Here
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by ken (administrator) on KEN-PC (01-12-2015 16:15:18)
Running from C:\Users\ken\Downloads
Loaded Profiles: ken (Available Profiles: ken)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6416.42001.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6416.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Users\ken\Downloads\AdwCleaner (2).exe
(Farbar) C:\Users\ken\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [InboxAce Home Page Guard 64 bit] => "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2013-01-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\S-1-5-21-781871374-1970596618-1284458778-1000\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKU\S-1-5-21-781871374-1970596618-1284458778-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-781871374-1970596618-1284458778-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [436728 2012-09-10] (TomTom)
HKU\S-1-5-21-781871374-1970596618-1284458778-1000\...\RunOnce: [Uninstall C:\Users\ken\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ken\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-781871374-1970596618-1284458778-1000\...\RunOnce: [Uninstall C:\Users\ken\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ken\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => No File
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-06] (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6f7632b2-8401-4166-b879-318bb30ba4cf}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-781871374-1970596618-1284458778-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
www.msn.com/
HKU\S-1-5-21-781871374-1970596618-1284458778-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://
www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4154914682504323&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_30_ie&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyCzzyBtAtAyC0CzytCtBtAtN0D0Tzu0SzytAzztN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0FyC0CyD0EzyyDtG0EyDtByDtGtA0BtC0DtGtDzzyEtAtGyDzz0FtD0FzzzztA0CtC0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtDyB0A0AtBtCtGtB0C0BzztGyEtCyBzztGzyyEyD0BtGtDyCyCyD0A0F0C0BzyyE0BtC2Q&cr=476486106&ir=
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4154914682504323&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-781871374-1970596618-1284458778-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-781871374-1970596618-1284458778-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-08-28] (Sun Microsystems, Inc.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-08-28] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-781871374-1970596618-1284458778-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-781871374-1970596618-1284458778-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://
www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.5.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://
www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll No File
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-08-28] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-08-28] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32:
@Oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-01-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-01-06] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKU\S-1-5-21-781871374-1970596618-1284458778-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\ken\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement) - C:\Users\ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-16]
CHR Extension: (RealDownloader) - C:\Users\ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-17]
CHR Extension: (No Name) - C:\Users\ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlnhgoppkofgoieelflgbbicoganofl [2014-03-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-781871374-1970596618-1284458778-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\ken\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\ken\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [2012-06-30]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-26] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20151130.001\IDSvia64.sys [767224 2015-10-19] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20151201.004\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20151201.004\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-09-14] (CACE Technologies, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek )
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 15:10 - 2015-12-01 15:10 - 00016148 _____ C:\WINDOWS\system32\KEN-PC_ken_HistoryPrediction.bin
2015-12-01 10:39 - 2015-12-01 10:40 - 02350080 _____ (Farbar) C:\Users\ken\Downloads\FRST64 (1).exe
2015-11-30 20:42 - 2015-11-30 20:44 - 00066119 _____ C:\Users\ken\Downloads\Addition.txt
2015-11-30 20:39 - 2015-12-01 16:15 - 00024787 _____ C:\Users\ken\Downloads\FRST.txt
2015-11-30 20:39 - 2015-12-01 16:15 - 00000000 ____D C:\FRST
