Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
hitsblender removal
Message
<blockquote data-quote="Kathy5743" data-source="post: 334817" data-attributes="member: 33145"><p>I had to disable my antivirus to get the FRST to download. </p><p></p><p>Here is the FRST.txt:</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01</p><p>Ran by Kathy (administrator) on DESKTOP on 16-01-2015 21:07:36</p><p>Running from C:\Users\Kathy\Desktop</p><p>Loaded Profiles: Kathy (Available profiles: Kathy & Piano Students & Guest)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE</p><p>(Carbonite, Inc. (<a href="http://www.carbonite.com" target="_blank">www.carbonite.com</a>)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe</p><p>(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe</p><p>(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe</p><p>(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe</p><p>(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE</p><p>(Microsoft Corporation) C:\Windows\System32\vds.exe</p><p>(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe</p><p>(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe</p><p>(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe</p><p>(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe</p><p>(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe</p><p>(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\taskmgr.exe</p><p>(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe</p><p>(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe</p><p>(Just Great Software) C:\Program Files\Just Great Software\EditPadLite7\EditPadLite7.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)</p><p>HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)</p><p>HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Run: [HitsBlender] => C:\Program Files (x86)\HitsBlender\hitsblender.exe [679480 2015-01-05] ()</p><p>HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Policies\system: [LogonHoursAction] 2</p><p>HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1</p><p>HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\MountPoints2: {263b821b-6f1a-11e1-b628-386077d8f1d6} - H:\SimpliSafe.exe</p><p>HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\MountPoints2: {81440d92-7a04-11e1-8c29-386077d8f1d6} - H:\LaunchU3.exe -a</p><p>ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)</p><p>ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)</p><p>ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)</p><p>ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation)</p><p>ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)</p><p>GroupPolicyUsers\S-1-5-21-2290871306-4137750491-1347818489-1003\User: Group Policy restriction detected <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=" target="_blank">http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=</a></p><p>SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=" target="_blank">http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=</a></p><p>SearchScopes: HKLM -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = <a href="http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}" target="_blank">http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}</a></p><p>SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = <a href="http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}" target="_blank">http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=" target="_blank">http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=</a></p><p>SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=" target="_blank">http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=</a></p><p>SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = <a href="http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}" target="_blank">http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}</a></p><p>BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)</p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)</p><p>BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)</p><p>BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)</p><p>BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File</p><p>Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)</p><p>DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} <a href="https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB" target="_blank">https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB</a></p><p>Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)</p><p>Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)</p><p>Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)</p><p>Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)</p><p>Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)</p><p>Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\pohpu8o0.default-1421211219010</p><p>FF DefaultSearchEngine: Google</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:quickprint@hp.com">quickprint@hp.com</a>] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension</p><p>FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-20]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn</p><p>FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn [2015-01-16]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll No File</p><p>CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll No File</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll No File</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)</p><p>CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File</p><p>CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File</p><p>CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File</p><p>CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-29]</p><p>CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-29]</p><p>CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-29]</p><p>CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-29]</p><p>CHR Extension: (Norton Identity Protection) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-01-29]</p><p>CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-29]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [176241 2004-07-21] (American Power Conversion Corporation) [File not signed]</p><p>R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]</p><p>R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]</p><p>R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]</p><p>R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)</p><p>R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)</p><p>R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)</p><p>R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)</p><p>R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)</p><p>S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]</p><p>S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)</p><p>R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)</p><p>R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-04] () [File not signed]</p><p>R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-04] () [File not