1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Firefox disappeared

Discussion in 'Malware Removal Help' started by Tony D, Aug 27, 2019.

  1. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,108
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    My buddy was having problems accessing his ISP-provided email with Chrome. Other connections were good. I ended up deleting and reinstalling Chrome. I also installed Firefox as a backup brower. I received a call a few days later that Chrome wasn't wasn't working and Firefox was no longer on the computer. I confirmed this today.

    When I brought up Chrome, Chrome didn't display a window. Task Manager showed that it was not running in the Applications tab. The Processes tab however showed two instances of Chrome running.

    I also noted that Norton wasn't running in the Notification area both times I was out to see him. Somewhere along the line after reinstalling Chrome, I noted Norton was running. Don't know exactly what I did to get Norton running, but it happened both times I was there. I wasn't running, then later on it was. I did run a Norton scan. It found no threats.

    I've attached the FRST and Addition logs. Oh, I also ran a MBAM scan. It found only PUPs. I don't have that report with me.

    I saw he had TeamViewer. I uninstalled that. I didn't see LogMeIn in the Programs and Features Control Panel, However, FRST found it located in
    I deleted the LogMeIn Rescue folder.

    I don't know what's going on here. Maybe you'll see something suspicious in here.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-08-2019
    Ran by John (administrator) on JOHN-PC (PowerSpec H81H3-WM) (27-08-2019 10:24:10)
    Running from F:\FRST
    Loaded Profiles: John (Available Profiles: John & Anne)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Users\John\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe
    (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Users\John\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Mindspark Interactive Network -> Mindspark) C:\Program Files (x86)\GetFormsOnline_db\bar\1.bin\dbbarsvc.exe
    (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    HKLM-x32\...\Run: [GetFormsOnline EPM Support] => C:\Program Files (x86)\GetFormsOnline_db\bar\1.bin\dbmedint.exe [11608 2015-12-15] (Mindspark Interactive Network -> Mindspark)
    HKU\S-1-5-21-316511226-2536946270-1915896526-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd -> Piriform Ltd)
    HKU\S-1-5-21-316511226-2536946270-1915896526-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-316511226-2536946270-1915896526-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\...\Authentication\Credential Providers: [{c35ca2f1-3a8a-49e3-9f5d-cae4448a6b8c}] -> C:\Windows\system32\unlock64.dll [2015-09-21] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk [2017-04-23]
    ShortcutAndArgument: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet 4630 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN49G492YC05Y0;CONNECTION=USB;MONITOR=1;

