I had to disable my antivirus to get the FRST to download.
Here is the FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Kathy (administrator) on DESKTOP on 16-01-2015 21:07:36
Running from C:\Users\Kathy\Desktop
Loaded Profiles: Kathy (Available profiles: Kathy & Piano Students & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Carbonite, Inc. (
www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Just Great Software) C:\Program Files\Just Great Software\EditPadLite7\EditPadLite7.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Run: [HitsBlender] => C:\Program Files (x86)\HitsBlender\hitsblender.exe [679480 2015-01-05] ()
HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\MountPoints2: {263b821b-6f1a-11e1-b628-386077d8f1d6} - H:\SimpliSafe.exe
HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\MountPoints2: {81440d92-7a04-11e1-8c29-386077d8f1d6} - H:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
GroupPolicyUsers\S-1-5-21-2290871306-4137750491-1347818489-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://Taplika.com/results.php?f=4&...tGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://Taplika.com/results.php?f=4&...tGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=
SearchScopes: HKLM -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL =
http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL =
http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://Taplika.com/results.php?f=4&...tGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=
SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://Taplika.com/results.php?f=4&...tGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=
SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL =
http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A}
https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\pohpu8o0.default-1421211219010
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [
quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn [2015-01-16]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-29]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-29]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-29]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-29]
CHR Extension: (Norton Identity Protection) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-01-29]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [176241 2004-07-21] (American Power Conversion Corporation) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-04] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-04] () [File not signed]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48264 2012-02-08] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-07] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20150115.040\ENG64.SYS [129752 2014-09-02] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20150115.040\EX64.SYS [2137304 2014-09-02] (Symantec Corporation)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror64.sys [13120 2012-08-13] (Windows (R) Win 7 DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-23] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 21:04 - 2015-01-16 21:04 - 02125824 _____ (Farbar) C:\Users\Kathy\Desktop\FRST64.exe
2015-01-16 20:30 - 2015-01-16 20:30 - 00000056 _____ () C:\Windows\setupact.log
2015-01-16 20:30 - 2015-01-16 20:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 20:29 - 2015-01-16 20:29 - 00001708 _____ () C:\Windows\PFRO.log
2015-01-16 20:24 - 2015-01-16 20:24 - 00000000 _____ () C:\Windows\SysWOW64\shoEEC.tmp
2015-01-16 19:07 - 2015-01-16 19:07 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{E534D789-8181-463F-B199-6B3260A00FB4}
2015-01-15 23:20 - 2015-01-15 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-15 23:18 - 2015-01-15 23:45 - 00000000 ____D () C:\Users\Kathy\Desktop\mbar
2015-01-15 23:15 - 2015-01-15 23:16 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Kathy\Desktop\mbar-1.08.2.1001.exe
2015-01-15 22:36 - 2015-01-15 22:36 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{6A850EB0-02BF-4473-AF82-76514BBEF234}
2015-01-14 23:49 - 2015-01-14 23:49 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{1E53157C-CB44-49DE-A8E6-4C2E6E823576}
2015-01-13 22:13 - 2015-01-13 22:13 - 00035283 _____ () C:\Users\Kathy\Downloads\Addition.txt
2015-01-13 22:11 - 2015-01-16 21:08 - 00023640 _____ () C:\Users\Kathy\Desktop\FRST.txt
2015-01-13 22:04 - 2015-01-16 21:07 - 00000000 ____D () C:\FRST
2015-01-13 22:03 - 2015-01-13 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 21:15 - 2015-01-13 21:15 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{EE2450D2-7D81-4119-8060-3DCFC6A0F326}
2015-01-13 20:38 - 2015-01-13 20:38 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 19:54 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 19:54 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 19:54 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 19:54 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 19:54 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 19:54 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 19:54 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 19:47 - 2015-01-13 19:47 - 00000000 _____ () C:\Windows\SysWOW64\sho5E55.tmp
