Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by DoyleandDeborah (administrator) on OFFICE-PC (21-08-2016 16:59:17)
Running from C:\Users\DoyleandDeborah\Desktop
Loaded Profiles: DoyleandDeborah (Available Profiles: DoyleandDeborah)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Flickr) C:\Users\DoyleandDeborah\AppData\Local\FlickrUploadrWindows\app-1.0.1.292\Flickr.exe
() C:\Users\DoyleandDeborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKLM-x32\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [SmileboxTray] => C:\Users\DoyleandDeborah\AppData\Roaming\Smilebox\SmileboxTray.exe [341976 2015-09-08] (Smilebox, Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [FlickrUploadr] => "C:\Users\DoyleandDeborah\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [Amazon Music] => C:\Users\DoyleandDeborah\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-11-18] ()
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-06-30] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-735262800-3402139366-674106683-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{069580a9-1947-420e-a11f-8b90f9b68e1c}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f0fc5653-b217-49b2-b1bb-c5f36b864615}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={A0B4FBEA-8931-4400-8E48-2D8CF65CF733}&mid=f5ac03e1630547cca10df16c22334559-a56ccfc89b71929407fd2cc247b8580eebb2f424&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-09 11:52:14&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {C2ADD33F-A696-4C07-A753-2980B62B169D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
FireFox:
========
FF ProfilePath: C:\Users\DoyleandDeborah\AppData\Roaming\Mozilla\Firefox\Profiles\elowxhej.default-1459667439276
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://
www.foxnews.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-735262800-3402139366-674106683-1001: @citrixonline.com/appdetectorplugin -> C:\Users\DoyleandDeborah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-05] (Citrix Online)
FF Extension: Pin It button - C:\Users\DoyleandDeborah\AppData\Roaming\Mozilla\Firefox\Profiles\elowxhej.default-1459667439276\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-05-01]
FF Extension: JollyArcade - C:\Users\DoyleandDeborah\AppData\Roaming\Mozilla\Firefox\Profiles\elowxhej.default-1459667439276\Extensions\{cd9d2474-fff2-4f19-8452-0ec2f4422117}.xpi [2016-08-11]
Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir="
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-13]
CHR Extension: (Google Docs) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-13]
CHR Extension: (Google Drive) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-09]
CHR Extension: (YouTube) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-09]
CHR Extension: (AVG Secure Search) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-06-09]
CHR Extension: (Google Search) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-13]
CHR Extension: (Google Sheets) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Gmail) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-03] (IDT, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-24] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-21 16:59 - 2016-08-21 16:59 - 00000000 ____D C:\Users\DoyleandDeborah\Desktop\FRST-OlderVersion
2016-08-20 19:28 - 2016-08-20 19:28 - 00048408 _____ C:\Users\DoyleandDeborah\Desktop\Addition.txt
2016-08-20 19:27 - 2016-08-21 16:59 - 00027041 _____ C:\Users\DoyleandDeborah\Desktop\FRST.txt
2016-08-20 19:27 - 2016-08-21 16:59 - 00000000 ____D C:\FRST
2016-08-20 19:25 - 2016-08-21 16:59 - 02396672 _____ (Farbar) C:\Users\DoyleandDeborah\Desktop\FRST64.exe
2016-08-20 00:51 - 2016-08-20 00:51 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-20 00:51 - 2016-08-20 00:51 - 00001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-20 00:48 - 2016-08-20 00:51 - 45146176 _____ C:\Users\DoyleandDeborah\Downloads\Firefox Setup 48.0.1.exe
2016-08-20 00:45 - 2016-08-20 00:45 - 00243408 _____ C:\Users\DoyleandDeborah\Downloads\Firefox_Setup_38.0.exe
2016-08-20 00:44 - 2016-08-20 00:45 - 01050944 _____ ( ) C:\Users\DoyleandDeborah\Downloads\Firefox_Setup.exe
2016-08-19 22:29 - 2016-08-19 22:29 - 00051712 _____ C:\Users\DoyleandDeborah\Downloads\WNMU Field Practicum Timesheet 2016.xls
2016-08-19 21:50 - 2016-08-19 21:50 - 00017590 _____ C:\Users\DoyleandDeborah\Downloads\MSW-without_BSW_2016-17-1.pdf
2016-08-19 08:03 - 2016-08-19 08:03 - 00000000 ___HD C:\OneDriveTemp
2016-08-18 22:45 - 2016-08-18 22:45 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\DoyleandDeborah\Downloads\Zoom_launcher.exe
2016-08-18 22:45 - 2016-08-18 22:45 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\DoyleandDeborah\Downloads\Zoom_launcher (1).exe
2016-08-16 22:20 - 2016-08-16 22:20 - 00104734 _____ C:\Users\DoyleandDeborah\Documents\Student Travel Request-2.pdf
2016-08-16 22:07 - 2016-08-20 19:20 - 00000000 ____D C:\Users\DoyleandDeborah\Documents\2016-17 Grad
2016-08-13 13:07 - 2016-08-13 13:07 - 00509440 _____ (Tech Support Guy System) C:\Users\DoyleandDeborah\Downloads\SysInfo.exe
2016-08-13 10:45 - 2016-08-13 10:45 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\Program Files\iTunes
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\Program Files\iPod
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-13 10:39 - 2016-08-13 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-08-13 10:24 - 2016-08-13 10:24 - 07045323 _____ C:\Users\DoyleandDeborah\Downloads\OST-2011-English-Music-and-Voice_eng.zip
2016-08-10 05:03 - 2016-08-03 04:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 05:03 - 2016-08-03 04:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 05:03 - 2016-08-03 04:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 05:03 - 2016-08-03 04:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 05:03 - 2016-08-03 04:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 05:03 - 2016-08-03 04:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 05:03 - 2016-08-03 04:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 05:03 - 2016-08-03 04:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 05:03 - 2016-08-03 04:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 05:03 - 2016-08-03 04:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 05:03 - 2016-08-03 04:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 05:03 - 2016-08-03 04:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 05:03 - 2016-08-03 04:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 05:03 - 2016-08-03 03:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 05:03 - 2016-08-03 03:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 05:03 - 2016-08-03 03:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 05:03 - 2016-08-03 03:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 05:03 - 2016-08-03 03:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 05:03 - 2016-08-03 03:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 05:03 - 2016-08-03 03:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 05:03 - 2016-08-03 03:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 05:03 - 2016-08-03 03:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 05:03 - 2016-08-03 03:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 05:03 - 2016-08-03 03:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 05:03 - 2016-08-03 03:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 05:03 - 2016-08-03 03:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 05:03 - 2016-08-03 03:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 05:03 - 2016-08-03 03:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 05:03 - 2016-08-03 03:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 05:03 - 2016-08-03 03:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 05:03 - 2016-08-03 03:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 05:03 - 2016-08-03 03:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 05:03 - 2016-08-03 03:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 05:03 - 2016-08-03 03:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 05:03 - 2016-08-03 03:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 05:03 - 2016-08-03 03:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 05:03 - 2016-08-03 03:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 05:03 - 2016-08-03 03:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 05:03 - 2016-08-02 23:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 05:03 - 2016-08-02 23:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 05:03 - 2016-08-02 23:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 05:03 - 2016-08-02 23:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 05:03 - 2016-08-02 23:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 05:03 - 2016-08-02 23:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 05:03 - 2016-08-02 23:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 05:03 - 2016-08-02 22:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 05:03 - 2016-08-02 22:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 05:03 - 2016-08-02 22:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 05:03 - 2016-08-02 22:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 05:03 - 2016-08-02 22:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 05:03 - 2016-08-02 22:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 05:03 - 2016-08-02 22:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 05:03 - 2016-08-02 22:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 05:03 - 2016-08-02 22:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 05:03 - 2016-08-02 22:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 05:03 - 2016-08-02 22:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 05:03 - 2016-08-02 22:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 05:03 - 2016-08-02 22:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 05:03 - 2016-08-02 22:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 05:02 - 2016-08-03 05:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 05:02 - 2016-08-03 05:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 05:02 - 2016-08-03 05:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 05:02 - 2016-08-03 04:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 05:02 - 2016-08-03 04:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 05:02 - 2016-08-03 04:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 05:02 - 2016-08-03 04:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 05:02 - 2016-08-03 04:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 05:02 - 2016-08-03 04:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 05:02 - 2016-08-03 04:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 05:02 - 2016-08-03 04:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 05:02 - 2016-08-03 04:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 05:02 - 2016-08-03 04:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 05:02 - 2016-08-03 03:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 05:02 - 2016-08-03 03:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 05:02 - 2016-08-03 03:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 05:02 - 2016-08-03 03:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 05:02 - 2016-08-03 03:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 05:02 - 2016-08-03 03:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 05:02 - 2016-08-03 03:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 05:02 - 2016-08-03 03:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 05:02 - 2016-08-03 03:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 05:02 - 2016-08-03 03:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 05:02 - 2016-08-03 03:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 05:02 - 2016-08-03 03:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 05:02 - 2016-08-03 03:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 05:02 - 2016-08-03 03:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 05:02 - 2016-08-03 03:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 05:02 - 2016-08-03 03:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 05:02 - 2016-08-03 03:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 05:02 - 2016-08-03 03:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 05:02 - 2016-08-03 03:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 05:02 - 2016-08-03 03:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 05:02 - 2016-08-03 03:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 05:02 - 2016-08-03 03:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 05:02 - 2016-08-03 03:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 05:02 - 2016-08-03 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 05:02 - 2016-08-03 03:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 05:02 - 2016-08-03 03:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 05:02 - 2016-08-03 03:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 05:02 - 2016-08-03 03:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 05:02 - 2016-08-03 03:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 05:02 - 2016-08-03 03:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 05:02 - 2016-08-03 03:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 05:02 - 2016-08-03 03:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 05:02 - 2016-08-03 03:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 05:02 - 2016-08-03 03:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 05:02 - 2016-08-03 03:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 05:02 - 2016-08-02 23:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 05:02 - 2016-08-02 23:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 05:02 - 2016-08-02 23:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 05:02 - 2016-08-02 22:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 05:02 - 2016-08-02 22:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 05:02 - 2016-08-02 22:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 05:02 - 2016-08-02 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 05:02 - 2016-08-02 22:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 05:02 - 2016-08-02 22:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 05:02 - 2016-08-02 22:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 05:02 - 2016-08-02 22:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 05:02 - 2016-08-02 22:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 05:02 - 2016-08-02 22:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 05:02 - 2016-08-02 22:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 05:02 - 2016-08-02 22:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 05:02 - 2016-08-02 22:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 05:02 - 2016-08-02 22:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 05:02 - 2016-08-02 22:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 05:02 - 2016-08-02 22:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 05:02 - 2016-08-02 22:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 05:02 - 2016-08-02 22:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 05:02 - 2016-08-02 22:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-21 16:53 - 2015-02-03 21:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f.job
2016-08-21 16:46 - 2014-09-10 19:07 - 00000338 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2016-08-21 16:42 - 2014-10-20 18:27 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-21 16:35 - 2014-11-05 19:28 - 00000642 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001.job
2016-08-21 16:34 - 2014-09-11 18:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-21 16:15 - 2014-09-10 18:25 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1D506CD0-8EC6-4A51-9420-79D755D33A61}
2016-08-21 09:31 - 2015-06-01 14:22 - 00000738 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001.job
2016-08-21 09:08 - 2014-09-10 19:08 - 00000338 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
2016-08-20 19:49 - 2016-01-04 07:31 - 00000000 ____D C:\Users\DoyleandDeborah
2016-08-20 19:49 - 2014-07-09 14:33 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-08-20 19:32 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-20 00:51 - 2016-06-10 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-20 00:51 - 2014-09-10 19:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-20 00:45 - 2014-09-10 19:07 - 00002820 _____ C:\WINDOWS\System32\Tasks\UpdaterEX
2016-08-19 08:23 - 2014-09-13 11:41 - 00003324 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDoyleandDeborah
2016-08-19 08:23 - 2014-09-13 11:41 - 00000392 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDoyleandDeborah.job
2016-08-19 08:06 - 2016-01-04 07:31 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-19 08:03 - 2016-01-04 07:28 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-19 08:03 - 2014-11-15 10:25 - 00000000 __SHD C:\Users\DoyleandDeborah\IntelGraphicsProfiles
2016-08-19 08:03 - 2014-10-20 18:27 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 08:03 - 2014-09-13 17:22 - 00000000 __RDO C:\Users\DoyleandDeborah\OneDrive
2016-08-19 08:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-19 07:59 - 2016-01-04 07:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 06:58 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-17 16:21 - 2014-09-26 18:52 - 00003512 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-08-16 22:14 - 2015-09-24 17:33 - 00000000 ____D C:\Users\DoyleandDeborah\Documents\2015-16 grad papers
2016-08-15 21:13 - 2016-01-06 16:44 - 00000000 ____D C:\Users\DoyleandDeborah\Documents\EI DS II
2016-08-13 10:51 - 2016-03-07 23:19 - 00000000 ___RD C:\Users\DoyleandDeborah\iCloudDrive
2016-08-13 10:51 - 2016-03-07 23:19 - 00000000 ____D C:\Users\DoyleandDeborah\AppData\Local\67E3E129-54B5-4109-B890-05E83A93D247.aplzod
2016-08-13 10:48 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-13 10:45 - 2014-09-26 17:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-12 09:35 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 13:39 - 2015-06-01 14:22 - 00003912 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001
2016-08-11 13:39 - 2014-11-05 19:28 - 00003816 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001
2016-08-11 05:45 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 03:46 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 03:46 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 03:46 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 05:13 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 05:13 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 05:13 - 2014-09-12 09:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 05:09 - 2014-09-12 09:41 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 18:54 - 2014-10-20 18:28 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 18:54 - 2014-10-20 18:28 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-06 13:55 - 2016-06-07 16:28 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-08-06 13:55 - 2016-06-07 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-08-02 16:23 - 2015-10-02 11:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 07:48 - 2015-02-03 21:37 - 00004014 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f
2016-08-02 07:48 - 2014-10-20 18:27 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-02 07:43 - 2014-09-18 16:53 - 00000000 ____D C:\ProgramData\FitbitConnect
2016-08-02 07:43 - 2014-07-09 14:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-02 07:34 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\registration
2016-08-02 07:33 - 2014-11-29 18:02 - 00000000 __RHD C:\MSOCache
2016-07-27 13:25 - 2015-11-08 13:26 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-09-10 20:08 - 2014-12-09 01:08 - 0000130 _____ () C:\Users\DoyleandDeborah\AppData\Roaming\WB.CFG
2014-12-01 18:08 - 2014-12-01 18:08 - 0000010 _____ () C:\Users\DoyleandDeborah\AppData\Local\DSI.DAT
2014-11-15 12:41 - 2014-11-15 12:41 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\DoyleandDeborah\AppData\Local\Temp\avguirn_08284737444.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u91-windows-au.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-15 07:59
==================== End of FRST.txt ============================