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {15AD2718-8EB3-49AF-817B-4BE8091F50B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
    Task: {17402FE1-2808-4B11-821A-306653429333} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [6105096 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {1A8ED86D-BC6F-4192-9C8B-34FB676C5D42} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
    Task: {1BCBDBE3-F187-4E3D-BEEA-893968369D51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH6AS4B0GD => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.)
    Task: {23C41F73-80DD-459E-8B5F-BD31378E435F} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\SymErr.exe [103952 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    Task: {3439E8AA-417B-4983-AAE6-B1C7FD3BB9D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd -> Piriform Ltd)
    Task: {3795FA69-0D79-4FC6-AB01-EBBB4A0EEAE6} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
    Task: {611D2883-B7A4-467A-BCB6-64F4AC1448ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {83E779B8-17C1-4AA4-962A-C47421FDDB05} - System32\Tasks\HP AR Program Upload - d9e1b2b9f12240b7aa5e226498f9bd0713ad996982554b84b8d25b1ff13cd0af => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [3871240 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {8E4686A1-F018-4916-8DF4-2386229A9032} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2231488 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    Task: {999C8C08-0826-4757-BBC3-91B41975ADC4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-13] (Adobe Inc. -> Adobe)
    Task: {A9572A7C-B7C9-4041-9721-3E3514133835} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\SymErr.exe [103952 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    Task: {B673F2A0-FAD3-4F20-8D94-CFE87CD173A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-07-14] (Google Inc -> Google Inc.)
    Task: {B84029E1-BBB0-41B6-9477-BAB24A8A1E26} - System32\Tasks\HP AR Program Upload - 5fa1277e212b47f99caaf86063ebf94de384add7a3134360bd40fb60bb8ca141 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [3871240 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {BFCC30EF-0E7B-4F1A-B3B5-39BC075C16A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {C078392A-412F-4B69-ACED-0AD47B418B33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.)
    Task: {C9530E7B-0D40-4898-95A9-9D82BC341393} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-07-14] (Google Inc -> Google Inc.)
    Task: {CD9EC46D-B9B3-4500-9FC3-526976C35766} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
    Task: {D4611D92-D022-46BF-BE27-72AF8A07C812} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
    Task: {D6A48A8C-17F4-4EAC-8BFD-48B9F297FC02} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
    Task: {DDDD9910-6116-4265-8FE0-BE6D8F2797CD} - System32\Tasks\HPCustPartic.exe_{A45F94EA-EDE7-4B65-8A58-87B982A57C84} => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [6105096 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {E013ACFF-36B9-4E93-9934-C910EAB3A017} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\WSCStub.exe [2231488 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    Task: {FE0006B6-8E5B-419D-8252-13329B6FAE04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [243576 2019-07-23] (HP Inc. -> HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{25FA4FFC-375E-46ED-AB02-83C55DA3B48F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{9CD750DC-59C1-4181-818C-E9A183446DAD}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKU\S-1-5-21-316511226-2536946270-1915896526-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.xfinity.com/
    URLSearchHook: HKU\S-1-5-21-316511226-2536946270-1915896526-1001 - (No Name) - {8a04fa5f-0a1a-4996-abe4-b607dad3840b} - C:\Program Files (x86)\GetFormsOnline_db\bar\1.bin\dbSrcAs.dll (Mindspark Interactive Network -> Mindspark)
    SearchScopes: HKLM -> DefaultScope {2569603D-A916-485F-8058-067BC3D949E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2569603D-A916-485F-8058-067BC3D949E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {2569603D-A916-485F-8058-067BC3D949E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2569603D-A916-485F-8058-067BC3D949E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-316511226-2536946270-1915896526-1001 -> DefaultScope {2569603D-A916-485F-8058-067BC3D949E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-316511226-2536946270-1915896526-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311406&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC0B0A2vLn65oIXyajePIKZYOmi80qI1xYEiwYSF%2FI4LVwGPGLuW1Kq5m%2FSf9EFqLpXu%2BY%2BCoXtkiOe%2Bs%2Btcw03T0g2QwdQfNbKXuOTPBmh%2BaLBtvevukOfx9QW3ucp88QCgnAyE%2BfvNeAwzNbxWve6WbpTiyukGFXLMKb73MmKS%2FijoeYrgvUv6mgRXBXSXwaU%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-316511226-2536946270-1915896526-1001 -> {2569603D-A916-485F-8058-067BC3D949E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-316511226-2536946270-1915896526-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = &gct=kwd&qsrc=2869
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\coIEPlg.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.18.0.222\coIEPlg.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Toolbar BHO -> {f18926ce-ba1d-4467-8ebd-5ba4c0d0d4ae} -> C:\Program Files (x86)\GetFormsOnline_db\bar\1.bin\dbbar.dll [2015-12-15] (Mindspark Interactive Network -> Mindspark)
    BHO-x32: Search Assistant BHO -> {ff57b31a-0257-40cb-9c5e-6aec88bcf9de} -> C:\Program Files (x86)\GetFormsOnline_db\bar\1.bin\dbSrcAs.dll [2015-12-15] (Mindspark Interactive Network -> Mindspark)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\coIEPlg.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.18.0.222\coIEPlg.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKLM-x32 - GetFormsOnline - {6b69261e-55eb-47dc-b75e-f53c06de3d3a} - C:\Program Files (x86)\GetFormsOnline_db\bar\1.bin\dbbar.dll [2015-12-15] (Mindspark Interactive Network -> Mindspark)
    Toolbar: HKU\S-1-5-21-316511226-2536946270-1915896526-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\coIEPlg.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311406&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC0B0A2vLn65oIXyajePIKZYb2ZmPa%2FBvId24OqdGQPRGcCD9lMdiNlZGTW5yAjkDds%2Fb3ZwKDHFRAWvOVRdIuc2hsJIrfSiPsK%2BlXRebnuXdmhfzcA0PnYRInTjxYgU63H8Z%2FPx67y0A9mBWvFvUtSDrIDcLoRw9JAP4TTX75To8ULw21TbELfOIUVf4JyiITA%3D
    CHR StartupUrls: Default -> "hxxps://connect.xfinity.com/appsuite/#!!&app=io.ox/mail&folder=default0/INBOX"
    CHR NewTab: Default -> Not-active:"chrome-extension://goklhjenkfcbbgfbgefgbplhnpplpgnm/newtab/fastesttab.html", Not-active:"chrome-extension://olaapfkinmkcepjecfngpfpngjbcccdp/newtab/fastesttab.html"
    CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> se
    CHR DefaultSuggestURL: Default -> hxxps://www.searchencrypt.com/encsuggest?q={searchTerms}
    CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2019-08-22]
    CHR Extension: (Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
    CHR Extension: (Free Government Forms) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\anhiaboijcadomedpbmcaobjkppgkbaj [2018-01-25]
    CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
    CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
    CHR Extension: (Norton Security Toolbar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-04-17]
    CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk [2019-08-22]
    CHR Extension: (Maps Now) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\feailhokcofhemellplnfeclaobeifbe [2018-10-19]
    CHR Extension: (Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
    CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfijjnfjoeafkhalnojfbaekemcofoi [2019-08-22]
    CHR Extension: (Search Encrypt) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnlabkgljnlaidbnocfhgdeajcgmahml [2019-08-03]
    CHR Extension: (Easy Internet Speed Test) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\goklhjenkfcbbgfbgefgbplhnpplpgnm [2019-07-25]
    CHR Extension: (YourTemplateFinder ) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpncjcamnfnkhkjfdcnhbfnnpfpmdiae [2017-01-20]
    CHR Extension: (Norton Safe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-04-26]
    CHR Extension: (Norton Identity Safe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-07-14]
    CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh [2019-08-22]
    CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfcbmjhdehbcffdechfchffjpdghpfob [2019-08-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-09]
    CHR Extension: (Ad Remover Adblocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojjjflcdgjegkdcojbahlbgeiinpbfgf [2019-06-06]
    CHR Extension: (Your Easy Forms) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\olaapfkinmkcepjecfngpfpngjbcccdp [2019-07-25]
    CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
    CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-22]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 GetFormsOnline_dbService; C:\Program Files (x86)\GetFormsOnline_db\bar\1.bin\dbbarsvc.exe [89432 2015-12-15] (Mindspark Interactive Network -> Mindspark)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [358264 2019-08-07] (HP Inc. -> HP Inc.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation - pGFX -> Intel Corporation)
    R2 LMIRescueUA_1192072; C:\Users\John\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe [3271024 2015-09-21] (LogMeIn, Inc. -> LogMeIn, Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation -> Malwarebytes Corporation)
    S2 NortonSecurity; C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\NortonSecurity.exe [225608 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-31] (Microsoft Windows -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3752448 2012-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20190820.001\BHDrvx64.sys [1935880 2019-08-06] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1612000.0DE\ccSetx64.sys [194416 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-08-09] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-08-09] (Symantec Corporation -> Symantec Corporation)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-03-22] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20190826.061\IDSvia64.sys [1451016 2019-08-23] (Symantec Corporation -> Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation -> Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation -> Malwarebytes Corporation)
    S3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2471568 2014-06-13] (MEDIATEK INC. -> MediaTek Inc.)
    S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
    S3 SRTSP; C:\Windows\System32\drivers\NGCx64\1612000.0DE\SRTSP64.SYS [883720 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1612000.0DE\SRTSPX64.SYS [49672 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1612000.0DE\SYMEFASI64.SYS [1963400 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-31] (Symantec Corporation -> Symantec Corporation)
    S4 SymEvnt; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\SymPlatform\SymEvnt.sys [719240 2019-08-15] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1612000.0DE\Ironx64.SYS [316656 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1612000.0DE\symnets.sys [573448 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1612000.0DE\wpCtrlDrv.sys [1012120 2019-08-17] (Symantec Corporation -> Symantec Corporation)
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161209.001\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20161209.001\EX64.SYS [X]
    S1 SASDIFSV; \??\C:\Users\John\AppData\Local\Temp\7zS3A2A.tmp\SASDIFSV64.SYS [X] <==== ATTENTION
    S1 SASKUTIL; \??\C:\Users\John\AppData\Local\Temp\7zS3A2A.tmp\SASKUTIL64.SYS [X] <==== ATTENTION