signed]</p><p>R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)</p><p>R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)</p><p>R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]</p><p>R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48264 2012-02-08] () [File not signed]</p><p>R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]</p><p>R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]</p><p>R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-07] (Symantec Corporation)</p><p>R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20150115.040\ENG64.SYS [129752 2014-09-02] (Symantec Corporation)</p><p>R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20150115.040\EX64.SYS [2137304 2014-09-02] (Symantec Corporation)</p><p>S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror64.sys [13120 2012-08-13] (Windows (R) Win 7 DDK provider)</p><p>R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)</p><p>R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)</p><p>R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)</p><p>R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)</p><p>R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-23] (Symantec Corporation)</p><p>R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)</p><p>R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)</p><p>R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-16 21:04 - 2015-01-16 21:04 - 02125824 _____ (Farbar) C:\Users\Kathy\Desktop\FRST64.exe</p><p>2015-01-16 20:30 - 2015-01-16 20:30 - 00000056 _____ () C:\Windows\setupact.log</p><p>2015-01-16 20:30 - 2015-01-16 20:30 - 00000000 _____ () C:\Windows\setuperr.log</p><p>2015-01-16 20:29 - 2015-01-16 20:29 - 00001708 _____ () C:\Windows\PFRO.log</p><p>2015-01-16 20:24 - 2015-01-16 20:24 - 00000000 _____ () C:\Windows\SysWOW64\shoEEC.tmp</p><p>2015-01-16 19:07 - 2015-01-16 19:07 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{E534D789-8181-463F-B199-6B3260A00FB4}</p><p>2015-01-15 23:20 - 2015-01-15 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2015-01-15 23:18 - 2015-01-15 23:45 - 00000000 ____D () C:\Users\Kathy\Desktop\mbar</p><p>2015-01-15 23:15 - 2015-01-15 23:16 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Kathy\Desktop\mbar-1.08.2.1001.exe</p><p>2015-01-15 22:36 - 2015-01-15 22:36 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{6A850EB0-02BF-4473-AF82-76514BBEF234}</p><p>2015-01-14 23:49 - 2015-01-14 23:49 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{1E53157C-CB44-49DE-A8E6-4C2E6E823576}</p><p>2015-01-13 22:13 - 2015-01-13 22:13 - 00035283 _____ () C:\Users\Kathy\Downloads\Addition.txt</p><p>2015-01-13 22:11 - 2015-01-16 21:08 - 00023640 _____ () C:\Users\Kathy\Desktop\FRST.txt</p><p>2015-01-13 22:04 - 2015-01-16 21:07 - 00000000 ____D () C:\FRST</p><p>2015-01-13 22:03 - 2015-01-13 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2015-01-13 21:15 - 2015-01-13 21:15 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{EE2450D2-7D81-4119-8060-3DCFC6A0F326}</p><p>2015-01-13 20:38 - 2015-01-13 20:38 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe</p><p>2015-01-13 19:54 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2015-01-13 19:54 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll</p><p>2015-01-13 19:54 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe</p><p>2015-01-13 19:54 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll</p><p>2015-01-13 19:54 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2015-01-13 19:54 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2015-01-13 19:54 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll</p><p>2015-01-13 19:47 - 2015-01-13 19:47 - 00000000 _____ () C:\Windows\SysWOW64\sho5E55.tmp</p><p>2015-01-13 19:18 - 2015-01-13 19:18 - 05317104 _____ (Piriform Ltd) C:\Users\Kathy\Downloads\ccsetup501.exe</p><p>2015-01-13 19:12 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll</p><p>2015-01-13 19:12 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys</p><p>2015-01-13 19:12 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe</p><p>2015-01-13 19:12 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll</p><p>2015-01-13 19:12 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll</p><p>2015-01-13 19:12 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll</p><p>2015-01-08 23:22 - 2015-01-08 23:22 - 00000000 ____D () C:\Program Files (x86)\predm</p><p>2015-01-08 20:40 - 2015-01-08 20:40 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C3DDB241-C8F1-4FC4-809A-5F563D32DC19}</p><p>2015-01-07 18:40 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{8AA94D64-90B9-4551-ACDE-8E8C970C136D}</p><p>2015-01-05 21:21 - 2015-01-05 21:21 - 00000000 ____D () C:\TouchSmartData</p><p>2015-01-05 21:18 - 2015-01-13 19:05 - 00000000 ____D () C:\Users\Kathy\AppData\Local\hitsblender</p><p>2015-01-05 21:18 - 2015-01-05 21:20 - 00000000 ____D () C:\ProgramData\PicColorData</p><p>2015-01-05 21:18 - 2015-01-05 21:18 - 00003752 _____ () C:\Windows\System32\Tasks\KRWBWZLJOD</p><p>2015-01-05 21:18 - 2015-01-04 13:13 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys</p><p>2015-01-05 21:18 - 2015-01-04 13:13 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys</p><p>2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\HitsBlender</p><p>2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4</p><p>2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\Program Files (x86)\HitsBlenderUpdater</p><p>2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\Program Files (x86)\HitsBlender</p><p>2015-01-05 21:17 - 2015-01-04 13:13 - 00378544 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll</p><p>2015-01-05 21:17 - 2015-01-04 13:13 - 00332608 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll</p><p>2015-01-05 21:16 - 2015-01-13 19:15 - 00003176 _____ () C:\Windows\System32\Tasks\SimpleFiles Installer Starter</p><p>2015-01-05 21:13 - 2015-01-05 21:14 - 03845000 _____ (New Monte Inc) C:\Users\Kathy\Downloads\Ode-to-joy-piano-sheet-music_downloader.exe</p><p>2015-01-05 20:13 - 2015-01-05 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C5C38838-0F51-4AE0-869D-954EDBE84C35}</p><p>2015-01-05 01:21 - 2015-01-05 01:21 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{0DA4ADE6-548B-41CA-9323-5757D03517B0}</p><p>2015-01-02 20:35 - 2015-01-02 20:36 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{D3763760-85AF-43B2-AD1C-A6565A8F4A07}</p><p>2015-01-01 21:27 - 2015-01-05 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{3910835B-4ACF-4EB7-8ACF-2373D71FFB67}</p><p>2015-01-01 21:27 - 2015-01-01 21:27 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{9AE04BB3-110D-40F6-B9F8-C5E2BA2224D1}</p><p>2014-12-28 23:52 - 2014-12-28 23:52 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{426B03B2-AA10-4D4F-917B-D7183EB01F30}</p><p>2014-12-27 12:20 - 2014-12-27 12:20 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{FE26839F-7E15-4DE7-8BE2-4C1D3B75E675}</p><p>2014-12-26 21:23 - 2014-12-26 21:24 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{253ECFBF-CA53-49C6-974E-1566D45F61DB}</p><p>2014-12-17 22:23 - 2014-12-17 22:23 - 00000000 _____ () C:\Windows\SysWOW64\sho37E3.tmp</p><p>2014-12-17 20:42 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-12-17 20:42 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-12-17 19:53 - 2014-12-17 