16:12 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-25 16:12 - 2017-11-25 16:12 - 000000000 ____D C:\Program Files\MSBuild
2017-11-25 16:12 - 2017-11-25 16:12 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-11-25 16:12 - 2017-11-25 16:12 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-25 16:11 - 2017-11-25 16:11 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-25 16:11 - 2017-11-25 16:11 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-11-25 16:11 - 2017-11-25 16:11 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-25 16:11 - 2017-11-25 16:11 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-11-25 16:11 - 2017-11-25 16:11 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-11-25 16:11 - 2017-11-25 16:11 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-25 15:57 - 2017-11-25 15:57 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-25 08:44 - 2017-11-26 06:02 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-25 07:10 - 2017-11-25 07:10 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{B4C3997B-7C87-4F41-93C3-FC3E4292599B}
2017-11-24 22:31 - 2017-11-24 22:31 - 000000000 ___HD C:\$SysReset
2017-11-24 22:05 - 2017-11-24 22:05 - 000000823 _____ C:\Users\dad's toy\Desktop\mbam1124.txt - Shortcut.lnk
2017-11-24 22:02 - 2017-11-24 22:02 - 000001049 _____ C:\mbam1124.txt
2017-11-24 11:33 - 2017-11-24 11:33 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{B8C36E70-96D0-432D-80AE-DC3A0B3D68BC}
2017-11-23 21:04 - 2017-11-23 21:04 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{A6392955-7190-440F-B977-D8E00C677307}
2017-11-23 06:17 - 2017-11-23 06:17 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{F85F7625-1954-4247-8DBA-C86036E0358F}
2017-11-22 17:06 - 2017-11-22 17:06 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{4A981157-48F1-4A6F-9FE4-71A0641BBE4C}
2017-11-22 05:04 - 2017-11-22 05:04 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{17297AA9-C8F2-4CD7-AF7E-DF73F1C1958D}
2017-11-21 16:37 - 2017-11-21 16:37 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{C3738B8E-5611-45D9-B304-58002E2B04DE}
2017-11-20 20:48 - 2017-11-20 20:48 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{AE7124EF-7074-4E78-B16D-CF0F7F7B12D8}
2017-11-20 08:48 - 2017-11-20 08:48 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{21B4024A-170C-4417-AE47-88C5E26D7001}
2017-11-19 19:49 - 2017-11-19 19:49 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{17A642BB-3962-407E-9818-9C8FBC9AE30A}
2017-11-19 07:49 - 2017-11-19 07:49 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{FC16B37C-A043-4927-8BD1-75868A501C14}
2017-11-18 19:49 - 2017-11-18 19:49 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{6DF78CDF-5A55-4801-BC86-8E4941E610BA}
2017-11-18 06:16 - 2017-11-18 06:16 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{28697AC4-CB6D-41F5-A753-FAF73E01225F}
2017-11-17 18:16 - 2017-11-17 18:16 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{5696A18A-3374-40A7-8730-D9C388D23699}
2017-11-17 06:16 - 2017-11-17 06:16 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{A27582CC-58DE-437A-8612-6D84FE5858B6}
2017-11-16 18:05 - 2017-11-16 18:05 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{BF8156A3-F977-480A-B567-62FFF7F9F61B}
2017-11-16 05:57 - 2017-11-16 05:57 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{64AB048D-DFAA-463D-A415-CD6F5D8DE65D}
2017-11-15 14:55 - 2017-11-15 14:55 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{8D773AE8-15C4-44AC-A43E-67643AC6F1E6}
2017-11-14 19:44 - 2017-11-14 19:45 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{D7EE8697-5B9D-4D68-98BA-0FFE87356B55}
2017-11-14 07:44 - 2017-11-14 07:44 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{FE393744-411B-41B4-9232-1B64414EDFA5}
2017-11-13 19:44 - 2017-11-13 19:44 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{BC13B198-1B6F-43A6-B0E7-49741159F25D}
2017-11-12 16:09 - 2017-11-12 16:09 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{609250C0-06B5-487B-BFB3-F8B6C4BA33DE}
2017-11-11 17:54 - 2017-11-11 17:54 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{1DFEF06B-06FE-464C-8506-146972527625}
2017-11-11 05:54 - 2017-11-11 05:54 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{BF3473D4-3253-42FD-A064-2BB665A72B40}
2017-11-10 17:53 - 2017-11-10 17:53 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{2814F458-B1FA-42DE-B093-DCD51AD2C99F}
2017-11-09 18:16 - 2017-11-09 18:16 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{8FD40887-BF61-41E9-96C5-451F1F73F40B}
2017-11-08 18:33 - 2017-11-08 18:33 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{CB98BC30-9C49-4E6D-B23D-08F2C20C398E}
2017-11-07 16:47 - 2017-11-07 16:47 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{F8CE4C75-74B5-4A6E-B2C4-1BF5587E3E41}
2017-11-06 16:31 - 2017-11-06 16:31 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{2AFCA6F5-1EF8-4815-9561-44C9CEF4F6D5}
2017-11-04 05:33 - 2017-11-04 05:33 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{85FF6ED9-635E-45EB-83CD-ED218D411E24}
2017-11-03 17:15 - 2017-11-03 17:15 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{161D6500-4527-4C26-A11C-2B20EF696CD4}
2017-11-03 05:15 - 2017-11-03 05:15 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{E54F5188-4674-48EB-96CD-BF5BD4B93152}
2017-11-02 15:46 - 2017-11-02 15:46 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{C21E347B-51D4-419E-93F9-D4CC4E726E8C}
2017-11-01 19:38 - 2017-11-01 19:38 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{109FF4C0-6CC9-4E5D-9B0E-FAFB9DAE4A72}
2017-10-31 09:28 - 2017-10-31 09:28 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{C38370B4-CD20-46F0-94EA-94521B0E5948}
2017-10-30 19:38 - 2017-10-30 19:38 - 000000000 ____D C:\ProgramData\LightScribe
2017-10-30 19:38 - 2017-10-30 19:38 - 000000000 ____D C:\ProgramData\LightScribe
2017-10-30 19:33 - 2017-10-30 19:33 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{BCC92A2C-95D2-43B7-BB41-4BB150ACD03F}
2017-10-29 15:18 - 2017-11-24 18:27 - 000000000 ____D C:\Users\dad's toy\Documents\PCSX2