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-08-27 10:21 - 2019-08-27 10:24 - 000000000 ____D C:\FRST
    2019-08-26 20:15 - 2019-08-26 20:15 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
    2019-08-26 20:08 - 2019-08-05 18:58 - 000397432 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2019-08-26 20:08 - 2019-08-05 17:55 - 000348800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2019-08-26 20:08 - 2019-08-03 23:37 - 025754624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2019-08-26 20:08 - 2019-08-03 22:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2019-08-26 20:08 - 2019-08-03 22:16 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2019-08-26 20:08 - 2019-08-03 22:04 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2019-08-26 20:08 - 2019-08-03 22:03 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2019-08-26 20:08 - 2019-08-03 22:02 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2019-08-26 20:08 - 2019-08-03 22:02 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2019-08-26 20:08 - 2019-08-03 22:02 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2019-08-26 20:08 - 2019-08-03 22:01 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2019-08-26 20:08 - 2019-08-03 21:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2019-08-26 20:08 - 2019-08-03 21:54 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2019-08-26 20:08 - 2019-08-03 21:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2019-08-26 20:08 - 2019-08-03 21:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2019-08-26 20:08 - 2019-08-03 21:51 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2019-08-26 20:08 - 2019-08-03 21:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2019-08-26 20:08 - 2019-08-03 21:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2019-08-26 20:08 - 2019-08-03 21:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2019-08-26 20:08 - 2019-08-03 21:43 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2019-08-26 20:08 - 2019-08-03 21:40 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2019-08-26 20:08 - 2019-08-03 21:34 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2019-08-26 20:08 - 2019-08-03 21:33 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2019-08-26 20:08 - 2019-08-03 21:33 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2019-08-26 20:08 - 2019-08-03 21:30 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2019-08-26 20:08 - 2019-08-03 21:29 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2019-08-26 20:08 - 2019-08-03 21:27 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2019-08-26 20:08 - 2019-08-03 21:25 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2019-08-26 20:08 - 2019-08-03 21:21 - 020291584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2019-08-26 20:08 - 2019-08-03 21:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2019-08-26 20:08 - 2019-08-03 21:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2019-08-26 20:08 - 2019-08-03 21:14 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2019-08-26 20:08 - 2019-08-03 21:14 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2019-08-26 20:08 - 2019-08-03 21:12 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2019-08-26 20:08 - 2019-08-03 21:12 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2019-08-26 20:08 - 2019-08-03 21:11 - 015390720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2019-08-26 20:08 - 2019-08-03 21:04 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2019-08-26 20:08 - 2019-08-03 21:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2019-08-26 20:08 - 2019-08-03 21:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2019-08-26 20:08 - 2019-08-03 21:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2019-08-26 20:08 - 2019-08-03 21:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2019-08-26 20:08 - 2019-08-03 21:01 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2019-08-26 20:08 - 2019-08-03 21:00 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2019-08-26 20:08 - 2019-08-03 20:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2019-08-26 20:08 - 2019-08-03 20:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2019-08-26 20:08 - 2019-08-03 20:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2019-08-26 20:08 - 2019-08-03 20:54 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2019-08-26 20:08 - 2019-08-03 20:54 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2019-08-26 20:08 - 2019-08-03 20:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2019-08-26 20:08 - 2019-08-03 20:50 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2019-08-26 20:08 - 2019-08-03 20:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2019-08-26 20:08 - 2019-08-03 20:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2019-08-26 20:08 - 2019-08-03 20:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2019-08-26 20:08 - 2019-08-03 20:40 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2019-08-26 20:08 - 2019-08-03 20:40 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2019-08-26 20:08 - 2019-08-03 20:38 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2019-08-26 20:08 - 2019-08-03 20:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2019-08-26 20:08 - 2019-08-03 20:36 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2019-08-26 20:08 - 2019-08-03 20:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2019-08-26 20:08 - 2019-08-03 20:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2019-08-26 20:08 - 2019-08-03 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2019-08-26 20:08 - 2019-08-03 20:28 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2019-08-26 20:08 - 2019-08-03 20:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2019-08-26 20:08 - 2019-08-03 20:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2019-08-26 20:08 - 2019-08-03 20:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2019-08-26 20:08 - 2019-08-03 20:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2019-08-26 20:08 - 2019-08-03 20:06 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2019-08-26 20:08 - 2019-08-03 20:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2019-08-26 20:08 - 2019-07-29 22:25 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2019-08-26 20:08 - 2019-07-29 22:23 - 005552568 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2019-08-26 20:08 - 2019-07-29 22:23 - 000710072 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2019-08-26 20:08 - 2019-07-29 22:23 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2019-08-26 20:08 - 2019-07-29 22:23 - 000155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2019-08-26 20:08 - 2019-07-29 22:23 - 000097208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2019-08-26 20:08 - 2019-07-29 22:22 - 001671000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000517632 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2019-08-26 20:08 - 2019-07-29 22:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 004058848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2019-08-26 20:08 - 2019-07-29 22:19 - 003965664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2019-08-26 20:08 - 2019-07-29 22:19 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:17 - 001319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2019-08-26 20:08 - 2019-07-29 22:16 