2015-01-13 19:18 - 2015-01-13 19:18 - 05317104 _____ (Piriform Ltd) C:\Users\Kathy\Downloads\ccsetup501.exe
2015-01-13 19:12 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:12 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:12 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:12 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:12 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:12 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-08 23:22 - 2015-01-08 23:22 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-08 20:40 - 2015-01-08 20:40 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C3DDB241-C8F1-4FC4-809A-5F563D32DC19}
2015-01-07 18:40 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{8AA94D64-90B9-4551-ACDE-8E8C970C136D}
2015-01-05 21:21 - 2015-01-05 21:21 - 00000000 ____D () C:\TouchSmartData
2015-01-05 21:18 - 2015-01-13 19:05 - 00000000 ____D () C:\Users\Kathy\AppData\Local\hitsblender
2015-01-05 21:18 - 2015-01-05 21:20 - 00000000 ____D () C:\ProgramData\PicColorData
2015-01-05 21:18 - 2015-01-05 21:18 - 00003752 _____ () C:\Windows\System32\Tasks\KRWBWZLJOD
2015-01-05 21:18 - 2015-01-04 13:13 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-05 21:18 - 2015-01-04 13:13 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\HitsBlender
2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4
2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\Program Files (x86)\HitsBlenderUpdater
2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\Program Files (x86)\HitsBlender
2015-01-05 21:17 - 2015-01-04 13:13 - 00378544 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-05 21:17 - 2015-01-04 13:13 - 00332608 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-05 21:16 - 2015-01-13 19:15 - 00003176 _____ () C:\Windows\System32\Tasks\SimpleFiles Installer Starter
2015-01-05 21:13 - 2015-01-05 21:14 - 03845000 _____ (New Monte Inc) C:\Users\Kathy\Downloads\Ode-to-joy-piano-sheet-music_downloader.exe
2015-01-05 20:13 - 2015-01-05 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C5C38838-0F51-4AE0-869D-954EDBE84C35}
2015-01-05 01:21 - 2015-01-05 01:21 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{0DA4ADE6-548B-41CA-9323-5757D03517B0}
2015-01-02 20:35 - 2015-01-02 20:36 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{D3763760-85AF-43B2-AD1C-A6565A8F4A07}
2015-01-01 21:27 - 2015-01-05 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{3910835B-4ACF-4EB7-8ACF-2373D71FFB67}
2015-01-01 21:27 - 2015-01-01 21:27 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{9AE04BB3-110D-40F6-B9F8-C5E2BA2224D1}
2014-12-28 23:52 - 2014-12-28 23:52 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{426B03B2-AA10-4D4F-917B-D7183EB01F30}
2014-12-27 12:20 - 2014-12-27 12:20 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{FE26839F-7E15-4DE7-8BE2-4C1D3B75E675}
2014-12-26 21:23 - 2014-12-26 21:24 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{253ECFBF-CA53-49C6-974E-1566D45F61DB}
2014-12-17 22:23 - 2014-12-17 22:23 - 00000000 _____ () C:\Windows\SysWOW64\sho37E3.tmp
2014-12-17 20:42 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 20:42 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:53 - 2014-12-17 19:53 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C6B416BC-C5AE-4A43-BA7E-761B971FDD50}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 20:39 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:39 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:38 - 2012-06-14 21:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 20:35 - 2012-12-10 22:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 20:35 - 2012-02-12 19:38 - 01800310 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 20:33 - 2012-12-10 22:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 20:31 - 2012-01-12 13:50 - 00000000 ____D () C:\ProgramData\PDFC
2015-01-16 20:30 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 20:29 - 2012-05-14 12:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-15 23:45 - 2014-10-15 20:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-15 23:20 - 2014-10-15 20:57 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 22:21 - 2012-02-12 19:52 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{49B47D33-9EEF-444C-BF3D-2AC8BFB950D3}
2015-01-14 21:40 - 2012-12-03 16:40 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDESKTOP$
2015-01-14 21:40 - 2012-12-03 16:40 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDESKTOP$.job