2017-10-27 16:30 - 2017-10-27 16:30 - 000000000 ____D C:\Users\dad's toy\AppData\Local\{4B15120A-F883-4D7A-AA1B-1674CCF724C4}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 06:21 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-26 06:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-26 06:14 - 2016-11-17 19:54 - 000000000 ____D C:\Users\dad's toy\AppData\LocalLow\Mozilla
2017-11-26 06:11 - 2016-07-25 17:26 - 000002420 _____ C:\Users\dad's toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-26 06:11 - 2014-09-08 19:54 - 000000000 ___RD C:\Users\dad's toy\OneDrive
2017-11-26 06:04 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-26 06:04 - 2016-07-25 17:20 - 000000000 ____D C:\Users\dad's toy\AppData\Local\TileDataLayer
2017-11-26 06:03 - 2016-11-20 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-26 06:03 - 2016-08-13 15:18 - 000000000 ___RD C:\Users\dad's toy\3D Objects
2017-11-26 05:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-26 05:49 - 2010-12-13 20:22 - 000032220 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-26 05:48 - 2017-09-29 08:46 - 000000000 __RSD C:\WINDOWS\media
2017-11-26 05:33 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-26 05:33 - 2011-11-20 08:35 - 000000000 ____D C:\Users\dad's toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2017-11-26 05:33 - 2010-12-14 17:03 - 000000000 ____D C:\Users\dad's toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-11-26 05:29 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-26 05:29 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-26 05:29 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-26 05:27 - 2011-01-06 17:01 - 000000000 ____D C:\Users\dad's toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MumboJumbo
2017-11-26 05:20 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-26 05:20 - 2016-07-25 07:25 - 000886066 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-11-26 05:19 - 2017-07-19 20:49 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-25 19:58 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-25 19:55 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\IME
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\schemas
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Help
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-25 19:55 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-25 19:55 - 2017-06-15 16:49 - 000000000 ____D C:\Program Files\UNP
2017-11-25 19:55 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-25 19:55 - 2017-03-17 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library
2017-11-25 19:55 - 2017-03-17 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library
2017-11-25 19:55 - 2016-07-25 11:02 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-11-25 19:55 - 2016-06-05 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2015
2017-11-25 19:55 - 2016-06-05 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2015
2017-11-25 19:55 - 2016-04-01 17:11 - 000000000 ____D C:\Program Files\Intel
2017-11-25 19:55 - 2015-12-12 08:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-11-25 19:55 - 2015-12-12 08:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-11-25 19:55 - 2015-11-17 05:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-11-25 19:55 - 2015-11-17 05:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-11-25 19:55 - 2015-01-30 16:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2017-11-25 19:55 - 2015-01-30 16:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2017-11-25 19:55 - 2015-01-18 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
2017-11-25 19:55 - 2015-01-18 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
2017-11-25 19:55 - 2014-07-21 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-11-25 19:55 - 2014-07-21 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-11-25 19:55 - 2014-05-17 08:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-11-25 19:55 - 2014-05-17 08:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-11-25 19:55 - 2014-01-28 19:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2017-11-25 19:55 - 2014-01-28 19:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2017-11-25 19:55 - 2014-01-19 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-25 19:55 - 2014-01-19 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-25 19:55 - 2013-12-02 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2
2017-11-25 19:55 - 2013-12-02 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2
2017-11-25 19:55 - 2013-11-08 15:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-11-25 19:55 - 2013-03-14 02:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-25 19:55 - 2013-03-14 02:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-25 19:55 - 2012-06-29 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-11-25 19:55 - 2012-06-29 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-11-25 19:55 - 2012-05-01 17:03 - 000000000 ____D C:\WINDOWS\en
2017-11-25 19:55 - 2011-12-05 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-11-25 19:55 - 2011-12-05 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-11-25 19:55 - 2011-04-23 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
2017-11-25 19:55 - 2011-04-23 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
2017-11-25 19:55 - 2011-04-23 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
2017-11-25 19:55 - 2011-04-23 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Problem Report Wizard
2017-11-25 19:55 - 2011-03-05 11:35 - 000000000 ____D C:\WINDOWS\system32\SPReview
2017-11-25 19:55 - 2011-03-05 11:34 - 000000000 ____D C:\WINDOWS\system32\EventProviders
