Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W7 SP1 64-bit Trojan.Zbot Activity 15 reported by Norton 360


  • This topic is locked This topic is locked
14 replies to this topic

#1 MountainDogs

MountainDogs

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 July 2015 - 01:35 PM

Running W7 SP1 64-bit.  Norton 360 v 22.5.0.124 (recently auto-updated) has started reporting multiple intrusion preventions, citing Trojan Zbot Activity 15.  We've not used your website before but Norton Community thread 6145291 recommended this site, among others.  We are retired software engineers, so we've been out of the loop for awhile, but we can follow technical directions and report back with great detail!

 

Can you help us getting this malware removed?



BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:31 AM

Posted 09 July 2015 - 01:47 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi MountainDogs,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 July 2015 - 02:35 PM

Hi Toffee -  We followed your instructions and ran FRST from our Desktop.  Below are the cut/pasted contents of the two log files you wanted in this reply.  (We couldn't see a way to attach copies of the two files to this reply, but that's not what you asked for anyway! )

 

Note:  In FRST.txt, under the heading "Files to Remove or Delete", we notice several SyncToy synchronization files listed.  SyncToy uses these files for our nightly incremental backups to an external disk, so we do NOT want them moved or deleted.

 

Thanks for your help...

 

FRST.txt file contents:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by BobnJane (administrator) on HP-AIO-200-QUAD on 09-07-2015 15:20:36
Running from C:\Users\BobnJane\Desktop
Loaded Profiles: BobnJane & UpdatusUser (Available Profiles: BobnJane & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\BobnJane\AppData\Local\Akamai\netsession_win.exe
() C:\Users\BobnJane\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Akamai Technologies, Inc.) C:\Users\BobnJane\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_194_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10804768 2010-05-05] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [1966992 2013-09-04] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Run: [Akamai NetSession Interface] => C:\Users\BobnJane\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Run: [Amazon Music] => C:\Users\BobnJane\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\RunOnce: [Uninstall C:\Users\BobnJane\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\BobnJane\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-2892335037-1765663906-1450860951-1004\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-17] (Microsoft Corporation)
Startup: C:\Users\BobnJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011-01-17]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2892335037-1765663906-1450860951-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2892335037-1765663906-1450860951-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2892335037-1765663906-1450860951-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {FB08F588-DDF3-4A05-8CA1-0824FEB3D2D6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {02617252-46C0-4A04-9674-226F732017DF} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {843894D8-BA1B-453A-9B87-821F35873EFA} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {CE59D465-204D-4A29-95F6-BDC39F4363EF} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {FB08F588-DDF3-4A05-8CA1-0824FEB3D2D6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {FB08F588-DDF3-4A05-8CA1-0824FEB3D2D6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {02617252-46C0-4A04-9674-226F732017DF} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {843894D8-BA1B-453A-9B87-821F35873EFA} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {CE59D465-204D-4A29-95F6-BDC39F4363EF} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {FB08F588-DDF3-4A05-8CA1-0824FEB3D2D6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2892335037-1765663906-1450860951-1000 -> {02617252-46C0-4A04-9674-226F732017DF} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2892335037-1765663906-1450860951-1000 -> {843894D8-BA1B-453A-9B87-821F35873EFA} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2892335037-1765663906-1450860951-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
SearchScopes: HKU\S-1-5-21-2892335037-1765663906-1450860951-1000 -> {CE59D465-204D-4A29-95F6-BDC39F4363EF} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2892335037-1765663906-1450860951-1000 -> {FB08F588-DDF3-4A05-8CA1-0824FEB3D2D6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2013-09-04] (Wondershare Software Co., Ltd.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{026D45D4-9187-4EF3-91CE-C8291AE7300B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F33509B8-6A55-4823-A1D0-9BAF7F41160A}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BobnJane\AppData\Roaming\Mozilla\Firefox\Profiles\7kd16n7n.default
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.drudgereport.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2892335037-1765663906-1450860951-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2892335037-1765663906-1450860951-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BobnJane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2892335037-1765663906-1450860951-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2892335037-1765663906-1450860951-1004: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Extension: FavIconReloader - C:\Users\BobnJane\AppData\Roaming\Mozilla\Firefox\Profiles\7kd16n7n.default\Extensions\FavIconReloader@mozilla.org [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-12]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-11-12]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2013-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-09]
FF HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe [282016 2015-06-17] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\BobnJane\AppData\Local\Temp\7zS66F5\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150708.001\IDSvia64.sys [692984 2015-06-24] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150708.032\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150708.032\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-06-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 15:20 - 2015-07-09 15:20 - 00023938 _____ C:\Users\BobnJane\Desktop\FRST.txt
2015-07-09 15:20 - 2015-07-09 15:20 - 00000000 ____D C:\FRST
2015-07-09 15:17 - 2015-07-09 15:17 - 02112512 _____ (Farbar) C:\Users\BobnJane\Desktop\FRST64.exe
2015-06-25 16:04 - 2015-06-25 16:04 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-06-25 16:04 - 2015-06-25 16:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-25 16:04 - 2011-07-20 10:17 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2015-06-25 16:04 - 2011-02-12 21:48 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Mozilla
2015-06-25 16:04 - 2010-12-28 05:03 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2015-06-25 16:04 - 2010-12-28 05:02 - 00001974 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2015-06-25 16:04 - 2009-07-14 00:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-25 16:04 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-25 16:03 - 2015-06-25 16:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-25 05:58 - 2015-06-25 05:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-06-25 05:57 - 2015-06-25 05:57 - 00002279 _____ C:\Users\BobnJane\Desktop\LiveUpdate.lnk
2015-06-25 05:51 - 2015-06-25 05:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-06-25 01:12 - 2015-06-25 05:51 - 00002254 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-06-20 14:50 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-20 14:50 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-20 14:50 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-20 14:50 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-20 14:50 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-20 14:50 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-20 14:50 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-20 14:50 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-20 14:50 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-10 07:53 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 07:53 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 07:53 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 07:53 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 07:53 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 07:53 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 07:53 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 07:53 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 07:53 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 07:53 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 07:53 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 07:53 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 07:53 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 07:53 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 07:53 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 07:53 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 07:53 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 07:53 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 07:53 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 07:53 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 07:53 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 07:53 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 07:53 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 07:53 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 07:53 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 07:53 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 07:53 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 07:53 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 07:53 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 07:53 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 07:53 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 07:53 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 07:53 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 07:53 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 07:53 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 07:53 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 07:53 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 07:53 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 07:53 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 07:53 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 07:53 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 07:53 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 07:53 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 07:53 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 07:53 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 07:53 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 07:53 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 07:53 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 07:53 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 07:53 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 07:53 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 07:53 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 07:53 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 07:53 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 07:53 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 07:53 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 07:53 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 07:53 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 07:53 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 07:53 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 07:53 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 07:53 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 07:53 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 07:53 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 07:53 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 07:53 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 07:53 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 07:53 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 07:53 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 07:53 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 07:53 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 07:53 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 07:52 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 16:01 - 2015-06-09 16:01 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-09 12:53 - 2015-06-09 12:53 - 00001873 _____ C:\Users\Public\Desktop\P-touch Editor 5.1.lnk
2015-06-09 12:53 - 2015-06-09 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2015-06-09 12:53 - 2015-06-09 12:53 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-06-09 12:53 - 2015-06-09 12:53 - 00000000 ____D C:\Program Files (x86)\Brother