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 22:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 21:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2019-08-26 20:08 - 2019-07-29 21:53 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2019-08-26 20:08 - 2019-07-29 21:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2019-08-26 20:08 - 2019-07-29 21:51 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2019-08-26 20:08 - 2019-07-29 21:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2019-08-26 20:08 - 2019-07-29 21:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2019-08-26 20:08 - 2019-07-29 21:51 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2019-08-26 20:08 - 2019-07-29 21:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2019-08-26 20:08 - 2019-07-29 21:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2019-08-26 20:08 - 2019-07-29 21:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2019-08-26 20:08 - 2019-07-29 21:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2019-08-26 20:08 - 2019-07-29 21:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2019-08-26 20:08 - 2019-07-29 21:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2019-08-26 20:08 - 2019-07-29 21:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2019-08-26 20:08 - 2019-07-29 21:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2019-08-26 20:08 - 2019-07-29 21:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 21:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 21:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 21:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2019-08-26 20:08 - 2019-07-29 21:44 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2019-08-26 20:08 - 2019-07-29 21:44 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2019-08-26 20:08 - 2019-07-29 21:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2019-08-26 20:08 - 2019-07-29 21:44 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2019-08-26 20:08 - 2019-07-29 21:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2019-08-26 20:08 - 2019-07-29 21:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2019-08-26 20:08 - 2019-07-29 21:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2019-08-26 20:08 - 2019-07-29 21:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
    2019-08-26 20:08 - 2019-07-29 21:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
    2019-08-26 20:08 - 2019-07-29 21:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
    2019-08-26 20:08 - 2019-07-29 21:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
    2019-08-26 20:08 - 2019-07-29 21:43 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
    2019-08-26 20:08 - 2019-07-29 21:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2019-08-26 20:08 - 2019-07-23 20:37 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2019-08-26 20:08 - 2019-07-18 23:30 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2019-08-26 20:08 - 2019-07-13 04:37 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2019-08-26 20:08 - 2019-07-13 04:36 - 000289720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2019-08-26 20:08 - 2019-07-13 04:35 - 001894840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2019-08-26 20:08 - 2019-07-13 04:35 - 000385464 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2019-08-26 20:08 - 2019-07-13 04:35 - 000378808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2019-08-26 20:08 - 2019-07-13 04:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2019-08-26 20:08 - 2019-07-13 04:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2019-08-26 20:08 - 2019-07-13 04:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
    2019-08-26 20:08 - 2019-07-13 04:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2019-08-26 20:08 - 2019-07-13 04:33 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2019-08-26 20:08 - 2019-07-13 04:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
    2019-08-26 20:08 - 2019-07-13 04:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2019-08-26 20:08 - 2019-07-13 04:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 001077760 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2019-08-26 20:08 - 2019-07-13 04:32 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2019-08-26 20:08 - 2019-07-13 04:31 - 000318976 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
    2019-08-26 20:08 - 2019-07-13 04:31 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2019-08-26 20:08 - 2019-07-13 04:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
    2019-08-26 20:08 - 2019-07-13 04:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2019-08-26 20:08 - 2019-07-13 04:31 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2019-08-26 20:08 - 2019-07-13 04:31 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2019-08-26 20:08 - 2019-07-13 04:31 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
    2019-08-26 20:08 - 2019-07-13 04:22 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2019-08-26 20:08 - 2019-07-13 04:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2019-08-26 20:08 - 2019-07-13 04:22 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
    2019-08-26 20:08 - 2019-07-13 04:15 - 006135808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2019-08-26 20:08 - 2019-07-13 04:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcmonitor.dll
    2019-08-26 20:08 - 2019-07-13 04:07 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2019-08-26 20:08 - 2019-07-10 20:05 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2019-08-26 20:08 - 2019-07-03 21:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2019-08-26 20:08 - 2019-07-03 21:14 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2019-08-26 19:53 - 2019-08-26 19:53 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
    2019-08-26 19:47 - 2019-08-26 19:47 - 000003232 _____ C:\Windows\System32\Tasks\Norton WSC Integration
    2019-08-26 19:47 - 2019-08-26 19:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
    2019-08-21 14:43 - 2019-08-21 14:43 - 000000046 _____ C:\Users\John\Desktop\CNN.url
    2019-08-21 14:34 - 2019-08-22 17:44 - 000000000 ____D C:\Program Files (x86)\Unchecky
    2019-08-21 14:34 - 2019-08-21 14:45 - 000000000 ____D C:\ProgramData\Unchecky
    2019-08-21 14:27 - 2019-08-21 14:27 - 000015562 _____ C:\Users\John\Downloads\export.csv
    2019-08-21 14:08 - 2019-08-21 14:55 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
    2019-08-21 14:08 - 2019-08-21 14:08 - 000000000 ____D C:\Users\John\AppData\Roaming\Mozilla
    2019-08-21 14:08 - 2019-08-21 14:08 - 000000000 ____D C:\Users\John\AppData\Local\Mozilla
    2019-08-21 14:07 - 2019-08-22 17:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-08-21 14:07 - 2019-08-22 17:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-08-21 14:07 - 2019-08-21 14:08 - 000000000 ____D C:\ProgramData\Mozilla
    2019-08-21 13:38 - 2019-08-21 13:40 - 000000000 ____D C:\AdwCleaner
    2019-08-10 16:34 - 2019-08-10 16:34 - 000001473 _____ C:\Users\John\Downloads\Business Partner Application 2017 - Shortcut.lnk
    2019-08-07 16:27 - 2019-08-07 16:27 - 000138162 _____ C:\Users\John\Downloads\2019 Membership List in Excel. Revised by T. Flynn August 2019.xlsx
    2019-07-30 19:58 - 2019-07-30 19:58 - 000661643 _____ C:\Users\John\Downloads\190729.JacketFor#73.pdf

