Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
dllhost.exe working hard
Message
<blockquote data-quote="surlyone" data-source="post: 316190" data-attributes="member: 31968"><p>Here're txt files fro FARBAR:</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01</p><p>Ran by nancy at 2014-12-16 16:44:21</p><p>Running from C:\Users\nancy\Desktop</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p>==================== Security Center ========================</p><p>(If an entry is included in the fixlist, it will be removed.)</p><p>AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p>==================== Installed Programs ======================</p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p>Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)</p><p>Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)</p><p>Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)</p><p>Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)</p><p>Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>ATI Catalyst Install Manager (HKLM\...\{83715090-142B-D305-36EC-7538A007D336}) (Version: 3.0.732.0 - ATI Technologies, Inc.)</p><p>Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>calibre (HKLM-x32\...\{8D7FBFCA-6739-48B0-B39A-E1B2BFB2D85C}) (Version: 0.8.0 - Kovid Goyal)</p><p>ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden</p><p>Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)</p><p>Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)</p><p>CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)</p><p>FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)</p><p>GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)</p><p>Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden</p><p>HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)</p><p>HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)</p><p>HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)</p><p>HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)</p><p>HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)</p><p>HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)</p><p>HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)</p><p>HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)</p><p>HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)</p><p>HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)</p><p>HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)</p><p>HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)</p><p>HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)</p><p>HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)</p><p>HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)</p><p>HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)</p><p>HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)</p><p>HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)</p><p>HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)</p><p>HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)</p><p>HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)</p><p>HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)</p><p>HP Wireless Assistant (HKLM-x32\...\{F9A43C0C-F274-4EC0-B02E-202C15C09C00}) (Version: 3.50.12.1 - Hewlett-Packard)</p><p>I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)</p><p>IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)</p><p>Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)</p><p>iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)</p><p>Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)</p><p>JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)</p><p>LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden</p><p>LightScribe System Software (HKLM-x32\...\{3744B641-61DE-417F-BCDC-9CCED4224DF8}) (Version: 1.18.13.1 - LightScribe)</p><p>Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)</p><p>Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)</p><p>Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)</p><p>Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 1.2.0.6 - Symantec Corporation)</p><p>Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)</p><p>Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden</p><p>PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)</p><p>PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden</p><p>PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden</p><p>QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden</p><p>QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)</p><p>Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)</p><p>SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden</p><p>VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)</p><p>WD SmartWare (HKLM\...\{9798BB87-01B9-4D46-8EA0-6681E72BDE87}) (Version: 1.6.5.2 - Western Digital Technologies, Inc.)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)</p><p>Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )</p><p>==================== Custom CLSID (selected items): ==========================</p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>==================== Restore Points =========================</p><p>10-11-2014 21:25:51 Scheduled Checkpoint</p><p>12-11-2014 03:12:18 Installed Java 7 Update 71</p><p>12-11-2014 18:38:56 Windows Update</p><p>22-11-2014 22:33:22 Scheduled Checkpoint</p><p>27-11-2014 15:21:46 Windows Update</p><p>11-12-2014 18:11:49 Windows Update</p><p>11-12-2014 20:24:00 Windows Update</p><p>13-12-2014 02:12:49 Windows Update</p><p>==================== Hosts content: ==========================</p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p>2009-07-13 18:34 - 2014-09-25 14:09 - 00000954 ____A C:\Windows\system32\Drivers\etc\hosts</p><p>127.0.0.1 localhost</p><p>127.0.0.1 localhost</p><p>127.0.0.1 localhost</p><p>127.0.0.1 localhost</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p>Task: {09AD16A8-0590-422E-81CA-09DC92233069} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17] (Adobe Systems Incorporated)</p><p>Task: {173A886A-B75E-4A16-83BB-FE45127F045B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)</p><p>Task: {1D8D6A70-134A-44AB-82FD-96EC3515545C} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)</p><p>Task: {2853C35C-AA23-4215-9776-C1651AD7643D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)</p><p>Task: {341B0291-F769-48B8-BF1D-2F704F1E1D57} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)</p><p>Task: {346BC84C-5A09-4F3B-8D44-8497CBBF4AC6} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)</p><p>Task: {3A5FD254-B3C0-4601-B1E9-D3CE6551A75C} - System32\Tasks\{9E144830-E20C-4335-B4C4-78CEE263097B} => pcalua.exe -a "C:\Users\delta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MINK22I\vcredist_x86.exe" -d C:\Users\delta\Desktop</p><p>Task: {3C2AA61B-F0BE-4600-B7C8-1606B0CFF78C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {55934352-E4FF-4A54-883F-67E63C38FB8A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {5E4E707F-4937-45FD-8DEF-105B67AE3E52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39AEXJ8T05KC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)</p><p>Task: {77F1C4B3-D5FA-4746-BDA7-05FFA7F0A597} - System32\Tasks\HPCeeScheduleFordelta => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)</p><p>Task: {83E97B34-55AA-4076-8C76-B6068EEA3D5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)</p><p>Task: {9A26E239-2789-46F9-8BCC-0DE5FFAB6498} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p>Task: {AEA01BBF-F836-4309-93FB-2215BDBE03A7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)</p><p>Task: {C0D44B35-3917-475E-A638-F0CDFC26AD31} - System32\Tasks\{35F7EB3F-F0D2-462E-9DCD-CB89984010D2} => pcalua.exe -a C:\Users\delta\Desktop\sp45974.exe -d C:\Users\delta\Desktop</p><p>Task: {C3CB6ACA-D08D-48A6-91EC-2D8FAD7B2518} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)</p><p>Task: {C7635C76-4F41-4953-AD23-B7113C7BF8DC} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)</p><p>Task: {C90EC787-C474-4B69-8832-7D0B741DF4BB} - System32\Tasks\{2F0E6D0F-E3F2-4B28-B4E0-F5D36BB4C8C4} => pcalua.exe -a "C:\Users\delta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3BIOGDA\vcredist_x64.exe" -d C:\Users\delta\Desktop</p><p>Task: {D43A9BEF-B906-4B18-B5FC-358C406AE9E3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)</p><p>Task: {D8D45571-8EC5-417E-93EE-CBEEDDEC6B7F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)</p><p>Task: {E923049E-EB87-4B98-A64A-776EE5933399} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\HPCeeScheduleFordelta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe</p><p>==================== Loaded Modules (whitelisted) =============</p><p>2009-08-14 22:24 - 2009-01-21 10:47 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>2014-05-01 11:29 - 2014-05-01 11:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll</p><p>2009-06-22 11:37 - 2009-06-22 11:37 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe</p><p>2009-07-07 10:56 - 2009-07-07 10:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll</p><p>2009-08-25 00:27 - 2009-08-25 00:27 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll</p><p>2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe</p><p>2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2014-09-06 08:44 - 2014-09-06 08:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll</p><p>2014-05-24 08:41 - 2014-05-24 08:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll</p><p>2014-05-24 08:41 - 2014-05-24 08:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll</p><p>2009-07-23 10:37 - 2009-07-23 10:37 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll</p><p>2010-03-19 09:45 - 2010-03-19 09:45 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll</p><p>2010-03-19 09:45 - 2010-03-19 09:45 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll</p><p>2010-03-19 09:45 - 2010-03-19 09:45 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll</p><p>==================== Alternate Data Streams (whitelisted) =========</p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"</p><p>==================== EXE Association (whitelisted) =============</p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>========================= Accounts: ==========================</p><p>Administrator (S-1-5-21-161241183-893571751-3115716322-500 - Administrator - Disabled)</p><p>Channing (S-1-5-21-161241183-893571751-3115716322-1006 - Administrator - Enabled) => C:\Users\Channing</p><p>Chayse (S-1-5-21-161241183-893571751-3115716322-1005 - Administrator - Enabled) => C:\Users\Chayse</p><p>dean (S-1-5-21-161241183-893571751-3115716322-1003 - Administrator - Enabled) => C:\Users\dean</p><p>delta (S-1-5-21-161241183-893571751-3115716322-1004 - Administrator - Enabled) => C:\Users\delta</p><p>Guest (S-1-5-21-161241183-893571751-3115716322-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-161241183-893571751-3115716322-1002 - Limited - Enabled)</p><p>nancy (S-1-5-21-161241183-893571751-3115716322-1001 - Administrator - Enabled) => C:\Users\nancy</p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>==================== Event log errors: =========================</p><p>Application errors:</p><p>==================</p><p>Error: (12/16/2014 04:31:42 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17420, time stamp: 0x545ad233</p><p>Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00038e19</p><p>Faulting process id: 0xbb0</p><p>Faulting application start time: 0xIEXPLORE.EXE0</p><p>Faulting application path: IEXPLORE.EXE1</p><p>Faulting module path: IEXPLORE.EXE2</p><p>Report Id: IEXPLORE.EXE3</p><p>Error: (12/16/2014 04:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 12544773</p><p>Error: (12/16/2014 04:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 12544773</p><p>Error: (12/16/2014 04:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p>Error: (12/16/2014 00:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 15600</p><p>Error: (12/16/2014 00:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 15600</p><p>Error: (12/16/2014 00:53:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p>Error: (12/11/2014 10:14:00 AM) (Source: Windows Search Service) (EventID: 3007) (User: )</p><p>Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.</p><p>Context: Application, SystemIndex Catalog</p><p>Error: (12/11/2014 10:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 129688842</p><p>Error: (12/11/2014 10:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 129688842</p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/12/2014 05:35:03 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}</p><p>Error: (12/12/2014 05:25:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024864.</p><p>Error: (12/12/2014 05:25:31 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)</p><p>Description: The BITS service failed to start. Error 2147942432.</p><p>Error: (12/11/2014 00:26:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Windows Search service failed to start due to the following error: </p><p>%%1053</p><p>Error: (12/11/2014 00:26:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.