19:53 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C6B416BC-C5AE-4A43-BA7E-761B971FDD50}</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-16 20:39 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-16 20:39 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-16 20:38 - 2012-06-14 21:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-01-16 20:35 - 2012-12-10 22:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-01-16 20:35 - 2012-02-12 19:38 - 01800310 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-01-16 20:33 - 2012-12-10 22:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-01-16 20:31 - 2012-01-12 13:50 - 00000000 ____D () C:\ProgramData\PDFC</p><p>2015-01-16 20:30 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-01-16 20:29 - 2012-05-14 12:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2015-01-15 23:45 - 2014-10-15 20:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2015-01-15 23:20 - 2014-10-15 20:57 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-01-15 22:21 - 2012-02-12 19:52 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{49B47D33-9EEF-444C-BF3D-2AC8BFB950D3}</p><p>2015-01-14 21:40 - 2012-12-03 16:40 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDESKTOP$</p><p>2015-01-14 21:40 - 2012-12-03 16:40 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDESKTOP$.job</p><p>2015-01-14 13:51 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2015-01-13 23:07 - 2013-08-13 17:45 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2015-01-13 22:52 - 2012-02-14 17:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2015-01-13 20:38 - 2012-06-14 21:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2015-01-13 20:38 - 2012-04-11 16:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2015-01-13 20:38 - 2012-01-12 13:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-01-13 19:46 - 2014-05-29 00:03 - 00000000 ____D () C:\Users\Kathy\AppData\Local\com</p><p>2015-01-13 19:27 - 2014-10-15 20:56 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-01-13 19:27 - 2014-10-15 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-01-13 19:27 - 2014-10-15 20:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2015-01-13 19:19 - 2012-03-18 16:46 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps</p><p>2015-01-13 19:19 - 2012-02-25 14:37 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk</p><p>2015-01-13 19:19 - 2012-02-25 14:37 - 00000000 ____D () C:\Program Files\CCleaner</p><p>2015-01-08 20:40 - 2013-02-06 22:42 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKathy</p><p>2015-01-08 20:40 - 2013-02-06 22:42 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForKathy.job</p><p>2015-01-01 23:33 - 2012-02-12 19:52 - 00000000 ____D () C:\Users\Kathy\AppData\Local\PDFC</p><p>2015-01-01 22:31 - 2012-03-31 19:59 - 00000000 ____D () C:\Users\Kathy\Documents\music docs</p><p>2014-12-27 12:21 - 2014-10-15 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk</p><p>2014-12-21 18:40 - 2014-07-15 13:08 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Adobe</p><p></p><p>==================== Files in the root of some directories =======</p><p>2012-11-26 14:41 - 2012-11-26 14:42 - 0000173 _____ () C:\Users\Kathy\AppData\Roaming\hpmirrordriver.log</p><p>2012-07-08 21:19 - 2013-04-27 19:09 - 0007637 _____ () C:\Users\Kathy\AppData\Local\Resmon.ResmonCfg</p><p>2012-02-20 20:14 - 2012-02-20 20:14 - 0000057 _____ () C:\ProgramData\Ament.ini</p><p>2012-02-13 22:36 - 2012-02-13 22:43 - 0000689 _____ () C:\ProgramData\hpzinstall.log</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-11-12 19:04</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p>Here is the Addition.txt:</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01</p><p>Ran by Kathy at 2015-01-16 21:09:05</p><p>Running from C:\Users\Kathy\Desktop</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Norton 360 Online (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}</p><p>AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}</p><p>FW: Norton 360 Online (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)</p><p>AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)</p><p>APC PowerChute Personal Edition (HKLM-x32\...\{5A0C892E-FD1C-4203-941E-0956AED20A6A}) (Version: 1.5 - American Power Conversion Corporation)</p><p>Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)</p><p>Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)</p><p>Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )</p><p>Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)</p><p>Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)</p><p>Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)</p><p>Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.3.0.11 - )</p><p>Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )</p><p>Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)</p><p>Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)</p><p>Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - )</p><p>Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)</p><p>Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.17.41 - )</p><p>Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)</p><p>Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)</p><p>Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)</p><p>CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)</p><p>CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)</p><p>CenturyLink Personal Digital Vault™ (HKLM-x32\...\{B97FD5DD-1226-49AD-AE6C-BF9DE1468F05}) (Version: 1.0.0004 - CenturyLink)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden</p><p>Dropbox (HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)</p><p>EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.5 - CHENGDU YIWO Tech Development Co., Ltd)</p><p>EditPad Lite 7.1.1 (HKLM\...\EditPad Lite) (Version: 7.1.1 - Just Great Software)</p><p>Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)</p><p>ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)</p><p>Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)</p><p>HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)</p><p>HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)</p><p>HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)</p><p>HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)</p><p>HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)</p><p>HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)</p><p>HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)</p><p>HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)</p><p>HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)</p><p>HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)</p><p>HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)</p><p>HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)</p><p>HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)</p><p>HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)</p><p>HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)</p><p>HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)</p><p>HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)</p><p>HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)</p><p>HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)</p><p>HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)</p><p>HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)</p><p>HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden</p><p>I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)</p><p>Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)</p><p>Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)</p><p>LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)</p><p>LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden</p><p>LibreOffice 3.5 Help Pack (English) (HKLM-x32\...