2017-11-25 19:55 - 2010-12-19 07:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-11-25 19:55 - 2010-12-19 07:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-11-25 19:55 - 2010-12-13 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-11-25 19:55 - 2010-12-13 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-11-25 19:55 - 2010-12-02 05:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2017-11-25 19:55 - 2010-12-02 05:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2017-11-25 19:55 - 2010-08-14 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2017-11-25 19:55 - 2010-08-14 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2017-11-25 19:55 - 2010-08-14 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2017-11-25 19:55 - 2010-08-14 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2017-11-25 19:55 - 2010-08-14 18:27 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2017-11-25 19:55 - 2010-08-14 18:27 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2017-11-25 19:55 - 2010-08-14 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2017-11-25 19:55 - 2010-08-14 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2017-11-25 19:55 - 2010-08-14 18:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2017-11-25 19:55 - 2010-08-14 18:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2017-11-25 19:55 - 2010-08-14 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2017-11-25 19:55 - 2010-08-14 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2017-11-25 19:55 - 2010-08-14 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-11-25 19:55 - 2010-08-14 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-11-25 19:55 - 2010-08-14 18:09 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2017-11-25 19:55 - 2010-08-14 18:09 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2017-11-25 19:55 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-25 19:55 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-25 16:38 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-25 16:38 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-25 16:37 - 2017-09-29 03:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-11-25 16:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-25 16:27 - 2016-07-25 11:02 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-11-25 16:27 - 2014-09-08 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCP
2017-11-25 16:27 - 2014-09-08 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCP
2017-11-25 16:27 - 2012-09-11 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
2017-11-25 16:27 - 2012-09-11 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
2017-11-25 16:27 - 2011-03-18 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hoyle®
2017-11-25 16:27 - 2011-03-18 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hoyle®
2017-11-25 16:27 - 2010-12-16 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2017-11-25 16:27 - 2010-12-16 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2017-11-25 16:27 - 2010-08-14 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2017-11-25 16:27 - 2010-08-14 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2017-11-25 16:26 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-25 16:26 - 2017-07-19 20:49 - 000000000 ____D C:\Program Files\Realtek
2017-11-25 16:26 - 2011-03-06 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-11-25 16:26 - 2011-03-06 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-11-25 16:26 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Microsoft Games
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-25 16:22 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-25 16:22 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-25 16:22 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-25 16:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-25 16:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-25 16:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-25 16:22 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-25 16:22 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-25 16:22 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-25 08:31 - 2010-12-13 15:42 - 000000000 ___HD C:\Users\dad's toy\AppData\Local\ElevatedDiagnostics
2017-11-25 08:29 - 2010-12-04 13:23 - 000000000 ___HD C:\Users\dad's toy\AppData\Local\CrashDumps
2017-11-24 22:22 - 2016-07-25 04:46 - 000000000 ____D C:\Windows10Upgrade
2017-11-24 21:19 - 2014-05-17 08:14 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-24 18:21 - 2011-03-18 16:50 - 000000000 ____D C:\Users\dad's toy\AppData\Roaming\Hoyle
2017-11-24 14:03 - 2016-01-02 18:48 - 000000000 ____D C:\Program Files\Common Files\AV
2017-11-24 07:00 - 2016-01-17 06:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-24 07:00 - 2016-01-17 06:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-24 06:56 - 2015-01-30 16:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2017-11-24 06:50 - 2016-02-26 17:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-24 06:50 - 2013-03-03 06:50 - 000000000 ____D C:\ProgramData\Licenses
2017-11-24 06:50 - 2013-03-03 06:50 - 000000000 ____D C:\ProgramData\Licenses
2017-11-24 06:50 - 2010-12-08 16:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2017-11-24 06:50 - 2010-08-14 18:45 - 000000000 ____D C:\ProgramData\Norton
2017-11-24 06:50 - 2010-08-14 18:45 - 000000000 ____D C:\ProgramData\Norton
2017-11-24 06:50 - 2010-08-14 18:21 - 000000000 ____D C:\ProgramData\CinemaNow
2017-11-24 06:50 - 2010-08-14 18:21 - 000000000 ____D C:\ProgramData\CinemaNow
2017-11-24 04:48 - 2010-08-14 18:14 - 000000000 ____D C:\ProgramData\Temp
2017-11-24 04:48 - 2010-08-14 18:14 - 000000000 ____D C:\ProgramData\Temp
2017-11-18 16:50 - 2017-07-19 15:20 - 000102600 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SY1
2017-11-17 20:27 - 2013-08-15 02:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-17 20:17 - 2017-10-10 19:17 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-17 20:16 - 2010-12-03 16:19 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-15 19:53 - 2017-08-26 12:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-15 19:53 - 2016-02-26 17:17 - 000001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-15 19:53 - 2016-02-26 17:17 - 000001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-15 19:53 - 2010-12-13 20:01 - 000000000 ____D C:\Users\dad's toy\AppData\Roaming\Mozilla
2017-11-08 19:59 - 2011-10-16 08:09 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-10-27 16:57 - 2012-02-04 10:30 - 000000000 ___HD C:\Users\dad's toy\AppData\Local\Adobe