</p><p>Error: (12/05/2014 02:09:38 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}</p><p>Error: (12/05/2014 01:55:14 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p>Error: (12/04/2014 10:50:04 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p>Error: (11/30/2014 09:28:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p>Error: (11/29/2014 01:21:32 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>==================== Memory info ===========================</p><p>Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz</p><p>Percentage of memory in use: 65%</p><p>Total physical RAM: 3069.19 MB</p><p>Available physical RAM: 1055.4 MB</p><p>Total Pagefile: 6136.55 MB</p><p>Available Pagefile: 3533 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.84 MB</p><p>==================== Drives ================================</p><p>Drive c: () (Fixed) (Total:282.95 GB) (Free:202.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (RECOVERY) (Fixed) (Total:14.95 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>==================== MBR & Partition Table ==================</p><p>========================================================</p><p>Disk: 0 (Size: 298.1 GB) (Disk ID: E0A9332A)</p><p>Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)</p><p>==================== End Of Log ============================</p><p></p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01</p><p>Ran by nancy (administrator) on MYHOME-PC on 16-12-2014 16:43:10</p><p>Running from C:\Users\nancy\Desktop</p><p>Loaded Profile: nancy (Available profiles: nancy & dean & delta & Chayse & Channing)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p>==================== Processes (Whitelisted) =================</p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe</p><p>(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe</p><p>(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe</p><p>() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe</p><p>(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe</p><p>(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe</p><p>(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe</p><p>() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe</p><p>(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</p><p>(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(Microsoft Corporation) C:\Windows\System32\taskmgr.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe</p><p>(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p>HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)</p><p>HKLM\...\Run: [AESTFltr] => %SystemRoot%\system32\AESTFltr.exe /NoDlg</p><p>HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)</p><p>HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-06-22] ()</p><p>HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)</p><p>HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)</p><p>HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)</p><p>HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Policies\system: [WallpaperStyle] 2</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Policies\system: [LogonHoursAction] 2</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\MountPoints2: {9926c541-27a8-11df-bd1c-00269e906b60} - "F:\WD SmartWare.exe" autoplay=true</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\MountPoints2: {feec7c4b-2d40-11df-83a5-00269e906b60} - F:\LaunchU3.exe</p><p>HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2</p><p>Startup: C:\Users\Channing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk</p><p>ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)</p><p>GroupPolicyUsers\S-1-5-21-161241183-893571751-3115716322-1005\User: Group Policy restriction detected <======= ATTENTION</p><p>==================== Internet (Whitelisted) ====================</p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="https://login.yahoo.com/config/login_verify2?.intl=us&.partner=sbc&.src=ym" target="_blank">https://login.yahoo.com/config/login_verify2?.intl=us&.partner=sbc&.src=ym</a></p><p>HKU\S-1-5-21-161241183-893571751-3115716322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb</a></p><p>SearchScopes: HKLM -> DefaultScope {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = <a href="http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_36_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EzytDyC0ByCtD0DtA0AtCtN0D0Tzu0SzyzztDtN1L2XzutAtFtBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtC0E0DtDzzzztDtG0D0CtCyCtGzyzz0CyDtG0F0EtAtDtGyD0FtDzy0B0FtA0E0AyBzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0D0DyBzy0C0AtGyB0EtCyCtGyE0F0EtBtGzyzytCyDtG0AtC0EtAtDyEtCzzzy0A0FyE2Q&cr=1909079446&ir" target="_blank">http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_36_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EzytDyC0ByCtD0DtA0AtCtN0D0Tzu0SzyzztDtN1L2XzutAtFtBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtC0E0DtDzzzztDtG0D0CtCyCtGzyzz0CyDtG0F0EtAtDtGyD0FtDzy0B0FtA0E0AyBzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0D0DyBzy0C0AtGyB0EtCyCtGyE0F0EtBtGzyzytCyDtG0AtC0EtAtDyEtCzzzy0A0FyE2Q&cr=1909079446&ir</a>=</p><p>SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = <a href="http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox</a></p><p>SearchScopes: HKLM -> {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = <a href="http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_36_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EzytDyC0ByCtD0DtA0AtCtN0D0Tzu0SzyzztDtN1L2XzutAtFtBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtC0E0DtDzzzztDtG0D0CtCyCtGzyzz0CyDtG0F0EtAtDtGyD0FtDzy0B0FtA0E0AyBzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0D0DyBzy0C0AtGyB0EtCyCtGyE0F0EtBtGzyzytCyDtG0AtC0EtAtDyEtCzzzy0A0FyE2Q&cr=1909079446&ir" target="_blank">http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_36_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EzytDyC0ByCtD0DtA0AtCtN0D0Tzu0SzyzztDtN1L2XzutAtFtBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtC0E0DtDzzzztDtG0D0CtCyCtGzyzz0CyDtG0F0EtAtDtGyD0FtDzy0B0FtA0E0AyBzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0D0DyBzy0C0AtGyB0EtCyCtGyE0F0EtBtGzyzytCyDtG0AtC0EtAtDyEtCzzzy0A0FyE2Q&cr=1909079446&ir</a>=</p><p>SearchScopes: HKLM -> {EA4AB73B-2615-4289-A738-FD4FF26E3106} URL = <a href="http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl" target="_blank">http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl</a></p><p>SearchScopes: HKLM-x32 -> DefaultScope {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = <a href="http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox</a></p><p>SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKLM-x32 -> {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = <a href="http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox</a></p><p>SearchScopes: HKLM-x32 -> {EA4AB73B-2615-4289-A738-FD4FF26E3106} URL = <a href="http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl" target="_blank">http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl</a></p><p>SearchScopes: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = <a href="http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS" target="_blank">http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS</a>}</p><p>SearchScopes: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> {EA4AB73B-2615-4289-A738-FD4FF26E3106} URL = <a href="http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl" target="_blank">http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl</a></p><p>BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File</p><p>BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)</p><p>BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)</p><p>Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>Toolbar: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File</p><p>Toolbar: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7bs5n6j2.default</p><p>FF SelectedSearchEngine: Astromenda</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF user.js: detected! => C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7bs5n6j2.default\user.js</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)</p><p>FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-15]</p><p>FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-07]</p><p>FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-31]</p><p>FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013-01-08]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:smartwebprinting@hp.com">smartwebprinting@hp.com</a>] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</p><p>FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-31]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST</p><p>FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn</p><p>FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn [2014-12-16]</p><p>FF HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Firefox\Extensions: [<a href="mailto:smartwebprinting@hp.com">smartwebprinting@hp.com</a>] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [Not Found]</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [Not Found]</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [Not Found]</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [Not Found]</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [Not Found]</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [Not Found]</p><p>FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn [Not Found]</p><p>FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn [Not Found]</p><p>FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]</p><p>Chrome: </p><p>=======</p><p>CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path</p><p>CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]</p><p>CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path</p><p>CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]</p><p>==================== Services (Whitelisted) =================</p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p>R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]</p><p>R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)</p><p>R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-03-19] (Hewlett-Packard Company) [File not signed]</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)</p><p>R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)</p><p>R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation)</p><p>R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()</p><p>R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [240640 2010-02-20] (IDT, Inc.)</p><p>R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )</p><p>R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)</p><p>R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital )</p><p>==================== Drivers (Whitelisted) ====================</p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p>S3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [146048 2009-04-20] (Andrea Electronics Corporation)</p><p>R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)</p><p>R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)</p><p>R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)</p><p>R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)</p><p>R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20141212.002\IDSvia64.sys [637656 2014-11-21] (Symantec Corporation)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)</p><p>R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141215.016\ENG64.SYS [129752 2014-12-12] (Symantec Corporation)</p><p>R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141215.016\EX64.SYS [2137304 2014-12-12] (Symantec Corporation)</p><p>R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)</p><p>R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)</p><p>R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)</p><p>R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)</p><p>R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-08] (Symantec Corporation)</p><p>R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)</p><p>R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)</p><p>S3 CpqDfw; system32\drivers\CpqDfw.sys [X]</p><p>U4 eabfiltr; No ImagePath</p><p>U3 wampapache; No ImagePath</p><p>U3 wampapache64; No ImagePath</p><p>==================== NetSvcs (Whitelisted) ===================</p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p>==================== One Month Created Files and Folders ========</p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p>2014-12-16 16:43 - 2014-12-16 16:43 - 00023548 _____ () C:\Users\nancy\Desktop\FRST.txt</p><p>2014-12-16 16:42 - 2014-12-16 16:43 - 00000000 ____D () C:\FRST</p><p>2014-12-16 16:41 - 2014-12-16 16:41 - 02119168 _____ (Farbar) C:\Users\nancy\Desktop\FRST64.exe</p><p>2014-12-16 16:28 - 2014-12-16 16:28 - 00000000 __SHD () C:\Users\nancy\AppData\Local\EmieUserList</p><p>2014-12-16 16:28 - 2014-12-16 16:28 - 00000000 __SHD () C:\Users\nancy\AppData\Local\EmieSiteList</p><p>2014-12-16 16:28 - 2014-12-16 16:28 - 00000000 __SHD () C:\Users\nancy\AppData\Local\EmieBrowserModeList</p><p>2014-12-11 12:26 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll</p><p>2014-12-11 12:26 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll</p><p>2014-12-05 23:16 - 2014-12-05 23:19 - 00000050 _____ () C:\Users\delta\Desktop\FixPoweliks64.log</p><p>2014-12-05 14:24 - 2014-12-05 14:24 - 02747488 _____ (Symantec Corporation) C:\Users\delta\Desktop\FixPoweliks64.exe</p><p>2014-11-26 11:02 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2014-11-26 11:02 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll</p><p>2014-11-26 11:02 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2014-11-26 11:02 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll</p><p>2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL</p><p>==================== One Month Modified Files and Folders =======</p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p>2014-12-16 16:43 - 2009-08-25 00:29 - 01645582 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-12-16 16:24 - 2012-04-04 06:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-12-16 16:23 - 2014-01-27 16:54 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFordelta.job</p><p>2014-12-16 16:23 - 2009-07-13 20:51 - 01508447 _____ () C:\Windows\setupact.log</p><p>2014-12-16 12:02 - 2014-11-11 18:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-12-16 11:31 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-16 11:31 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-16 11:24 - 2010-01-29 08:34 - 00000000 ____D () C:\Users\nancy\Tracing</p><p>2014-12-16 11:24 - 2009-11-27 12:39 - 00001413 _____ () C:\Users\nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2014-12-16 11:24 - 2009-11-27 12:32 - 00087512 _____ () C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-12-16 11:23 - 2014-11-11 18:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-12-16 11:23 - 2010-11-27 15:46 - 00000632 __RSH () C:\Users\nancy\ntuser.pol</p><p>2014-12-16 11:23 - 2009-11-27 12:25 - 00000000 ____D () C:\Users\nancy</p><p>2014-12-16 11:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-12-12 18:17 - 2013-08-13 12:08 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-12-12 18:17 - 2009-08-14 21:44 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-12-12 18:13 - 2009-11-29 15:51 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-12-09 21:31 - 2014-01-27 16:54 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFordelta</p><p>2014-12-05 13:19 - 2009-08-25 00:49 - 00618676 _____ () C:\Windows\PFRO.log</p><p>2014-12-04 16:35 - 2014-11-11 18:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-12-04 16:35 - 2014-11-11 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-11-30 21:38 - 2014-09-09 20:01 - 00000000 ____D () C:\Users\delta\AppData\Local\NPE</p><p>2014-11-30 21:32 - 2014-09-10 20:34 - 00000000 ____D () C:\NPE</p><p>2014-11-21 17:57 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-11-21 06:14 - 2014-11-11 18:18 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-11-21 06:14 - 2014-11-11 18:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-11-21 06:14 - 2014-11-11 18:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-11-17 16:14 - 2012-04-04 06:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-11-17 16:14 - 2012-04-04 06:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2014-11-17 16:14 - 2011-05-16 11:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Channing\AppData\Local\Temp\HPHelpUpdater.exe</p><p>C:\Users\Channing\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe</p><p>C:\Users\Channing\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe</p><p>C:\Users\Channing\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe</p><p>C:\Users\Channing\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe</p><p>C:\Users\Channing\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe</p><p>C:\Users\Channing\AppData\Local\Temp\Resource.exe</p><p>C:\Users\Channing\AppData\Local\Temp\sp58915.exe</p><p>C:\Users\Channing\AppData\Local\Temp\UninstallHPSA.exe</p><p>C:\Users\Channing\AppData\Local\Temp\zarwzrae.dll</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\sp54620.exe</p><p>C:\Users\Chayse\AppData\Local\Temp\swt-win32-3452.dll</p><p>C:\Users\delta\AppData\Local\Temp\FlashPlayerUpdate.exe</p><p>C:\Users\delta\AppData\Local\Temp\GLFAA74.tmp.tbElf_.dll</p><p>C:\Users\delta\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe</p><p>C:\Users\delta\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe</p><p>C:\Users\delta\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe</p><p>C:\Users\delta\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe</p><p>C:\Users\delta\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe</p><p>C:\Users\delta\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe</p><p>C:\Users\delta\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe</p><p>C:\Users\delta\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe</p><p>C:\Users\delta\AppData\Local\Temp\shutdown1413046557.exe</p><p>C:\Users\delta\AppData\Local\Temp\sp64126.exe</p><p>C:\Users\delta\AppData\Local\Temp\UninstallHPSA.exe</p><p>C:\Users\nancy\AppData\Local\Temp\Extract.exe</p><p>C:\Users\nancy\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe</p><p>C:\Users\nancy\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe</p><p>C:\Users\nancy\AppData\Local\Temp\Resource.exe</p><p>C:\Users\nancy\AppData\Local\Temp\SP47938.exe</p><p>C:\Users\nancy\AppData\Local\Temp\sp50843.exe.exe</p><p>C:\Users\nancy\AppData\Local\Temp\sp52110.exe.exe</p><p>C:\Users\nancy\AppData\Local\Temp\sp54373.exe</p><p>C:\Users\nancy\AppData\Local\Temp\UninstallHPSA.exe</p><p>C:\Users\nancy\AppData\Local\Temp\UninstallHPTCA.exe</p><p></p><p>==================== Bamital & volsnap Check =================</p><p>(There is no automatic fix for files that do not pass verification.)</p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2014-11-28 14:22</p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="surlyone, post: 316190, member: 31968"] Here're txt files fro FARBAR: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01 Ran by nancy at 2014-12-16 16:44:21 Running from C:\Users\nancy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{83715090-142B-D305-36EC-7538A007D336}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre (HKLM-x32\...