\{BC6798A2-4703-4E39-AA50-4403C389883B}) (Version: 3.5.7.2 - The Document Foundation)</p><p>LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation)</p><p>Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)</p><p>Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)</p><p>Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)</p><p>Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)</p><p>Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)</p><p>Norton 360 (HKLM-x32\...\N360) (Version: 6.4.1.14 - Symantec Corporation)</p><p>opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden</p><p>PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)</p><p>PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)</p><p>PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)</p><p>Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)</p><p>Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden</p><p>PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)</p><p>QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)</p><p>Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden</p><p>Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)</p><p>Score Writer 4 Demo (HKLM-x32\...\Score Writer 4 Demo) (Version: - )</p><p>Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)</p><p>Should I Remove It (HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)</p><p>Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden</p><p>Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)</p><p>Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)</p><p>TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)</p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)</p><p>Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>11-12-2014 01:33:12 Windows Update</p><p>17-12-2014 22:21:15 Windows Update</p><p>13-01-2015 22:50:53 Windows Update</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {13922C8B-E656-4A7A-9FA6-E959FFA16BAC} - \LuckyTab No Task File <==== ATTENTION</p><p>Task: {20FF6E34-E704-4546-A80A-94CB370BC8DE} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)</p><p>Task: {22CEABEE-053C-488F-8E4A-664901B3F266} - System32\Tasks\{16DDA733-2FF8-46CF-B937-3AFADA4689E5} => pcalua.exe -a "C:\Program Files (x86)\MediaPlayer+\Uninstall.exe" -c /fcp=1</p><p>Task: {2D06FE34-AA74-4F31-B953-74D0157C0565} - System32\Tasks\HP AR Program Upload - f940ebc4389f4357824bcf03d79c6cdc7c0d0bbb57754723b133d708b51cad11 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)</p><p>Task: {31C987A7-6334-4C5A-9705-FAF7FC5044FF} - System32\Tasks\HPCeeScheduleForKathy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)</p><p>Task: {4BB6A789-E148-4F7B-B817-DF2701BD7F78} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation)</p><p>Task: {6091A794-7C36-4D2E-9BD1-1C80229BB960} - System32\Tasks\SimpleFiles Installer Starter => C:\Users\Kathy\AppData\Local\Temp\SimpleFilespeW77Yy8Aw.exe <==== ATTENTION</p><p>Task: {6BF52FBE-2ACC-4CB9-A6EF-549352570FEE} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)</p><p>Task: {6C5A358E-5944-4870-8DE1-913439661EB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)</p><p>Task: {8713B0CF-86F5-49AA-BC90-A9603B74FE9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc</p><p>Task: {8F971424-AAC7-4B3C-930C-AEB416B7ABAA} - System32\Tasks\HP AR Program Upload - 2850899e9b1d4c2a8b56ed38b5f86270ef82064248e24ff48aa86cb7560d71a7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)</p><p>Task: {8FB10DDC-B492-4D98-A185-86C774CF9B58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)</p><p>Task: {944B1DE8-AA2A-45F8-AAD1-C7E8BD7FF4E2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)</p><p>Task: {9763C462-EF4A-4924-87D5-0ABCEF49FC60} - System32\Tasks\HPCeeScheduleForDESKTOP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)</p><p>Task: {A0879F7C-6152-4285-8E6A-8B1D8B9F5F2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)</p><p>Task: {A8FFE49C-E3ED-4619-9122-FD260962C59B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)</p><p>Task: {C355596E-1739-4036-9AC4-E8D7E1FDA895} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)</p><p>Task: {D54D2D6E-521C-4F3E-886B-BEF68E0D6746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)</p><p>Task: {E4A71E7B-CC61-44FD-813F-81C3294D5BD5} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL <a href="http://go.microsoft.com/fwlink/?LinkId=116866" target="_blank">http://go.microsoft.com/fwlink/?LinkId=116866</a></p><p>Task: {EF4C0DC9-64BB-4BAA-B225-76E465307678} - System32\Tasks\{5C747E1E-3C86-487E-B039-064312B48D6F} => pcalua.exe -a E:\setup.exe -d E:\</p><p>Task: {F5B24015-668B-4B28-8A6A-EC2AC7A76C79} - System32\Tasks\KRWBWZLJOD => C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe</p><p>Task: {FE457C32-4150-4F12-9E78-8104E9592525} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\HPCeeScheduleForDESKTOP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe</p><p>Task: C:\Windows\Tasks\HPCeeScheduleForKathy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2012-04-04 00:09 - 2011-12-22 22:08 - 00051848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll</p><p>2012-04-04 00:09 - 2012-01-17 15:04 - 00027784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll</p><p>2012-04-04 00:09 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll</p><p>2012-04-04 00:09 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll</p><p>2012-04-04 00:09 - 2012-02-23 18:26 - 00051336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll</p><p>2012-04-04 00:09 - 2011-12-22 22:08 - 00114312 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll</p><p>2012-04-04 00:09 - 2011-12-22 22:08 - 00245896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll</p><p>2012-04-04 00:09 - 2011-12-22 22:08 - 00069768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll</p><p>2012-04-04 00:09 - 2011-12-22 22:08 - 00064648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll</p><p>2012-04-04 00:09 - 2011-12-23 14:15 - 00023176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll</p><p>2012-04-04 00:09 - 2012-03-14 08:38 - 00106120 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll</p><p>2012-04-04 00:09 - 2012-02-08 12:28 - 00095880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll</p><p>2015-01-13 22:03 - 2015-01-13 22:03 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll</p><p>2015-01-13 20:38 - 2015-01-13 20:38 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\startupfolder: C:^Users^Kathy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup</p><p>MSCONFIG\startupfolder: C:^Users^Kathy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup</p><p>MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</p><p>MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe</p><p>MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR</p><p>MSCONFIG\startupreg: CenturyLinkTouchPointAgent => "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart</p><p>MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin</p><p>MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe</p><p>MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe</p><p>MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe</p><p>MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe</p><p>MSCONFIG\startupreg: Qwest Personal Digital Vault => "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m</p><p>MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-2290871306-4137750491-1347818489-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-2290871306-4137750491-1347818489-501 - Limited - Enabled) => C:\Users\Guest</p><p>HomeGroupUser$ (S-1-5-21-2290871306-4137750491-1347818489-1002 - Limited - Enabled)</p><p>Kathy (S-1-5-21-2290871306-4137750491-1347818489-1000 - Administrator - Enabled) => C:\Users\Kathy</p><p>Piano Students (S-1-5-21-2290871306-4137750491-1347818489-1003 - Limited - Enabled) => C:\Users\Piano Students</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )</p><p>Description: The index cannot be initialized.</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )</p><p>Description: The application cannot be initialized.</p><p></p><p>Context: Windows Application</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )</p><p>Description: The gatherer object cannot be initialized.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )</p><p>Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> Element not found. (HRESULT : 0x80070490) (0x80070490)</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )</p><p>Description: The plug-in in <Search.JetPropStore> cannot be initialized.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: )</p><p>Description: The Windows Search Service cannot load the property store information.</p><p></p><p>Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: )</p><p>Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )</p><p>Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9000) (User: )</p><p>Description: The Windows Search Service cannot open the Jet property store.</p><p></p><p></p><p>Details:</p><p> 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: ESENT) (EventID: 455) (User: )</p><p>Description: Windows (3440) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS006D6.log.</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (01/16/2015 08:33:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The HP Support Assistant Service service failed to start due to the following error:</p><p>%%2</p><p></p><p>Error: (01/15/2015 10:18:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )</p><p>Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.</p><p></p><p>Error: (01/15/2015 00:24:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Secunia Update Agent service terminated unexpectedly. It has done this 2 time(s).</p><p></p><p>Error: (01/15/2015 00:24:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (01/14/2015 01:33:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The HP Support Assistant Service service failed to start due to the following error:</p><p>%%2</p><p></p><p>Error: (01/14/2015 01:31:10 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )</p><p>Description: Unexpected failure. Error code: D@01010004</p><p></p><p>Error: (01/14/2015 01:30:11 PM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 11:09:54 PM on 1/13/2015 was unexpected.</p><p></p><p>Error: (01/13/2015 07:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The HP Support Assistant Service service failed to start due to the following error:</p><p>%%2</p><p></p><p>Error: (01/13/2015 07:50:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )</p><p>Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:</p><p>%%1056</p><p></p><p>Error: (01/13/2015 07:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )</p><p>Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )</p><p>Description:</p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )</p><p>Description: Context: Windows Application</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )</p><p>Description: Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p></p><p>Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )</p><p>Description: Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> Element not found. (HRESULT : 0x80070490) (0x80070490)</p><p>Search.TripoliIndexer</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )</p><p>Description: Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p>Search.JetPropStore</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: )</p><p>Description: Context: Windows Application, SystemIndex Catalog</p><p></p><p></p><p>Details:</p><p> The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: )</p><p>Description:</p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p>The catalog is corrupt</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )</p><p>Description:</p><p>Details:</p><p> The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)</p><p>4700</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9000) (User: )</p><p>Description:</p><p>Details:</p><p> 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))</p><p></p><p>Error: (01/13/2015 07:49:19 PM) (Source: ESENT) (EventID: 455) (User: )</p><p>Description: Windows3440Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS006D6.log-1811</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: AMD A4-3420 APU with Radeon(tm) HD Graphics</p><p>Percentage of memory in use: 52%</p><p>Total physical RAM: 3570.83 MB</p><p>Available physical RAM: 1709.48 MB</p><p>Total Pagefile: 7139.85 MB</p><p>Available Pagefile: 4880.96 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.84 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:914.73 GB) (Free:835.08 GB) NTFS</p><p>Drive d: (HP_RECOVERY) (Fixed) (Total:16.68 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7FA2DEBB)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=914.7 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=16.7 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Kathy5743, post: 334817, member: 33145"] I had to disable my antivirus to get the FRST to download. Here is the FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01 Ran by Kathy (administrator) on DESKTOP on 16-01-2015 21:07:36 Running from C:\Users\Kathy\Desktop Loaded Profiles: Kathy (Available profiles: Kathy & Piano Students & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Carbonite, Inc. ([URL="http://www.carbonite.com"]www.carbonite.com[/URL])) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\vds.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Just Great Software) C:\Program Files\Just Great Software\EditPadLite7\EditPadLite7.