==================== Files in the root of some directories =======

2012-06-30 12:25 - 2013-04-07 20:28 - 000000240 _____ () C:\Users\dad's toy\AppData\Roaming\default.rss
2012-02-27 17:28 - 2012-02-27 17:28 - 000000097 ____H () C:\Users\dad's toy\AppData\Local\fusioncache.dat
2012-08-04 06:21 - 2012-08-04 06:21 - 000007618 ____H () C:\Users\dad's toy\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-25 16:59

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by dad's toy (26-11-2017 06:29:34)
Running from C:\Users\dad's toy\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-26 11:02:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1852320340-3763420829-3560972882-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1852320340-3763420829-3560972882-1005 - Limited - Enabled)
dad's toy (S-1-5-21-1852320340-3763420829-3560972882-1000 - Administrator - Enabled) => C:\Users\dad's toy
DefaultAccount (S-1-5-21-1852320340-3763420829-3560972882-503 - Limited - Disabled)
Guest (S-1-5-21-1852320340-3763420829-3560972882-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1852320340-3763420829-3560972882-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1852320340-3763420829-3560972882-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advertising Center (HKLM-x32\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.1 - Nero AG) Hidden
ATI Catalyst Install Manager (HKLM\...\{3A477F94-D551-17B2-26A5-7AD895F6C8BA}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (HKLM\...\{057871D9-D9CD-15CF-50DC-9192C9B3D00E}) (Version: 3.0.804.0 - ATI Technologies) Hidden
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe 1.0 (HKLM-x32\...\Bejeweled 2 Deluxe 1.0) (Version:  - )
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (HKLM-x32\...\{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}) (Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-core-static (HKLM-x32\...\{4FFFCE73-5B6F-C016-83BB-8836E9E2656A}) (Version: 2010.1228.2239.40637 - ATI) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
DJ_AIO_06_F4500_SW_MIN (HKLM-x32\...\{85498904-0748-45AA-9482-6DB8EA971B91}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
DolbyFiles (HKLM-x32\...\{b1adf008-e898-4fe2-8a1f-690d9a06acaf}) (Version: 0.1 - Nero AG) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT087342) (Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
F4500 (HKLM-x32\...\{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.60.0 - International GeoGebra Institute)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games 2011 (remove only) (HKLM-x32\...\Hoyle Card Games 2011) (Version:  - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Power Assistant (HKLM\...\{6888C635-E550-4FA4-958E-CE2880B0443B}) (Version: 1.1.1.5 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
HydraVision (HKLM-x32\...\{6E30650C-81B1-9AD2-812E-DBAA19763B8B}) (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (HKLM-x32\...\WT087373) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version:  - )
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LUXOR (HKLM-x32\...\LUXOR) (Version: 1.1.0.0 - MumboJumbo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7070.2026 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{0e67eb49-a8a5-46b4-a012-f800980bd52d}) (Version:  - Nero AG)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security with Backup (HKLM-x32\...\NSBU) (Version: 22.11.2.7 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2926 - CyberLink Corp.) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SnapPlayer (HKLM-x32\...\{FF7991D3-7C6D-4C87-A541-545198F52E7D}) (Version: 1.1.5217.23103 - EMCP)
SolutionCenter (HKLM-x32\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Weather Channel Screensaver (HKLM-x32\...\The Weather Channel Screensaver) (Version:  - )
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT087513) (Version: 2.2.0.95 - WildTangent) Hidden
Watchtower Library - English (HKLM-x32\...\{1D72ED8E-EA0F-4AE3-BBC5-2EC55FA5649F}) (Version: 18.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2014 - English (HKLM-x32\...\{DB6F2EEA-CEEA-4096-8BD7-ABF100A90820}) (Version: 16.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2015 - English (HKLM-x32\...\{F0D4F127-987D-4345-AA96-5699CF14AF35}) (Version: 17.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}) (Version: 4.0.2811 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-07-16] (Nero AG)
ContextMenuHandlers1-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01109B00-5048-4610-84B8-A3ED2796134B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0206CC90-D392-45D8-B52A-4078BEC9674F} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {11832995-CC21-41DF-BC4E-C2AC68965B5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {138C3B1F-63C6-46CE-B138-03C3423A26D5} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {1499728E-BD72-44AB-B956-8627C85FB181} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1BD856D7-90AC-40A7-9927-C6CD12D34636} - \WPD\SqmUpload_S-1-5-21-1852320340-3763420829-3560972882-1000 -> No File <==== ATTENTION