\{8D7FBFCA-6739-48B0-B39A-E1B2BFB2D85C}) (Version: 0.8.0 - Kovid Goyal) ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation) Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE) FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard) HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard) HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard) HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard) HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.) HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard) HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard) HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{F9A43C0C-F274-4EC0-B02E-202C15C09C00}) (Version: 3.50.12.1 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{3744B641-61DE-417F-BCDC-9CCED4224DF8}) (Version: 1.18.13.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation) Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 1.2.0.6 - Symantec Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.) WD SmartWare (HKLM\...\{9798BB87-01B9-4D46-8EA0-6681E72BDE87}) (Version: 1.6.5.2 - Western Digital Technologies, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-11-2014 21:25:51 Scheduled Checkpoint 12-11-2014 03:12:18 Installed Java 7 Update 71 12-11-2014 18:38:56 Windows Update 22-11-2014 22:33:22 Scheduled Checkpoint 27-11-2014 15:21:46 Windows Update 11-12-2014 18:11:49 Windows Update 11-12-2014 20:24:00 Windows Update 13-12-2014 02:12:49 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2014-09-25 14:09 - 00000954 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {09AD16A8-0590-422E-81CA-09DC92233069} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17] (Adobe Systems Incorporated) Task: {173A886A-B75E-4A16-83BB-FE45127F045B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {1D8D6A70-134A-44AB-82FD-96EC3515545C} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL) Task: {2853C35C-AA23-4215-9776-C1651AD7643D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {341B0291-F769-48B8-BF1D-2F704F1E1D57} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL) Task: {346BC84C-5A09-4F3B-8D44-8497CBBF4AC6} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.) Task: {3A5FD254-B3C0-4601-B1E9-D3CE6551A75C} - System32\Tasks\{9E144830-E20C-4335-B4C4-78CEE263097B} => pcalua.exe -a "C:\Users\delta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MINK22I\vcredist_x86.exe" -d C:\Users\delta\Desktop Task: {3C2AA61B-F0BE-4600-B7C8-1606B0CFF78C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {55934352-E4FF-4A54-883F-67E63C38FB8A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {5E4E707F-4937-45FD-8DEF-105B67AE3E52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39AEXJ8T05KC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {77F1C4B3-D5FA-4746-BDA7-05FFA7F0A597} - System32\Tasks\HPCeeScheduleFordelta => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {83E97B34-55AA-4076-8C76-B6068EEA3D5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {9A26E239-2789-46F9-8BCC-0DE5FFAB6498} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {AEA01BBF-F836-4309-93FB-2215BDBE03A7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {C0D44B35-3917-475E-A638-F0CDFC26AD31} - System32\Tasks\{35F7EB3F-F0D2-462E-9DCD-CB89984010D2} => pcalua.exe -a C:\Users\delta\Desktop\sp45974.exe -d C:\Users\delta\Desktop Task: {C3CB6ACA-D08D-48A6-91EC-2D8FAD7B2518} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL) Task: {C7635C76-4F41-4953-AD23-B7113C7BF8DC} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.) Task: {C90EC787-C474-4B69-8832-7D0B741DF4BB} - System32\Tasks\{2F0E6D0F-E3F2-4B28-B4E0-F5D36BB4C8C4} => pcalua.exe -a "C:\Users\delta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3BIOGDA\vcredist_x64.exe" -d C:\Users\delta\Desktop Task: {D43A9BEF-B906-4B18-B5FC-358C406AE9E3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation) Task: {D8D45571-8EC5-417E-93EE-CBEEDDEC6B7F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink) Task: {E923049E-EB87-4B98-A64A-776EE5933399} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleFordelta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2009-08-14 22:24 - 2009-01-21 10:47 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-05-01 11:29 - 2014-05-01 11:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2009-06-22 11:37 - 2009-06-22 11:37 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe 2009-07-07 10:56 - 2009-07-07 10:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2009-08-25 00:27 - 2009-08-25 00:27 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-06 08:44 - 2014-09-06 08:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-05-24 08:41 - 2014-05-24 08:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll 2014-05-24 08:41 - 2014-05-24 08:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll 2009-07-23 10:37 - 2009-07-23 10:37 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll 2010-03-19 09:45 - 2010-03-19 09:45 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2010-03-19 09:45 - 2010-03-19 09:45 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2010-03-19 09:45 - 2010-03-19 09:45 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-161241183-893571751-3115716322-500 - Administrator - Disabled) Channing (S-1-5-21-161241183-893571751-3115716322-1006 - Administrator - Enabled) => C:\Users\Channing Chayse (S-1-5-21-161241183-893571751-3115716322-1005 - Administrator - Enabled) => C:\Users\Chayse dean (S-1-5-21-161241183-893571751-3115716322-1003 - Administrator - Enabled) => C:\Users\dean delta (S-1-5-21-161241183-893571751-3115716322-1004 - Administrator - Enabled) => C:\Users\delta Guest (S-1-5-21-161241183-893571751-3115716322-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-161241183-893571751-3115716322-1002 - Limited - Enabled) nancy (S-1-5-21-161241183-893571751-3115716322-1001 - Administrator - Enabled) => C:\Users\nancy ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2014 04:31:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17420, time stamp: 0x545ad233 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x00038e19 Faulting process id: 0xbb0 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (12/16/2014 04:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12544773 Error: (12/16/2014 04:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 12544773 Error: (12/16/2014 04:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/16/2014 00:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15600 Error: (12/16/2014 00:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15600 Error: (12/16/2014 00:53:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/11/2014 10:14:00 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Context: Application, SystemIndex Catalog Error: (12/11/2014 10:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 129688842 Error: (12/11/2014 10:10:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 129688842 System errors: ============= Error: (12/12/2014 05:35:03 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (12/12/2014 05:25:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024864. Error: (12/12/2014 05:25:31 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY) Description: The BITS service failed to start. Error 2147942432. Error: (12/11/2014 00:26:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1053 Error: (12/11/2014 00:26:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error: (12/05/2014 02:09:38 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/05/2014 01:55:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (12/04/2014 10:50:04 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 09:28:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/29/2014 01:21:32 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz Percentage of memory in use: 65% Total physical RAM: 3069.19 MB Available physical RAM: 1055.4 MB Total Pagefile: 6136.55 MB Available Pagefile: 3533 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:282.95 GB) (Free:202.13 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:14.95 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: E0A9332A) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by nancy (administrator) on MYHOME-PC on 16-12-2014 16:43:10 Running from C:\Users\nancy\Desktop Loaded Profile: nancy (Available profiles: nancy & dean & delta & Chayse & Channing) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [AESTFltr] => %SystemRoot%\system32\AESTFltr.exe /NoDlg HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.) HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-06-22] () HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company) HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation) HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\MountPoints2: {9926c541-27a8-11df-bd1c-00269e906b60} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\MountPoints2: {feec7c4b-2d40-11df-83a5-00269e906b60} - F:\LaunchU3.exe HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2 Startup: C:\Users\Channing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-161241183-893571751-3115716322-1005\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-161241183-893571751-3115716322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [url]https://login.yahoo.com/config/login_verify2?.intl=us&.partner=sbc&.src=ym[/url] HKU\S-1-5-21-161241183-893571751-3115716322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb[/url] SearchScopes: HKLM -> DefaultScope {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = [url]http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_36_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EzytDyC0ByCtD0DtA0AtCtN0D0Tzu0SzyzztDtN1L2XzutAtFtBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtC0E0DtDzzzztDtG0D0CtCyCtGzyzz0CyDtG0F0EtAtDtGyD0FtDzy0B0FtA0E0AyBzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0D0DyBzy0C0AtGyB0EtCyCtGyE0F0EtBtGzyzytCyDtG0AtC0EtAtDyEtCzzzy0A0FyE2Q&cr=1909079446&ir[/url]= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = [url]http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox[/url] SearchScopes: HKLM -> {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = [url]http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_36_ff&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EzytDyC0ByCtD0DtA0AtCtN0D0Tzu0SzyzztDtN1L2XzutAtFtBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtC0E0DtDzzzztDtG0D0CtCyCtGzyzz0CyDtG0F0EtAtDtGyD0FtDzy0B0FtA0E0AyBzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0D0DyBzy0C0AtGyB0EtCyCtGyE0F0EtBtGzyzytCyDtG0AtC0EtAtDyEtCzzzy0A0FyE2Q&cr=1909079446&ir[/url]= SearchScopes: HKLM -> {EA4AB73B-2615-4289-A738-FD4FF26E3106} URL = [url]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl[/url] SearchScopes: HKLM-x32 -> DefaultScope {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = [url]http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox[/url] SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {80E5A95F-E4B7-45DC-813A-032F41F5B1C8} URL = [url]http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox[/url] SearchScopes: HKLM-x32 -> {EA4AB73B-2615-4289-A738-FD4FF26E3106} URL = [url]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl[/url] SearchScopes: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = [url]http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS[/url]} SearchScopes: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> {EA4AB73B-2615-4289-A738-FD4FF26E3106} URL = [url]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl[/url] BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-161241183-893571751-3115716322-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7bs5n6j2.default FF SelectedSearchEngine: Astromenda FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\7bs5n6j2.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-31] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013-01-08] FF HKLM-x32\...\Firefox\Extensions: [[email]smartwebprinting@hp.com[/email]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-31] FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn [2014-12-16] FF HKU\S-1-5-21-161241183-893571751-3115716322-1001\...\Firefox\Extensions: [[email]smartwebprinting@hp.com[/email]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [Not Found] FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn [Not Found] FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-03-19] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation) R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [240640 2010-02-20] (IDT, Inc.) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital ) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital) R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital ) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AESTAud; C:\Windows\System32\drivers\AESTAu64.sys [146048 2009-04-20] (Andrea Electronics Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20141212.002\IDSvia64.sys [637656 2014-11-21] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141215.016\ENG64.SYS [129752 2014-12-12] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141215.016\EX64.SYS [2137304 2014-12-12] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 CpqDfw; system32\drivers\CpqDfw.sys [X] U4 eabfiltr; No ImagePath U3 wampapache; No ImagePath U3 wampapache64; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 16:43 - 2014-12-16 16:43 - 00023548 _____ () C:\Users\nancy\Desktop\FRST.txt 2014-12-16 16:42 - 2014-12-16 16:43 - 00000000 ____D () C:\FRST 2014-12-16 16:41 - 2014-12-16 16:41 - 02119168 _____ (Farbar) C:\Users\nancy\Desktop\FRST64.exe 2014-12-16 16:28 - 2014-12-16 16:28 - 00000000 __SHD () C:\Users\nancy\AppData\Local\EmieUserList 2014-12-16 16:28 - 2014-12-16 16:28 - 00000000 __SHD () C:\Users\nancy\AppData\Local\EmieSiteList 2014-12-16 16:28 - 2014-12-16 16:28 - 00000000 __SHD () C:\Users\nancy\AppData\Local\EmieBrowserModeList 2014-12-11 12:26 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 12:26 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-05 23:16 - 2014-12-05 23:19 - 00000050 _____ () C:\Users\delta\Desktop\FixPoweliks64.log 2014-12-05 14:24 - 2014-12-05 14:24 - 02747488 _____ (Symantec Corporation) C:\Users\delta\Desktop\FixPoweliks64.exe 2014-11-26 11:02 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-26 11:02 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-26 11:02 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-26 11:02 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 16:43 - 2009-08-25 00:29 - 01645582 _____ () C:\Windows\WindowsUpdate.log 2014-12-16 16:24 - 2012-04-04 06:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-16 16:23 - 2014-01-27 16:54 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFordelta.job 2014-12-16 16:23 - 2009-07-13 20:51 - 01508447 _____ () C:\Windows\setupact.log 2014-12-16 12:02 - 2014-11-11 18:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-16 11:31 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-16 11:31 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-16 11:24 - 2010-01-29 08:34 - 00000000 ____D () C:\Users\nancy\Tracing 2014-12-16 11:24 - 2009-11-27 12:39 - 00001413 _____ () C:\Users\nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-16 11:24 - 2009-11-27 12:32 - 00087512 _____ () C:\Users\nancy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-16 11:23 - 2014-11-11 18:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-16 11:23 - 2010-11-27 15:46 - 00000632 __RSH () C:\Users\nancy\ntuser.pol 2014-12-16 11:23 - 2009-11-27 12:25 - 00000000 ____D () C:\Users\nancy 2014-12-16 11:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-12 18:17 - 2013-08-13 12:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-12 18:17 - 2009-08-14 21:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-12 18:13 - 2009-11-29 15:51 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 21:31 - 2014-01-27 16:54 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFordelta 2014-12-05 13:19 - 2009-08-25 00:49 - 00618676 _____ () C:\Windows\PFRO.log 2014-12-04 16:35 - 2014-11-11 18:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-04 16:35 - 2014-11-11 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-30 21:38 - 2014-09-09 20:01 - 00000000 ____D () C:\Users\delta\AppData\Local\NPE 2014-11-30 21:32 - 2014-09-10 20:34 - 00000000 ____D () C:\NPE 2014-11-21 17:57 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-21 06:14 - 2014-11-11 18:18 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-11-11 18:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-11-11 18:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-17 16:14 - 2012-04-04 06:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-17 16:14 - 2012-04-04 06:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-17 16:14 - 2011-05-16 11:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Channing\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Channing\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Channing\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe C:\Users\Channing\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Channing\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Channing\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Channing\AppData\Local\Temp\Resource.exe C:\Users\Channing\AppData\Local\Temp\sp58915.exe C:\Users\Channing\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Channing\AppData\Local\Temp\zarwzrae.dll C:\Users\Chayse\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Chayse\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Chayse\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\Chayse\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Chayse\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Chayse\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Chayse\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Chayse\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Chayse\AppData\Local\Temp\sp54620.exe C:\Users\Chayse\AppData\Local\Temp\swt-win32-3452.dll C:\Users\delta\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\delta\AppData\Local\Temp\GLFAA74.tmp.tbElf_.dll C:\Users\delta\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\delta\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\delta\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\delta\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\delta\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\delta\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\delta\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\delta\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\delta\AppData\Local\Temp\shutdown1413046557.exe C:\Users\delta\AppData\Local\Temp\sp64126.exe C:\Users\delta\AppData\Local\Temp\UninstallHPSA.exe C:\Users\nancy\AppData\Local\Temp\Extract.exe C:\Users\nancy\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\nancy\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\nancy\AppData\Local\Temp\Resource.exe C:\Users\nancy\AppData\Local\Temp\SP47938.exe C:\Users\nancy\AppData\Local\Temp\sp50843.exe.exe C:\Users\nancy\AppData\Local\Temp\sp52110.exe.exe C:\Users\nancy\AppData\Local\Temp\sp54373.exe C:\Users\nancy\AppData\Local\Temp\UninstallHPSA.exe C:\Users\nancy\AppData\Local\Temp\UninstallHPTCA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-28 14:22 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top