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 14:46 - 2012-07-20 06:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 14:46 - 2012-07-20 06:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-09 14:46 - 2012-04-04 10:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 14:46 - 2011-05-20 08:50 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 14:34 - 2011-04-15 08:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 13:55 - 2010-12-28 04:39 - 01688144 _____ C:\Windows\WindowsUpdate.log
2015-07-09 13:29 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 13:29 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 13:28 - 2014-02-21 22:09 - 00000000 ____D C:\Users\BobnJane\AppData\Local\NPE
2015-07-09 13:15 - 2011-04-15 08:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 13:14 - 2011-10-16 01:00 - 00016301 _____ C:\Windows\setupact.log
2015-07-09 13:14 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 13:14 - 2009-07-14 00:45 - 00453936 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-09 13:12 - 2011-11-12 10:15 - 01933178 _____ C:\Windows\PFRO.log
2015-07-09 03:51 - 2015-06-07 03:51 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBobnJane
2015-07-09 03:51 - 2015-06-07 03:51 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBobnJane.job
2015-07-06 20:01 - 2011-01-09 14:59 - 00000000 ____D C:\Users\BobnJane\AppData\Roaming\Adobe
2015-07-06 11:09 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 20:26 - 2011-01-10 02:01 - 00000000 ____D C:\Users\BobnJane\AppData\Roaming\HpUpdate
2015-07-05 20:21 - 2011-01-09 01:39 - 00134432 _____ C:\Users\BobnJane\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-05 19:52 - 2011-01-10 20:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-05 00:12 - 2010-12-28 04:42 - 00000000 ____D C:\ProgramData\PDFC
2015-06-30 06:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-29 18:09 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-29 16:04 - 2012-05-31 11:19 - 00000000 ____D C:\Users\BobnJane\AppData\Roaming\Skype
2015-06-25 16:14 - 2011-03-30 18:39 - 00000000 ____D C:\Users\BobnJane\Documents\Barker
2015-06-25 16:04 - 2010-12-28 04:35 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-25 16:04 - 2010-12-28 04:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-25 05:51 - 2014-12-04 10:40 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-06-25 05:51 - 2014-12-04 10:37 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-06-25 01:12 - 2014-12-04 10:40 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-06-25 01:12 - 2014-12-04 10:40 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-06-25 01:12 - 2014-12-04 10:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-25 01:12 - 2010-12-28 05:04 - 00000000 ____D C:\ProgramData\Norton
2015-06-25 01:11 - 2013-11-13 14:39 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-23 13:10 - 2015-01-07 08:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-20 16:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-06-20 15:04 - 2014-08-27 08:48 - 00000000 ____D C:\Users\BobnJane\AppData\Local\Adobe
2015-06-20 14:53 - 2011-01-10 12:24 - 00000000 ____D C:\Users\BobnJane\AppData\Local\CrashDumps
2015-06-19 06:58 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-13 16:55 - 2011-01-09 01:48 - 00000000 ____D C:\Users\BobnJane\AppData\Local\PDFC
2015-06-10 08:13 - 2014-11-12 09:56 - 00000000 __SHD C:\Users\BobnJane\AppData\Local\EmieBrowserModeList
2015-06-10 08:13 - 2014-04-09 09:51 - 00000000 __SHD C:\Users\BobnJane\AppData\Local\EmieUserList
2015-06-10 08:13 - 2014-04-09 09:51 - 00000000 __SHD C:\Users\BobnJane\AppData\Local\EmieSiteList
2015-06-10 08:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 08:01 - 2011-01-15 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 07:59 - 2013-07-14 21:28 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 07:55 - 2011-01-09 14:17 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-06-20 20:44 - 2011-06-21 06:02 - 0007605 _____ () C:\Users\BobnJane\AppData\Local\resmon.resmoncfg
2013-11-20 16:30 - 2013-11-20 16:30 - 0353118 _____ () C:\Users\BobnJane\AppData\Local\SquareClock.Production_HBMV1Icon.ico
2011-11-12 09:32 - 2011-11-12 09:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-01-10 11:00 - 2011-11-22 19:43 - 0008013 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\BobnJane\SyncToy_2f2823b3-822f-4028-a21e-8cdfbf3817b8.dat
C:\Users\BobnJane\SyncToy_39589688-8a5b-4821-abb6-e7ed7fc025ec.dat
C:\Users\BobnJane\SyncToy_432c2ce9-08a2-422c-b5eb-5b7833688a44.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 00:33