Task: {1DBBB3D8-F0EC-4D96-93ED-57F59CE75D68} - \Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) -> No File <==== ATTENTION
Task: {1E4EE1F0-285F-4BCE-88F2-74A67977E747} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {242098E1-880B-4BFA-8D28-E64CEF55D73A} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {25FD1525-6F13-49B5-B5E9-EB4E7E73646E} - \ServicePlan -> No File <==== ATTENTION
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {2BF072F7-41E0-4360-A67F-254A6FC579C0} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {2BF81853-E8FC-4535-BE44-DCF22B2514A9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2C737715-AB1D-421F-839D-E5BAB4756BFF} - \Norton Identity Safe\Norton Error Analyzer -> No File <==== ATTENTION
Task: {2CFF2244-CAE3-4566-BFDE-6D7FA12A06CE} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {2E5A6F5B-4427-4858-BF2D-623802BF91F7} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {2FC81AA6-CA43-47E2-8150-DBEB05F48AFF} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {30D6ADC3-7961-4475-8146-F8059C5DFCB7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {35574FAA-5EA1-46FC-B9ED-17F2C183EB8E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {3CE3DF0C-FD71-4D74-B209-E0FAFD052344} - \Microsoft\Office\Office Subscription Maintenance -> No File <==== ATTENTION
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {45BD7F67-0518-4739-90F3-C46079BA2694} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {489B30FB-E7C5-4170-8328-8EEA328BD7E0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4CF6AF71-26AE-4913-A685-3C7661892E1D} - System32\Tasks\S-1-5-21-1852320340-3763420829-3560972882-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {4E72B718-6AC6-4CE1-8179-29215FB9C0F5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {578D0CA6-4844-430C-8D2A-BA79E7C01266} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {6FBA2340-2F7E-45D2-BCD9-D6366D8BC42A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-03] (Google Inc.)
Task: {6FD09F7D-BE1B-4110-9192-12F1E211816B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {723A42EA-A309-4B79-B640-7E1AC228C844} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {75E207A5-0575-446A-974A-D178024369F1} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {7D74F8CB-433A-4587-B6A5-AE9C39895402} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {856B1B6B-B9F6-4AFD-AE80-1909FBE7DA61} - \Microsoft\Office\Office Automatic Updates -> No File <==== ATTENTION
Task: {87E3FB53-EADF-4AE2-A6B3-2CFEB4A1C805} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8A903484-58EA-4BF0-99C8-E87F76FA8A51} - \twc_screensaver_updater -> No File <==== ATTENTION
Task: {9A41AB8B-2FFD-4C52-87E6-D1947DFAFE70} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {9A5EDBB7-C1D4-4DAA-A13F-4308216D5344} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {A40CB42B-5056-470E-B272-E6539037076C} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {A7D2B684-EE4C-446B-BFD0-739FAB26D60C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {B8CFAC1E-6679-497F-9C9E-5DFC8CFA7D2A} - \HPCeeScheduleFordad's toy -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {BDC8FC42-A3FD-4A44-BDB5-DD84532AA03B} - \Norton Identity Safe\Norton Error Processor -> No File <==== ATTENTION
Task: {BF5E5712-0BE8-41A0-A8CA-8ADCACE56E02} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {BF640C57-0C86-4221-9387-DDBD691847FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {C43E5723-F165-46ED-A063-7D246184E942} - \Microsoft\Office\Office ClickToRun Service Monitor -> No File <==== ATTENTION
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {C91462C1-FC88-488C-8E76-1F0FCD997FBF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CF3DB5A3-252A-4F07-B683-2CADC22F6630} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1A28935-9431-473F-8FF8-4C4DC7CD443A} - \{B1D093ED-F337-4DA9-AD1B-C6FC3F6166B1} -> No File <==== ATTENTION
Task: {D30C024A-4D33-452D-8EC9-898F41DAEBB6} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
Task: {DBB44FA7-7846-4A00-A4B2-7DCD66724060} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-03] (Google Inc.)
Task: {DCCEC452-F4F3-4193-B418-3B352CADD5F6} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {EBCCEF46-3D81-43DE-A4E7-3A9B54EF6FCF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EC402D99-A630-4BCD-8102-009282CA0D0E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F23A4007-03EA-4B05-AA3A-A46BB2EEE487} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {F62AF9F5-2517-400C-A14E-E3AB0B442AB8} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {FDB1442C-CFAB-4FF1-87A4-3A3612396A95} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {FFC91C07-200C-470A-8899-D8B36C7FBB41} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleFordad's toy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2010-12-28 21:49 - 2010-12-28 21:49 - 000079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2016-03-16 18:02 - 2016-07-20 17:54 - 008921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000030208 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2010-01-18 12:21 - 2010-01-18 12:21 - 000568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-09-28 14:00 - 2010-09-28 14:00 - 000061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 000131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 000028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\blueearth.net -> hxxp://graderdev.blueearth.net
IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\emcp.com -> hxxp://snap2010.emcp.com
IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 11540 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-06-01 18:36 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1852320340-3763420829-3560972882-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dad's toy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CDAEEB6F-8D6C-42AB-95FC-CC6E629AEBCF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{B9C56E44-8694-44B5-9393-B618921AE88D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{72E82170-20A4-4D76-A257-B6602B46AC9E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{668BFDAD-0F5F-4935-BD8D-7230B73B2556}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{AC4809C7-B974-4D22-AA68-69F272A78F0A}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{EC070C12-0D29-4A6D-A2E3-8AF8306E8D4A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{A046F651-BE3C-4879-B9E5-689391F1BF7F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{A2E822A0-D1E7-4D1C-9B58-A6F2713CF487}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{5A7EA345-66E9-4479-9401-D58E05B6F7AA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{43452F50-4514-4E60-A9C7-2E2865F95AB6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{6D6CAE87-C6D8-4AB8-98E9-7DB17D6955C6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{F10AC8FD-9A9B-41DE-8384-6BEC33D8B3F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{A7EB5645-DAA2-4E84-A53E-BB87777A54B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{E0F96C15-A300-476C-BA42-4C1EC4D1C84E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{61CD80F3-F355-4F07-9818-FE9CD5AF416E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5310B272-2661-479F-AEDA-895E07ED303E}] => (Allow) svchost.exe
FirewallRules: [{BA7E0EE7-E0B1-4460-B51B-49696F5AB66F}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{01D52D1A-7F60-4FC1-B77E-2B2020982EF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{4894122F-08AE-4FA0-8C3D-419D1A0F0E25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{92253784-2D55-48CF-8E85-C40E2E452DD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{43C531AF-6C0A-488F-AF95-86895DC5827D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{2687AB47-3725-4AFF-A6AB-18066C630331}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1D13AACB-813E-451D-97A0-B0EC0DE77F1A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4FB037DF-1F90-400D-BA04-470824777D67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BFCC5BB1-58E3-4446-95AD-CF0315E082FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{13C2313E-7E56-4F47-807C-70B43574497A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C59B9D24-A51B-4D0D-B8EB-C6C5862849C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C3C939E7-19F4-4152-9536-30F8CC0891C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{54405DC7-70F0-477D-9508-C22FCB1BD3E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{980A4B2A-E657-49C6-B535-264286260A6E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{2EDC8D24-50E5-4019-9549-C4DD6612F361}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D9B3BB1A-AB1D-4252-B0AE-59B111E35DA0}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{D9078EFF-6ED1-4DC2-A1F3-F8A959703F50}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{E1F708D9-57A7-4011-AB58-1959B27B0C6A}] => (Allow) LPort=7000
FirewallRules: [{1FFA3CE2-77EC-47F0-A281-69F5FDC883E9}] => (Allow) LPort=7000
FirewallRules: [{CB0BA7D2-1459-44AA-9EA4-229557247798}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2D0DCCF3-60A8-46BA-B738-3F07EACC24B6}] => (Allow) LPort=2869
FirewallRules: [{543F341D-4C09-490F-A0C2-84A176F688DF}] => (Allow) LPort=1900
FirewallRules: [{167B5EEE-DCE5-44CB-9780-80EFCB1DF840}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [TCP Query User{F34DB531-7C77-4DE3-9CF3-26F41666708A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{746AE5F4-E773-4EF3-BB69-1B270C5FED51}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{0DC172D9-6DD2-4531-A6A6-4C01F79CC567}] => (Allow) C:\Users\dad's toy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{00EF1EA6-9F08-49FC-A168-FD53B8D49F78}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BE6DA053-991E-4900-92A5-78B653B15C09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4095140A-C8CD-40DE-9E93-FF3DCB7E2777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7E072D1-ED9A-49A0-B2E6-B6EF988C9A9E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2017 06:08:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.