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-08-27 10:24 - 2009-07-14 01:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-08-27 10:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2019-08-27 10:10 - 2014-12-07 13:22 - 000000430 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2019-08-27 10:09 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-08-27 10:06 - 2009-07-14 00:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-08-27 10:06 - 2009-07-14 00:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-08-27 10:04 - 2009-07-14 00:45 - 000416824 _____ C:\Windows\system32\FNTCACHE.DAT
    2019-08-27 10:00 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
    2019-08-27 09:58 - 2017-07-17 22:28 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForJohn.job
    2019-08-26 20:15 - 2015-06-10 13:19 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-08-26 20:12 - 2017-07-17 22:28 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJohn
    2019-08-26 20:11 - 2014-12-18 15:26 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
    2019-08-26 19:48 - 2018-02-17 17:15 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
    2019-08-26 19:47 - 2018-02-18 12:54 - 000002482 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2019-08-22 17:46 - 2016-01-18 21:26 - 000000000 ____D C:\Users\John\AppData\LocalLow\GetFormsOnline_db
    2019-08-22 17:46 - 2014-12-07 16:17 - 000000000 ____D C:\Users\Anne
    2019-08-22 17:46 - 2014-12-07 15:37 - 000000000 ____D C:\Program Files (x86)\Norton Security Suite
    2019-08-22 17:46 - 2014-12-07 12:54 - 000000000 ____D C:\ProgramData\Norton
    2019-08-22 17:45 - 2016-01-18 21:26 - 000000000 ____D C:\Program Files (x86)\GetFormsOnline_db
    2019-08-22 17:43 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
    2019-08-22 17:42 - 2016-07-14 11:47 - 000000000 ____D C:\Program Files (x86)\Google
    2019-08-22 14:43 - 2014-12-07 12:42 - 000000000 ____D C:\Users\John
    2019-08-20 19:32 - 2018-05-16 19:10 - 000724874 _____ C:\Users\John\Downloads\TE Conestoga Football Association .zip
    2019-08-20 19:27 - 2018-09-11 15:20 - 000000022 _____ C:\Users\John\Downloads\Fwd_ pictures (2).zip
    2019-08-20 19:25 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
    2019-08-19 15:24 - 2014-08-08 10:38 - 000775728 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2019-08-19 11:17 - 2017-02-26 12:59 - 000002016 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2019-08-19 11:05 - 2014-12-07 13:46 - 000000000 ____D C:\ProgramData\HP
    2019-08-19 10:22 - 2009-07-14 01:08 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2019-08-13 21:18 - 2014-12-12 14:27 - 000000000 ____D C:\Windows\system32\MRT
    2019-08-13 21:16 - 2014-12-12 14:27 - 134272480 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2019-08-13 20:35 - 2014-12-12 15:15 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2019-08-13 20:35 - 2014-12-12 15:15 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2019-08-13 20:35 - 2014-12-12 15:15 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2019-08-13 20:35 - 2014-12-12 15:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2019-08-13 20:35 - 2014-12-12 15:15 - 000000000 ____D C:\Windows\system32\Macromed
    2019-08-08 19:23 - 2016-07-14 11:48 - 000002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-08-07 16:29 - 2014-12-07 14:33 - 000000000 ____D C:\Users\John\AppData\Local\Microsoft Help
    2019-08-05 10:18 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache