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.) HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Run: [HitsBlender] => C:\Program Files (x86)\HitsBlender\hitsblender.exe [679480 2015-01-05] () HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\MountPoints2: {263b821b-6f1a-11e1-b628-386077d8f1d6} - H:\SimpliSafe.exe HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\MountPoints2: {81440d92-7a04-11e1-8c29-386077d8f1d6} - H:\LaunchU3.exe -a ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) GroupPolicyUsers\S-1-5-21-2290871306-4137750491-1347818489-1003\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=[/URL] SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=[/URL] SearchScopes: HKLM -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = [URL]http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL] SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [URL]http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = [URL]http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [URL]http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=[/URL] SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto9_15_02&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtB0C0ByB0EyB0B0Czy0ByEtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDyE0Ezz0CtD0AtG0ByEtB0CtGzy0B0DtDtG0Czz0CyEtGtC0DzzyCtDtAtBzztC0DtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0ByC0CzztCyEtG0A0F0DtBtGyE0Ezz0DtG0ByCtD0EtGzzyE0D0D0EzzyEyEtAtDtC0C2Q&cr=367772155&ir=[/URL] SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = [URL]http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [URL]http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}[/URL] BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} [URL]https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB[/URL] Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.) Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.) Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.) Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.) Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [332608] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.) Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [378544] (CartCrunch Israel Ltd.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 FireFox: ======== FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\pohpu8o0.default-1421211219010 FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [[email]quickprint@hp.com[/email]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-20] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn [2015-01-16] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-29] CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-29] CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-29] CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-29] CHR Extension: (Norton Identity Protection) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-01-29] CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [176241 2004-07-21] (American Power Conversion Corporation) [File not signed] R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X] S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation) R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-04] () [File not signed] R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-04] () [File not signed] R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48264 2012-02-08] () [File not signed] R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-07] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20150115.040\ENG64.SYS [129752 2014-09-02] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20150115.040\EX64.SYS [2137304 2014-09-02] (Symantec Corporation) S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror64.sys [13120 2012-08-13] (Windows (R) Win 7 DDK provider) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-23] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 21:04 - 2015-01-16 21:04 - 02125824 _____ (Farbar) C:\Users\Kathy\Desktop\FRST64.exe 2015-01-16 20:30 - 2015-01-16 20:30 - 00000056 _____ () C:\Windows\setupact.log 2015-01-16 20:30 - 2015-01-16 20:30 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-16 20:29 - 2015-01-16 20:29 - 00001708 _____ () C:\Windows\PFRO.log 2015-01-16 20:24 - 2015-01-16 20:24 - 00000000 _____ () C:\Windows\SysWOW64\shoEEC.tmp 2015-01-16 19:07 - 2015-01-16 19:07 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{E534D789-8181-463F-B199-6B3260A00FB4} 2015-01-15 23:20 - 2015-01-15 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-15 23:18 - 2015-01-15 23:45 - 00000000 ____D () C:\Users\Kathy\Desktop\mbar 2015-01-15 23:15 - 2015-01-15 23:16 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Kathy\Desktop\mbar-1.08.2.1001.exe 2015-01-15 22:36 - 2015-01-15 22:36 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{6A850EB0-02BF-4473-AF82-76514BBEF234} 2015-01-14 23:49 - 2015-01-14 23:49 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{1E53157C-CB44-49DE-A8E6-4C2E6E823576} 2015-01-13 22:13 - 2015-01-13 22:13 - 00035283 _____ () C:\Users\Kathy\Downloads\Addition.txt 2015-01-13 22:11 - 2015-01-16 21:08 - 00023640 _____ () C:\Users\Kathy\Desktop\FRST.txt 2015-01-13 22:04 - 2015-01-16 21:07 - 00000000 ____D () C:\FRST 2015-01-13 22:03 - 2015-01-13 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-13 21:15 - 2015-01-13 21:15 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{EE2450D2-7D81-4119-8060-3DCFC6A0F326} 2015-01-13 20:38 - 2015-01-13 20:38 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-13 19:54 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-13 19:54 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-13 19:54 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-13 19:54 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-13 19:54 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-13 19:54 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-13 19:54 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-13 19:47 - 2015-01-13 19:47 - 00000000 _____ () C:\Windows\SysWOW64\sho5E55.tmp 2015-01-13 19:18 - 2015-01-13 19:18 - 05317104 _____ (Piriform Ltd) C:\Users\Kathy\Downloads\ccsetup501.exe 2015-01-13 19:12 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-13 19:12 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-13 19:12 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-13 19:12 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-13 19:12 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-13 19:12 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-08 23:22 - 2015-01-08 23:22 - 00000000 ____D () C:\Program Files (x86)\predm 2015-01-08 20:40 - 2015-01-08 20:40 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C3DDB241-C8F1-4FC4-809A-5F563D32DC19} 2015-01-07 18:40 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{8AA94D64-90B9-4551-ACDE-8E8C970C136D} 2015-01-05 21:21 - 2015-01-05 21:21 - 00000000 ____D () C:\TouchSmartData 2015-01-05 21:18 - 2015-01-13 19:05 - 00000000 ____D () C:\Users\Kathy\AppData\Local\hitsblender 2015-01-05 21:18 - 2015-01-05 21:20 - 00000000 ____D () C:\ProgramData\PicColorData 2015-01-05 21:18 - 2015-01-05 21:18 - 00003752 _____ () C:\Windows\System32\Tasks\KRWBWZLJOD 2015-01-05 21:18 - 2015-01-04 13:13 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys 2015-01-05 21:18 - 2015-01-04 13:13 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys 2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\HitsBlender 