Error: (11/26/2017 05:49:15 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (11/26/2017 05:40:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (5128,R,0) TILEREPOSITORYS-1-5-21-1852320340-3763420829-3560972882-500: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Administrator\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/26/2017 05:40:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (4848,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/26/2017 05:39:15 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (11/26/2017 05:39:15 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (11/26/2017 05:39:13 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (11/26/2017 05:36:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CinemanowSvc.exe, version: 1.9.2.0, time stamp: 0x4c142e2e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xbd8
Faulting application start time: 0x01d366a253a81ace
Faulting application path: C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
Faulting module path: unknown
Report Id: 26d3da1b-0035-4dfd-9716-b2324a7dd64b
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (11/26/2017 06:01:45 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/26/2017 05:49:20 AM) (Source: WinRM) (EventID: 10142) (User: )
Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.

Error: (11/26/2017 05:36:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2017 05:36:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Nero BackItUp Scheduler 4.0 service to connect.

Error: (11/26/2017 05:36:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ClickToRunSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2017 05:36:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.

Error: (11/26/2017 05:36:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Power Assistant Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2017 05:36:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Power Assistant Service service to connect.

Error: (11/26/2017 05:36:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrueKey service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/26/2017 05:36:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TrueKey service to connect.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 54%
Total physical RAM: 4863.28 MB
Available physical RAM: 2230.31 MB
Total Virtual: 6399.28 MB
Available Virtual: 3768.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.01 GB) (Free:829.71 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.96 GB) (Free:1.45 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6E947156)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 seedy21

seedy21

    Advanced Forum Junkie

  • Administrator
  • 129 posts
  • Gender:Male
  • Location:West Yorkshire, UK
  • Interests:IT, malware removal and Radio Stations

Posted 29 November 2017 - 07:52 PM


FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses:
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
    Task: {D1A28935-9431-473F-8FF8-4C4DC7CD443A} - \{B1D093ED-F337-4DA9-AD1B-C6FC3F6166B1} -> No File <==== ATTENTION
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
    Please post it to your reply.



    Emsisoft Emergency Kit

    Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
    • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
    • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
    • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
    • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
    • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
    • Please save the log in Notepad on your desktop and post the contents in your next reply.
    • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.


#5 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 30 November 2017 - 12:57 AM

frst logfile

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
Ran by dad's toy (29-11-2017 18:52:34) Run:1
Running from C:\Users\dad's toy\Downloads
Loaded Profiles: dad's toy (Available Profiles: dad's toy & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
Task: {D1A28935-9431-473F-8FF8-4C4DC7CD443A} - \{B1D093ED-F337-4DA9-AD1B-C6FC3F6166B1} -> No File <==== ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1A28935-9431-473F-8FF8-4C4DC7CD443A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1A28935-9431-473F-8FF8-4C4DC7CD443A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B1D093ED-F337-4DA9-AD1B-C6FC3F6166B1} => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21446213 B
Java, Flash, Steam htmlcache => 52608 B
Windows/system/drivers => 849489 B
Edge => 2561262 B
Chrome => 0 B
Firefox => 423612048 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2462 B
NetworkService => 0 B
dad's toy => 12726811 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 445.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:58:15 ====