    ==================== Files in the root of some directories ================

    2019-05-15 21:03 - 2019-05-15 21:03 - 006922240 _____ () C:\Program Files (x86)\GUT8749.tmp

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-08-18 15:54
    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2019
    Ran by John (27-08-2019 10:25:57)
    Running from F:\FRST
    Windows 7 Professional Service Pack 1 (X64) (2014-12-07 16:42:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-316511226-2536946270-1915896526-500 - Administrator - Disabled)
    Anne (S-1-5-21-316511226-2536946270-1915896526-1003 - Administrator - Enabled) => C:\Users\Anne
    Guest (S-1-5-21-316511226-2536946270-1915896526-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-316511226-2536946270-1915896526-1002 - Limited - Enabled)
    John (S-1-5-21-316511226-2536946270-1915896526-1001 - Administrator - Enabled) => C:\Users\John

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security Suite (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security Suite (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
    FW: Norton Security Suite (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.238 - Adobe)
    Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
    GetFormsOnline Internet Explorer Toolbar (HKLM-x32\...\GetFormsOnline_dbbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
    HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
    HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
    HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
    HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.8.24.33 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.12.32.3 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
    Norton Security Suite (HKLM-x32\...\NGC) (Version: 22.18.0.222 - Symantec Corporation)
    OnlineRouteFinder Internet Explorer Homepage and New Tab (HKU\S-1-5-21-316511226-2536946270-1915896526-1001\...\OnlineRouteFinderTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
    Product Improvement Study for HP OfficeJet 4650 series (HKLM\...\{75534DD0-9FB9-410A-AD7B-0E4470F0558D}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7121 - Realtek Semiconductor Corp.)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.93332 - TeamViewer)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-316511226-2536946270-1915896526-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\NavShExt.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\NavShExt.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\buShell.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.18.0.222\NavShExt.dll [2019-08-17] (Symantec Corporation -> Symantec Corporation)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    ==================== Loaded Modules (Whitelisted) ==============

    2014-08-11 12:32 - 2013-08-15 14:34 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
    2013-03-22 11:38 - 2013-03-22 11:38 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
    2013-03-22 11:38 - 2013-03-22 11:38 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescueUA_1192072 => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


    2014-12-07 13:22 - 2019-08-27 10:10 - 000000430 _____ C:\Windows\system32\drivers\etc\hosts.ics