2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4 2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\Program Files (x86)\HitsBlenderUpdater 2015-01-05 21:17 - 2015-01-05 21:17 - 00000000 ____D () C:\Program Files (x86)\HitsBlender 2015-01-05 21:17 - 2015-01-04 13:13 - 00378544 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll 2015-01-05 21:17 - 2015-01-04 13:13 - 00332608 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll 2015-01-05 21:16 - 2015-01-13 19:15 - 00003176 _____ () C:\Windows\System32\Tasks\SimpleFiles Installer Starter 2015-01-05 21:13 - 2015-01-05 21:14 - 03845000 _____ (New Monte Inc) C:\Users\Kathy\Downloads\Ode-to-joy-piano-sheet-music_downloader.exe 2015-01-05 20:13 - 2015-01-05 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C5C38838-0F51-4AE0-869D-954EDBE84C35} 2015-01-05 01:21 - 2015-01-05 01:21 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{0DA4ADE6-548B-41CA-9323-5757D03517B0} 2015-01-02 20:35 - 2015-01-02 20:36 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{D3763760-85AF-43B2-AD1C-A6565A8F4A07} 2015-01-01 21:27 - 2015-01-05 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{3910835B-4ACF-4EB7-8ACF-2373D71FFB67} 2015-01-01 21:27 - 2015-01-01 21:27 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{9AE04BB3-110D-40F6-B9F8-C5E2BA2224D1} 2014-12-28 23:52 - 2014-12-28 23:52 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{426B03B2-AA10-4D4F-917B-D7183EB01F30} 2014-12-27 12:20 - 2014-12-27 12:20 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{FE26839F-7E15-4DE7-8BE2-4C1D3B75E675} 2014-12-26 21:23 - 2014-12-26 21:24 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{253ECFBF-CA53-49C6-974E-1566D45F61DB} 2014-12-17 22:23 - 2014-12-17 22:23 - 00000000 _____ () C:\Windows\SysWOW64\sho37E3.tmp 2014-12-17 20:42 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 20:42 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 19:53 - 2014-12-17 19:53 - 00000000 ____D () C:\Users\Kathy\AppData\Local\{C6B416BC-C5AE-4A43-BA7E-761B971FDD50} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 20:39 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-16 20:39 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-16 20:38 - 2012-06-14 21:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-16 20:35 - 2012-12-10 22:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-16 20:35 - 2012-02-12 19:38 - 01800310 _____ () C:\Windows\WindowsUpdate.log 2015-01-16 20:33 - 2012-12-10 22:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-16 20:31 - 2012-01-12 13:50 - 00000000 ____D () C:\ProgramData\PDFC 2015-01-16 20:30 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-16 20:29 - 2012-05-14 12:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-15 23:45 - 2014-10-15 20:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-15 23:20 - 2014-10-15 20:57 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-15 22:21 - 2012-02-12 19:52 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{49B47D33-9EEF-444C-BF3D-2AC8BFB950D3} 2015-01-14 21:40 - 2012-12-03 16:40 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDESKTOP$ 2015-01-14 21:40 - 2012-12-03 16:40 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDESKTOP$.job 2015-01-14 13:51 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-13 23:07 - 2013-08-13 17:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-13 22:52 - 2012-02-14 17:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 20:38 - 2012-06-14 21:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-13 20:38 - 2012-04-11 16:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-13 20:38 - 2012-01-12 13:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-13 19:46 - 2014-05-29 00:03 - 00000000 ____D () C:\Users\Kathy\AppData\Local\com 2015-01-13 19:27 - 2014-10-15 20:56 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-13 19:27 - 2014-10-15 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-13 19:27 - 2014-10-15 20:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-13 19:19 - 2012-03-18 16:46 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps 2015-01-13 19:19 - 2012-02-25 14:37 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-13 19:19 - 2012-02-25 14:37 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-08 20:40 - 2013-02-06 22:42 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKathy 2015-01-08 20:40 - 2013-02-06 22:42 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForKathy.job 2015-01-01 23:33 - 2012-02-12 19:52 - 00000000 ____D () C:\Users\Kathy\AppData\Local\PDFC 2015-01-01 22:31 - 2012-03-31 19:59 - 00000000 ____D () C:\Users\Kathy\Documents\music docs 2014-12-27 12:21 - 2014-10-15 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-21 18:40 - 2014-07-15 13:08 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2012-11-26 14:41 - 2012-11-26 14:42 - 0000173 _____ () C:\Users\Kathy\AppData\Roaming\hpmirrordriver.log 2012-07-08 21:19 - 2013-04-27 19:09 - 0007637 _____ () C:\Users\Kathy\AppData\Local\Resmon.ResmonCfg 2012-02-20 20:14 - 2012-02-20 20:14 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-02-13 22:36 - 2012-02-13 22:43 - 0000689 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-12 19:04 ==================== End Of Log ============================ Here is the Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01 Ran by Kathy at 2015-01-16 21:09:05 Running from C:\Users\Kathy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Online (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 Online (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.) APC PowerChute Personal Edition (HKLM-x32\...\{5A0C892E-FD1C-4203-941E-0956AED20A6A}) (Version: 1.5 - American Power Conversion Corporation) Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - ) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.3.0.11 - ) Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - ) Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - ) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.17.41 - ) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.) Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.) CenturyLink Personal Digital Vault™ (HKLM-x32\...\{B97FD5DD-1226-49AD-AE6C-BF9DE1468F05}) (Version: 1.0.0004 - CenturyLink) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) EaseUS Todo Backup Free 4.0 (HKLM-x32\...\EaseUS Todo Backup Free 4.0_is1) (Version: 4.0.0.5 - CHENGDU YIWO Tech Development Co., Ltd) EditPad Lite 7.1.1 (HKLM\...\EditPad Lite) (Version: 7.1.1 - Just Great Software) Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.) HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.) Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden LibreOffice 3.5 Help Pack (English) (HKLM-x32\...\{BC6798A2-4703-4E39-AA50-4403C389883B}) (Version: 3.5.7.2 - The Document Foundation) LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others) Norton 360 (HKLM-x32\...\N360) (Version: 6.4.1.14 - Symantec Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.) Score Writer 4 Demo (HKLM-x32\...