2015-11-30 20:36 - 2015-11-30 20:36 - 00001048 _____ C:\WINDOWS\SysWOW64\FSS.txt
2015-11-30 20:35 - 2015-11-30 20:35 - 00415744 _____ (Farbar) C:\Users\ken\Downloads\FSS.exe
2015-11-30 20:34 - 2015-11-30 20:39 - 02350080 _____ (Farbar) C:\Users\ken\Downloads\FRST64.exe
2015-11-30 11:38 - 2015-11-30 11:38 - 00509440 _____ (Tech Support Guy System) C:\Users\ken\Downloads\SysInfo (5).exe
2015-11-30 11:36 - 2015-11-30 11:36 - 00509440 _____ (Tech Support Guy System) C:\Users\ken\Downloads\SysInfo (4).exe
2015-11-28 12:33 - 2015-11-28 12:33 - 00509440 _____ (Tech Support Guy System) C:\Users\ken\Downloads\SysInfo (3).exe
2015-11-27 12:00 - 2015-11-27 12:00 - 00003229 _____ C:\Users\ken\AppData\Local\recently-used.xbel
2015-11-27 00:22 - 2015-11-27 00:22 - 00000000 ____D C:\Users\ken\AppData\Local\{7A0B5BE9-94F9-429E-8CB8-DAD4010D4CE1}
2015-11-25 18:22 - 2015-12-01 13:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-11-25 18:21 - 2015-11-25 18:21 - 00003398 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-11-25 14:32 - 2015-11-25 14:33 - 00042936 _____ C:\Users\ken\Downloads\234 Roosevelt Dr. (1).pdf
2015-11-25 14:21 - 2015-11-25 14:21 - 00042936 _____ C:\Users\ken\Downloads\234 Roosevelt Dr..pdf
2015-11-25 13:25 - 2015-11-25 13:25 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-21 14:23 - 2015-11-21 14:23 - 00611444 _____ C:\Users\ken\Downloads\instruction_harness_1nw0804_rev01.pdf
2015-11-15 18:44 - 2015-11-15 18:44 - 00000101 _____ C:\Users\ken\Downloads\text_0.txt
2015-11-13 09:10 - 2015-11-13 09:10 - 00000000 ____D C:\$SysReset
2015-11-10 17:49 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 17:49 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 17:49 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 17:49 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 17:49 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 17:49 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 17:49 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 17:49 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 17:49 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 17:49 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 17:49 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 17:49 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 17:49 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 17:48 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 17:48 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 17:48 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 17:48 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 17:48 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 17:48 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 17:48 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 17:48 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 17:48 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 17:48 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 17:48 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 17:48 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 17:48 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 17:48 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 17:48 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 17:48 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 17:48 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 17:48 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 17:48 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 17:48 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 17:48 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 17:48 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 17:48 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 17:48 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 17:48 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 17:48 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 17:48 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 17:48 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 17:48 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 17:48 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 17:48 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 17:48 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 17:48 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 17:48 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 17:48 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 17:48 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 17:48 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 17:48 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 17:48 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 17:48 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 17:08 - 2015-11-30 12:56 - 00000000 ____D C:\AdwCleaner
2015-11-10 17:05 - 2015-12-01 16:12 - 01712128 _____ C:\Users\ken\Downloads\AdwCleaner (3).exe
2015-11-10 17:02 - 2015-12-01 16:11 - 01712128 _____ C:\Users\ken\Downloads\AdwCleaner (2).exe