    10.0.0.5 John-PC.mshome.net # 2024 8 0 25 14 10 42 577

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-316511226-2536946270-1915896526-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B628EF5D-D436-4706-90EC-24A2DD4DEC5C}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{1D6D4C64-36D0-4054-98FC-1E25F79960A0}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{E2DC12AD-E114-45DB-9A6A-E564572DDCEE}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{632A7EE3-623A-4253-821E-17DB0D270018}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{7D55C737-8AFD-476E-8682-414448F71087}] => (Allow) LPort=5357
    FirewallRules: [{ACCE5921-64A4-4559-8142-B26DC52E1762}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{CB9909D5-C44F-408D-8CB1-688A487F8CAC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{4768B3FF-71FA-4F84-B15C-9BC4C37075D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{0A8F7451-BBA9-4808-9AB6-AE0E3AC4AF48}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{CCCA274C-96A2-46CB-B6D3-D8EFAA1465C2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{BF566E90-32F1-48CD-8738-BC4DB607BF0D}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS20FC\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{3977734A-D03D-4F2D-907D-791759817C10}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS20FC\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{58477C9A-94BA-43EB-8C88-8F6158BC47A9}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2249\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{AB776C03-7891-4E03-92B3-E73C3884FCE5}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2249\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{8BFF6D00-7A4F-4E3B-9E5F-044FFDD61590}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS4662\HP.EasyStart.exe No File
    FirewallRules: [{64A90B71-AC0B-4E91-8501-4954D3E8C78E}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{72A52154-2512-4E4E-927E-DF83CE4C4D06}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{C5AFFA72-0BCA-420F-8294-A9B923AC88A1}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{38AE7BBE-1FEF-414F-A3FC-A228A2FF1632}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{068C9F12-4722-4467-8EDF-FF551313536E}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{E7AB30DC-8228-4E7C-959C-4246DEE38411}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{1925628F-A645-4473-A695-4282FD7C6533}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS048C\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{E7E56468-3985-42DB-BA8C-D55283994633}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS048C\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{D2B9B242-BB59-4DF9-BBC3-374ED63C67FC}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS0567\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{BAD5CB13-41A8-4B85-BEB9-AF39296F442F}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS0567\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{808964D8-808F-48B9-86A6-9B7961597CEE}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS15D9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{61CE996E-9BDF-4B79-9A06-D91AB05CB8A3}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS15D9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{F81DA9AF-FFFF-40BB-85D6-A0DC9B6C4D3E}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS6721\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{34B62DBE-0CDF-442E-B085-A06F7E1B4E6B}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS6721\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{6846DC56-3DA3-4242-A916-03D6EC5801AB}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS48A6\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{4B1414C2-E241-4EF0-A6AA-34F552934A3A}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS48A6\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{EE219A79-1B8A-4F8D-BEC9-53658175D3C8}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS49F0\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{E7CFA7DA-D84C-4986-9D6E-2F6B5013CCA9}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS49F0\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{6CAEB012-6614-462B-82D8-8C8B469D7FA7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{84B32CB1-DA8B-400A-9051-7EE6B33459E1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{97B8EE59-2FCB-44D9-84AB-9842E4779178}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{542082F1-FB07-4290-AF36-2CE33F4F4113}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{87DFEE12-583D-46EB-8C7F-0709F6A757C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{EE3D3F9C-4C6F-41A6-8ADD-526998768B0E}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2B4C\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{ADF82381-6534-4E64-B1F2-F5CAFE54E2B1}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2B4C\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9DD744E1-E19A-4043-8327-F1C1BC4AF467}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2C23\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{46FC4D31-41C2-4BD8-8698-772FBC9BA9B4}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2C23\HPDiagnosticCoreUI.exe No File

    ==================== Restore Points =========================

    10-07-2019 15:54:48 Windows Update
    05-08-2019 10:17:34 Scheduled Checkpoint
    13-08-2019 21:15:57 Windows Update
    19-08-2019 15:23:13 Windows Update
    21-08-2019 13:29:36 B4 cleaning
    26-08-2019 21:19:33 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: 802.11n Wireless LAN Card
    Description: 802.11n Wireless LAN Card
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Ralink Technology, Corp.
    Service: netr28x
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: SASDIFSV
    Description: SASDIFSV
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SASDIFSV
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: SASKUTIL
    Description: SASKUTIL
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SASKUTIL
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/27/2019 10:09:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/27/2019 10:05:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/27/2019 10:00:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (08/26/2019 08:11:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ProductConfig.exe, version: 9.2.26.30, time stamp: 0x5d369d7c
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24499, time stamp: 0x5d011905
    Exception code: 0xe0434352
    Fault offset: 0x0000c5af
    Faulting process id: 0x135c
    Faulting application start time: 0x01d55c6be691c8ab
    Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: 296e96a7-c85f-11e9-a7cd-c03fd5a1ce8e

    Error: (08/26/2019 08:11:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: ProductConfig.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentNullException
    at System.Linq.Enumerable.Count[[System.Collections.Generic.KeyValuePair`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[ProductConfig.CapacityInfo, ProductConfig, Version=9.2.26.30, Culture=neutral, PublicKeyToken=null]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.Collections.Generic.KeyValuePair`2<System.__Canon,ProductConfig.CapacityInfo>>)
    at ProdConfig.Program.Main(System.String[])

    Error: (08/26/2019 08:09:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ProductConfig.exe, version: 9.2.26.30, time stamp: 0x5d369d7c
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.24499, time stamp: 0x5d011905
    Exception code: 0xe0434352
    Fault offset: 0x0000c5af
    Faulting process id: 0xfb8
    Faulting application start time: 0x01d55c6b615f0052
    Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: ea0bebff-c85e-11e9-a7cd-c03fd5a1ce8e

    Error: (08/26/2019 08:09:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: ProductConfig.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentNullException
    at System.Linq.Enumerable.Count[[System.Collections.Generic.KeyValuePair`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[ProductConfig.CapacityInfo, ProductConfig, Version=9.2.26.30, Culture=neutral, PublicKeyToken=null]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.Collections.Generic.KeyValuePair`2<System.__Canon,ProductConfig.CapacityInfo>>)
    at ProdConfig.Program.Main(System.String[])

    Error: (08/26/2019 07:47:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (08/27/2019 10:13:07 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
    Description: A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

    Error: (08/27/2019 10:13:07 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
    Description: A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/!S!'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

    Error: (08/27/2019 10:13:07 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
    Description: A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

    Error: (08/27/2019 10:13:07 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
    Description: A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/!S!'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

    Error: (08/27/2019 10:10:42 AM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: The DHCP allocator has disabled itself on IP address 10.0.0.5, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

    Error: (08/27/2019 10:10:42 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description: The ICS_IPV6 failed to configure IPv6 stack.