\Score Writer 4 Demo) (Version: - ) Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia) Should I Remove It (HKU\S-1-5-21-2290871306-4137750491-1347818489-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2290871306-4137750491-1347818489-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 11-12-2014 01:33:12 Windows Update 17-12-2014 22:21:15 Windows Update 13-01-2015 22:50:53 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {13922C8B-E656-4A7A-9FA6-E959FFA16BAC} - \LuckyTab No Task File <==== ATTENTION Task: {20FF6E34-E704-4546-A80A-94CB370BC8DE} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation) Task: {22CEABEE-053C-488F-8E4A-664901B3F266} - System32\Tasks\{16DDA733-2FF8-46CF-B937-3AFADA4689E5} => pcalua.exe -a "C:\Program Files (x86)\MediaPlayer+\Uninstall.exe" -c /fcp=1 Task: {2D06FE34-AA74-4F31-B953-74D0157C0565} - System32\Tasks\HP AR Program Upload - f940ebc4389f4357824bcf03d79c6cdc7c0d0bbb57754723b133d708b51cad11 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {31C987A7-6334-4C5A-9705-FAF7FC5044FF} - System32\Tasks\HPCeeScheduleForKathy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {4BB6A789-E148-4F7B-B817-DF2701BD7F78} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation) Task: {6091A794-7C36-4D2E-9BD1-1C80229BB960} - System32\Tasks\SimpleFiles Installer Starter => C:\Users\Kathy\AppData\Local\Temp\SimpleFilespeW77Yy8Aw.exe <==== ATTENTION Task: {6BF52FBE-2ACC-4CB9-A6EF-549352570FEE} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {6C5A358E-5944-4870-8DE1-913439661EB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.) Task: {8713B0CF-86F5-49AA-BC90-A9603B74FE9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {8F971424-AAC7-4B3C-930C-AEB416B7ABAA} - System32\Tasks\HP AR Program Upload - 2850899e9b1d4c2a8b56ed38b5f86270ef82064248e24ff48aa86cb7560d71a7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {8FB10DDC-B492-4D98-A185-86C774CF9B58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {944B1DE8-AA2A-45F8-AAD1-C7E8BD7FF4E2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation) Task: {9763C462-EF4A-4924-87D5-0ABCEF49FC60} - System32\Tasks\HPCeeScheduleForDESKTOP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {A0879F7C-6152-4285-8E6A-8B1D8B9F5F2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {A8FFE49C-E3ED-4619-9122-FD260962C59B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {C355596E-1739-4036-9AC4-E8D7E1FDA895} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation) Task: {D54D2D6E-521C-4F3E-886B-BEF68E0D6746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.) Task: {E4A71E7B-CC61-44FD-813F-81C3294D5BD5} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL [URL]http://go.microsoft.com/fwlink/?LinkId=116866[/URL] Task: {EF4C0DC9-64BB-4BAA-B225-76E465307678} - System32\Tasks\{5C747E1E-3C86-487E-B039-064312B48D6F} => pcalua.exe -a E:\setup.exe -d E:\ Task: {F5B24015-668B-4B28-8A6A-EC2AC7A76C79} - System32\Tasks\KRWBWZLJOD => C:\ProgramData\02dc2405183d4179bc899f8d2a636ec4\02dc2405183d4179bc899f8d2a636ec4.exe Task: {FE457C32-4150-4F12-9E78-8104E9592525} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForDESKTOP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForKathy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-04 00:09 - 2011-12-22 22:08 - 00051848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2012-04-04 00:09 - 2012-01-17 15:04 - 00027784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2012-04-04 00:09 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2012-04-04 00:09 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2012-04-04 00:09 - 2012-02-23 18:26 - 00051336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2012-04-04 00:09 - 2011-12-22 22:08 - 00114312 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll 2012-04-04 00:09 - 2011-12-22 22:08 - 00245896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2012-04-04 00:09 - 2011-12-22 22:08 - 00069768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2012-04-04 00:09 - 2011-12-22 22:08 - 00064648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2012-04-04 00:09 - 2011-12-23 14:15 - 00023176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2012-04-04 00:09 - 2012-03-14 08:38 - 00106120 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2012-04-04 00:09 - 2012-02-08 12:28 - 00095880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll 2015-01-13 22:03 - 2015-01-13 22:03 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-01-13 20:38 - 2015-01-13 20:38 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Kathy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Kathy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: CenturyLinkTouchPointAgent => "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: Qwest Personal Digital Vault => "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ========================= Accounts: ========================== Administrator (S-1-5-21-2290871306-4137750491-1347818489-500 - Administrator - Disabled) Guest (S-1-5-21-2290871306-4137750491-1347818489-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-2290871306-4137750491-1347818489-1002 - Limited - Enabled) Kathy (S-1-5-21-2290871306-4137750491-1347818489-1000 - Administrator - Enabled) => C:\Users\Kathy Piano Students (S-1-5-21-2290871306-4137750491-1347818489-1003 - Limited - Enabled) => C:\Users\Piano Students ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) Error: (01/13/2015 07:49:19 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows (3440) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS006D6.log. System errors: ============= Error: (01/16/2015 08:33:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: %%2 Error: (01/15/2015 10:18:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (01/15/2015 00:24:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Secunia Update Agent service terminated unexpectedly. It has done this 2 time(s). Error: (01/15/2015 00:24:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s). Error: (01/14/2015 01:33:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: %%2 Error: (01/14/2015 01:31:10 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: D@01010004 Error: (01/14/2015 01:30:11 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:09:54 PM on 1/13/2015 was unexpected. Error: (01/13/2015 07:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: %%2 Error: (01/13/2015 07:50:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (01/13/2015 07:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/13/2015 07:49:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 4700 Error: (01/13/2015 07:49:19 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) Error: (01/13/2015 07:49:19 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows3440Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS006D6.log-1811 ==================== Memory info =========================== Processor: AMD A4-3420 APU with Radeon(tm) HD Graphics Percentage of memory in use: 52% Total physical RAM: 3570.83 MB Available physical RAM: 1709.48 MB Total Pagefile: 7139.85 MB Available Pagefile: 4880.96 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:914.73 GB) (Free:835.08 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:16.68 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7FA2DEBB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=914.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top