2015-01-14 13:51 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 23:07 - 2013-08-13 17:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 22:52 - 2012-02-14 17:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 20:38 - 2012-06-14 21:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 20:38 - 2012-04-11 16:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 20:38 - 2012-01-12 13:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 19:46 - 2014-05-29 00:03 - 00000000 ____D () C:\Users\Kathy\AppData\Local\com
2015-01-13 19:27 - 2014-10-15 20:56 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-13 19:27 - 2014-10-15 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-13 19:27 - 2014-10-15 20:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-13 19:19 - 2012-03-18 16:46 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps
2015-01-13 19:19 - 2012-02-25 14:37 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-13 19:19 - 2012-02-25 14:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-08 20:40 - 2013-02-06 22:42 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKathy
2015-01-08 20:40 - 2013-02-06 22:42 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForKathy.job
2015-01-01 23:33 - 2012-02-12 19:52 - 00000000 ____D () C:\Users\Kathy\AppData\Local\PDFC
2015-01-01 22:31 - 2012-03-31 19:59 - 00000000 ____D () C:\Users\Kathy\Documents\music docs
2014-12-27 12:21 - 2014-10-15 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-21 18:40 - 2014-07-15 13:08 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Adobe
==================== Files in the root of some directories =======
2012-11-26 14:41 - 2012-11-26 14:42 - 0000173 _____ () C:\Users\Kathy\AppData\Roaming\hpmirrordriver.log
2012-07-08 21:19 - 2013-04-27 19:09 - 0007637 _____ () C:\Users\Kathy\AppData\Local\Resmon.ResmonCfg
2012-02-20 20:14 - 2012-02-20 20:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-13 22:36 - 2012-02-13 22:43 - 0000689 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-12 19:04
==================== End Of Log ============================
Here is the Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Kathy at 2015-01-16 21:09:05
Running from C:\Users\Kathy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Online (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
APC PowerChute Personal Edition (HKLM-x32\...\{5A0C892E-FD1C-4203-941E-0956AED20A6A}) (Version: 1.5 - American Power Conversion Corporation)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
CenturyLink Personal Digital Vault™ (HKLM-x32\...\{B97FD5DD-1226-49AD-AE6C-BF9DE1468F05}) (Version: 1.0.0004 - CenturyLink)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.5 - CHENGDU YIWO Tech Development Co., Ltd)
EditPad Lite 7.1.1 (HKLM\...\EditPad Lite) (Version: 7.1.1 - Just Great Software)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LibreOffice 3.5 Help Pack (English) (HKLM-x32\...\{BC6798A2-4703-4E39-AA50-4403C389883B}) (Version: 3.5.7.2 - The Document Foundation)
LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Norton 360 (HKLM-x32\...\N360) (Version: 6.4.1.14 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Score Writer 4 Demo (HKLM-x32\...\Score Writer 4 Demo) (Version: - )
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Should I Remove It (HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
11-12-2014 01:33:12 Windows Update
17-12-2014 22:21:15 Windows Update
13-01-2015 22:50:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {13922C8B-E656-4A7A-9FA6-E959FFA16BAC} - \LuckyTab No Task File <==== ATTENTION
Task: {20FF6E34-E704-4546-A80A-94CB370BC8DE} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {22CEABEE-053C-488F-8E4A-664901B3F266} - System32\Tasks\{16DDA733-2FF8-46CF-B937-3AFADA4689E5} => pcalua.exe -a "C:\Program Files (x86)\MediaPlayer+\Uninstall.exe" -c /fcp=1
Task: {2D06FE34-AA74-4F31-B953-74D0157C0565} - System32\Tasks\HP AR Program Upload - f940ebc4389f4357824bcf03d79c6cdc7c0d0bbb57754723b133d708b51cad11 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {31C987A7-6334-4C5A-9705-FAF7FC5044FF} - System32\Tasks\HPCeeScheduleForKathy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4BB6A789-E148-4F7B-B817-DF2701BD7F78} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation)
Task: {6091A794-7C36-4D2E-9BD1-1C80229BB960} - System32\Tasks\SimpleFiles Installer Starter => C:\Users\Kathy\AppData\Local\Temp\SimpleFilespeW77Yy8Aw.exe <==== ATTENTION
Task: {6BF52FBE-2ACC-4CB9-A6EF-549352570FEE} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6C5A358E-5944-4870-8DE1-913439661EB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)
Task: {8713B0CF-86F5-49AA-BC90-A9603B74FE9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8F971424-AAC7-4B3C-930C-AEB416B7ABAA} - System32\Tasks\HP AR Program Upload - 2850899e9b1d4c2a8b56ed38b5f86270ef82064248e24ff48aa86cb7560d71a7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {8FB10DDC-B492-4D98-A185-86C774CF9B58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {944B1DE8-AA2A-45F8-AAD1-C7E8BD7FF4E2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {9763C462-EF4A-4924-87D5-0ABCEF49FC60} - System32\Tasks\HPCeeScheduleForDESKTOP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A0879F7C-6152-4285-8E6A-8B1D8B9F5F2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {A8FFE49C-E3ED-4619-9122-FD260962C59B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C355596E-1739-4036-9AC4-E8D7E1FDA895} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: {D54D2D6E-521C-4F3E-886B-BEF68E0D6746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)