    Error: (08/27/2019 10:10:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SASDIFSV
    SASKUTIL

    Error: (08/27/2019 10:06:10 AM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: The DHCP allocator has disabled itself on IP address 10.0.0.5, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 0326 03/26/2014
    Motherboard: ECS H81H3-WM
    Processor: Intel(R) Pentium(R) CPU G3250 @ 3.20GHz
    Percentage of memory in use: 89%
    Total physical RAM: 3986.85 MB
    Available physical RAM: 426.94 MB
    Total Virtual: 7971.85 MB
    Available Virtual: 2773.65 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.16 GB) (Free:865.58 GB) NTFS
    Drive f: (GVTS_TOOLS) (Fixed) (Total:29.8 GB) (Free:5.24 GB) FAT32

    \\?\Volume{d412053b-696d-11e4-8a83-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.35 GB) (Free:0.32 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B5506AE6)
    Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 29.8 GB) (Disk ID: 8430174B)
    Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

    ==================== End of Addition.txt ============================
     

    Attached Files:

    Last edited by a moderator: Aug 28, 2019
    Tony D, Aug 27, 2019
    #1
  3. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    I can't see any reason for Firefox disappearing, but we'll give it a good clean and see how things are afterwards.

    There's still a few references to both in the reports, so I've added those to the fix.

    Step 1
    Please uninstall the following:
    GetFormsOnline Internet Explorer Toolbar (HKLM-x32\...\GetFormsOnline_dbbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
    OnlineRouteFinder Internet Explorer Homepage and New Tab (HKU\S-1-5-21-316511226-2536946270-1915896526-1001\...\OnlineRouteFinderTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
    Have added the lines related to these in the fix..... so if there's anything left after the uninstall, the fix will get them.

    This is very out of date:
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

    Follow the instructions here to remove it and download the latest version.
    Installing MalwareBytes V3

    Step 2
    Please download the attached fixlist.txt file (bottom of this post) and save it to F:\FRST .
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system

    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    46aaca3dcbbefa74c3f4dc5740a24b68.png

    The tool will make a log (Fixlog.txt). Please post this in your next reply.


    Step 3
    Please download RogueKiller Anti-malware (Free) onto your desktop.
    You don't have to make a donation if asked on the page.
    • Close all open programs and internet browsers.
    • Double click on RogueKiller Anti-malware to install the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Select Accept the User Agreement then continue to click Next then finally click Install
    • Click Finish
      .
    • When the program opens..... click Scan

      7a851969392add38f7ef429118119e7e.png

    • Click Start Scan

      a860644b8b1fa2edfaa8dff4975e75c3.png

      273d3d5f1c6c1ba62ea0b03eae8c5bee.png
    • Double check anything found and tick to select items to be removed

      1dcfe2147750d63e84a5aa23c69f6272.png
    • Click Remove Selected
    • When the items have been removed.... Click Open Report >> Open TXT.
    • Copy and paste that report into your next reply.

    In your next reply, please submit:
    FRST Fixlog report
    Report from RogueKiller


    Thanks.
     

    Attached Files:

    starbuck, Aug 28, 2019
    #2
  4. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,108
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thanks Starbuck. It'll be a few days till I get back to John.

    I did update MBAM after running FRST and before before running the MBAM scan.
     
    Tony D, Aug 28, 2019
    #3
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Ok, that's fine then.

    Not a problem, I'll still be here.
     
    starbuck, Aug 28, 2019
    #4
  6. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,108
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thanks, here they are.
     

    Attached Files:

    Tony D, Sep 3, 2019
    #5
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Has there been any problems with Norton or Chrome, lately?
     
    starbuck, Sep 3, 2019
    #6
  8. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,108
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    So far, it's running nicely. Chrome is good. Norton is starting as it should.

    I did retrieve the MBAM scan log from when I was there last week.
     

    Attached Files:

    Tony D, Sep 3, 2019
    #7
  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    The adware items that MBAM removed are basically Browser hijackers which will change the browser homepage and default search engine.
    They can also add unwanted Toolbars.
    I can't see anything in the report to suggest that something could be responsible for removing Firefox though.
    Keep and eye on things for a couple of days and let me know if anything changes.
     
    starbuck, Sep 3, 2019
    #8
  10. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,108
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Will do, Thanks again!
     
    Tony D, Sep 3, 2019
    #9

Share This Page