 

emsisoft logfile did not ask  about pup

 

Emsisoft Emergency Kit - Version 2017.10
Last update: 11/29/2017 7:42:44 PM
User account: dec2010\dad's toy
Computer name: DEC2010
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    11/29/2017 7:43:15 PM
C:\Program Files (x86)\coupons     detected: Application.AppInstall (A) [228231]
C:\Users\dad's toy\AppData\LocalLow\HPAppData     detected: Application.AdInstall (A) [230356]

Scanned    79516
Found    2

Scan end:    11/29/2017 7:51:34 PM
Scan time:    0:08:19

C:\Users\dad's toy\AppData\LocalLow\HPAppData     Application.AdInstall (A)
C:\Program Files (x86)\coupons     Application.AppInstall (A)

Quarantined    2
 



#6 seedy21

seedy21

    Advanced Forum Junkie

  • Administrator
  • 129 posts
  • Gender:Male
  • Location:West Yorkshire, UK
  • Interests:IT, malware removal and Radio Stations

Posted 03 December 2017 - 08:22 PM

Hi,

Your logs look better now. Do you have any further issues with your machine?

#7 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 03 December 2017 - 10:12 PM

yes i do

apps on the desktop keep moving around

 

screen resolution keeps changing

 

 

 when i open up the hoyle card game the permission box comes on ,i click yes, then the desktop shows for a second with huge apps on it, when the game starts it runs extremely slow,and  the cpu cooling fan starts running at extreme high speed, never did this before

 

live mail looks like it did with earlier version of windows and will close unexpectedly

 

sometimes when i open the display setting or personalize  i have to close it and do it again before it will open

 

when i open up some internet windows like craigslist the windows all have to have the zoom adjusted so you can read them



#8 seedy21

seedy21

    Advanced Forum Junkie

  • Administrator
  • 129 posts
  • Gender:Male
  • Location:West Yorkshire, UK
  • Interests:IT, malware removal and Radio Stations

Posted 04 December 2017 - 09:17 PM

We need to run a Command with Command Prompt

Click on Start, All Programs, Accessories, Right Click Command Prompt and select Run as Administrator

Type in the following line followed by clicking Enter

chkdsk /R

The System may ask you to schdule a reboot , Type Y and click Enter

Please exit Command Prompt and restart you computer. This will take longer to start up as it is going to run this command.

 

Next ....

 

We need to run a Command with Command Prompt

Click on Start, All Programs, Accessories, Right Click Command Prompt and select Run as Administrator

Type in the following line followed by clicking Enter

sfc /scannow

 

Please exit Command Prompt and restart you computer. This will take longer to start up as it is going to run this command.



#9 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 05 December 2017 - 11:10 AM

ok done



#10 seedy21

seedy21

    Advanced Forum Junkie

  • Administrator
  • 129 posts
  • Gender:Male
  • Location:West Yorkshire, UK
  • Interests:IT, malware removal and Radio Stations

Posted 05 December 2017 - 11:56 AM

Hi ,

Can you test your machine and let me know what issues your still having ?

Thanks

#11 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 05 December 2017 - 09:54 PM

still doing the same things as #7 post



#12 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 06 December 2017 - 11:19 AM

i noticed this morning that some of the desktop apps have a blue and yellow shield on them

malwarebytes

spywareblaster

hoyle card

emsisoft

emsisoft emergency

windows 10 upgrade

frst 64 exe shortcut

 

what's that about?



#13 seedy21

seedy21

    Advanced Forum Junkie

  • Administrator
  • 129 posts
  • Gender:Male
  • Location:West Yorkshire, UK
  • Interests:IT, malware removal and Radio Stations

Posted 07 December 2017 - 06:56 PM

Hi 4Skag,

 

i noticed this morning that some of the desktop apps have a blue and yellow shield on them

 

The shield is to show that the program wants to run as an administrator.

 

Could you please create a new user and let me know if the problems appear in the new account?

 

Link to an Article on how to do this can be found at https://www.laptopma...unts-windows-10

 

Thanks



#14 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 08 December 2017 - 09:18 PM

tried it

no changes

 

wanted to let you know that due to a death in the family i'll be gone for awhile

will contact when i return



#15 4skag

4skag

    Advanced Forum Junkie

  • Member+
  • PipPipPipPipPip
  • 144 posts

Posted 17 December 2017 - 11:43 AM

i'm back

can we continue






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users