Task: {E4A71E7B-CC61-44FD-813F-81C3294D5BD5} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL
http://go.microsoft.com/fwlink/?LinkId=116866
Task: {EF4C0DC9-64BB-4BAA-B225-76E465307678} - System32\Tasks\{5C747E1E-3C86-487E-B039-064312B48D6F} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F5B24015-668B-4B28-8A6A-EC2AC7A76C79} - System32\Tasks\KRWBWZLJOD => C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe
Task: {FE457C32-4150-4F12-9E78-8104E9592525} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDESKTOP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKathy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-04-04 00:09 - 2011-12-22 22:08 - 00051848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2012-04-04 00:09 - 2012-01-17 15:04 - 00027784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2012-04-04 00:09 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2012-04-04 00:09 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2012-04-04 00:09 - 2012-02-23 18:26 - 00051336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2012-04-04 00:09 - 2011-12-22 22:08 - 00114312 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2012-04-04 00:09 - 2011-12-22 22:08 - 00245896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2012-04-04 00:09 - 2011-12-22 22:08 - 00069768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2012-04-04 00:09 - 2011-12-22 22:08 - 00064648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2012-04-04 00:09 - 2011-12-23 14:15 - 00023176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2012-04-04 00:09 - 2012-03-14 08:38 - 00106120 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2012-04-04 00:09 - 2012-02-08 12:28 - 00095880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-01-13 22:03 - 2015-01-13 22:03 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-13 20:38 - 2015-01-13 20:38 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Kathy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Kathy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CenturyLinkTouchPointAgent => "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Qwest Personal Digital Vault => "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
========================= Accounts: ==========================
Administrator (S-1-5-21-2290871306-4137750491-1347818489-500 - Administrator - Disabled)
Guest (S-1-5-21-2290871306-4137750491-1347818489-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2290871306-4137750491-1347818489-1002 - Limited - Enabled)
Kathy (S-1-5-21-2290871306-4137750491-1347818489-1000 - Administrator - Enabled) => C:\Users\Kathy
Piano Students (S-1-5-21-2290871306-4137750491-1347818489-1003 - Limited - Enabled) => C:\Users\Piano Students
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
Error: (01/13/2015 07:49:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3440) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS006D6.log.
System errors:
=============
Error: (01/16/2015 08:33:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2
Error: (01/15/2015 10:18:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
Error: (01/15/2015 00:24:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly. It has done this 2 time(s).
Error: (01/15/2015 00:24:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
Error: (01/14/2015 01:33:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2
Error: (01/14/2015 01:31:10 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
Error: (01/14/2015 01:30:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:09:54 PM on 1/13/2015 was unexpected.
Error: (01/13/2015 07:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2
Error: (01/13/2015 07:50:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (01/13/2015 07:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
Error: (01/13/2015 07:49:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3440Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS006D6.log-1811
==================== Memory info ===========================
Processor: AMD A4-3420 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3570.83 MB
Available physical RAM: 1709.48 MB
Total Pagefile: 7139.85 MB
Available Pagefile: 4880.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:914.73 GB) (Free:835.08 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.68 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7FA2DEBB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================