2015-11-10 16:53 - 2015-11-10 16:53 - 00017920 _____ C:\Users\ken\Documents\computer info.wps
2015-11-10 16:46 - 2015-11-10 16:46 - 00509440 _____ (Tech Support Guy System) C:\Users\ken\Downloads\SysInfo (2).exe
2015-11-10 16:45 - 2015-11-10 16:45 - 00509440 _____ (Tech Support Guy System) C:\Users\ken\Downloads\SysInfo (1).exe
2015-11-10 16:43 - 2015-11-10 16:43 - 00509440 _____ (Tech Support Guy System) C:\Users\ken\Downloads\SysInfo.exe
2015-11-01 12:09 - 2015-11-01 12:10 - 00020491 _____ C:\Users\ken\Downloads\X414d5120514552504d5130312020202055fee2ce21d3cdb5 (4).pdf
2015-11-01 12:09 - 2015-11-01 12:09 - 00020491 _____ C:\Users\ken\Downloads\X414d5120514552504d5130312020202055fee2ce21d3cdb5 (3).pdf
2015-11-01 12:08 - 2015-11-01 12:08 - 00010109 _____ C:\Users\ken\Downloads\X414d5120514552504d5130312020202055fee2ce2aec6eca.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 16:10 - 2015-09-26 17:25 - 00002368 _____ C:\Users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-01 16:10 - 2015-09-26 17:25 - 00000000 ___RD C:\Users\ken\OneDrive
2015-12-01 15:57 - 2012-04-12 07:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-01 15:54 - 2015-09-29 09:39 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B69A95FD-73A9-4F8D-B8A9-DADF42883E4C}
2015-12-01 08:33 - 2015-07-30 17:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 08:33 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-30 20:43 - 2015-07-10 04:47 - 00000000 ____D C:\Windows
2015-11-30 15:36 - 2010-08-20 16:05 - 00000000 ____D C:\Users\ken\AppData\Local\CrashDumps
2015-11-30 12:59 - 2011-10-05 13:08 - 00000406 _____ C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job
2015-11-30 12:58 - 2015-07-30 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 12:57 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-28 14:58 - 2015-09-28 14:45 - 00024759 _____ C:\Users\ken\Downloads\Ken-suspension form.pdf
2015-11-28 10:54 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-27 11:50 - 2014-02-05 13:22 - 00000000 ____D C:\Users\ken\Documents\My Scans
2015-11-27 11:05 - 2015-09-26 15:41 - 00000000 ____D C:\Users\ken
2015-11-27 10:41 - 2015-07-30 17:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-27 00:22 - 2011-01-23 14:44 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-11-25 18:22 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-25 18:21 - 2014-01-08 09:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-11-25 18:21 - 2014-01-07 20:11 - 00002439 _____ C:\Users\Public\Desktop\Norton Security Suite.LNK
2015-11-25 18:21 - 2010-05-22 06:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-11-25 13:28 - 2015-09-26 19:29 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-24 12:24 - 2015-09-26 15:38 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-24 12:24 - 2015-07-30 17:40 - 00000000 ____D C:\WINDOWS\INF
2015-11-22 20:18 - 2015-09-26 17:18 - 00000000 ____D C:\Users\ken\AppData\Local\Packages
2015-11-13 21:29 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 03:30 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 18:17 - 2015-07-30 17:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 18:13 - 2013-08-15 06:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 18:03 - 2009-11-14 00:27 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 17:12 - 2014-06-09 08:04 - 00000000 ____D C:\Users\ken\AppData\Roaming\Yahoo!
2015-11-10 17:12 - 2010-03-17 18:13 - 00000000 ____D C:\Users\ken\AppData\LocalLow\Yahoo!
2015-11-10 17:11 - 2011-10-05 12:58 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-11-10 16:53 - 2010-02-13 11:26 - 00000486 _____ C:\Users\ken\AppData\Roaming\wklnhst.dat
2015-11-10 16:51 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-11-03 13:20 - 2015-07-30 17:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-30 17:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 09:51 - 2009-11-02 00:18 - 00093064 _____ C:\Users\ken\AppData\Local\GDIPFONTCACHEV1.DAT
==================== Files in the root of some directories =======
2013-03-18 18:58 - 2013-03-18 18:58 - 0000288 _____ () C:\Users\ken\AppData\Roaming\.backup.dm
2010-02-13 11:26 - 2015-11-10 16:53 - 0000486 _____ () C:\Users\ken\AppData\Roaming\wklnhst.dat
2014-03-06 14:33 - 2014-06-02 20:16 - 0004096 ____H () C:\Users\ken\AppData\Local\keyfile3.drm
2015-03-13 13:34 - 2015-03-13 13:35 - 0001643 _____ () C:\Users\ken\AppData\Local\MyWinLockerInstaller.txt-20150313.log
2015-11-06 20:26 - 2015-11-06 20:27 - 0001830 _____ () C:\Users\ken\AppData\Local\MyWinLockerInstaller.txt-20151106.log
2015-11-27 12:00 - 2015-11-27 12:00 - 0003229 _____ () C:\Users\ken\AppData\Local\recently-used.xbel
2011-05-18 16:59 - 2011-10-11 10:47 - 0001940 _____ () C:\Users\ken\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2012-03-09 09:50 - 2015-08-05 20:17 - 0034782 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\ken\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-30 08:57
==================== End of FRST.txt ============================
is the FRST list