==================== End of log ============================

 

 

 

 

Addition.txt file contents:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by BobnJane at 2015-07-09 15:20:55
Running from C:\Users\BobnJane\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2892335037-1765663906-1450860951-500 - Administrator - Disabled)
BobnJane (S-1-5-21-2892335037-1765663906-1450860951-1000 - Administrator - Enabled) => C:\Users\BobnJane
Guest (S-1-5-21-2892335037-1765663906-1450860951-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2892335037-1765663906-1450860951-1002 - Limited - Enabled)
Sonos (S-1-5-21-2892335037-1765663906-1450860951-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2892335037-1765663906-1450860951-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Brother P-touch Editor 5.1 (HKLM-x32\...\{BF6D28AE-0CAB-4950-AC4A-0AD38DA4C2E8}) (Version: 5.1.0311 - Brother Industries, Ltd.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FiddlerCap (HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\FiddlerCap) (Version:  - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeFileSync 6.7 (HKLM-x32\...\FreeFileSync) (Version: 6.7 - Zenju)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games 2007 (HKLM-x32\...\{D361C406-ED11-4A88-AD42-4A749BBAE6F9}) (Version: 1.2.0.0 - Encore, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3107 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{10173615-D9A7-4C50-A036-38CA89221708}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.4.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Hulu Desktop (HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2892335037-1765663906-1450860951-1004\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jacquie Lawson Circus (HKLM-x32\...\JLCircus) (Version: 1.0.2 - MicroCourt Limited)
Jacquie Lawson Circus (x32 Version: 1.0.2 - MicroCourt Limited) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.36.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.0.124 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9819 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.19 - NVIDIA Corporation)
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6104 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3025 - CyberLink Corp.) Hidden
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 4.15 - )
Savings Bond Wizard (HKLM-x32\...\Savings Bond Wizard) (Version:  - )
Score Writer 4.1 (HKLM-x32\...\Score Writer 4.1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
The Print Shop 12 (HKLM-x32\...\{3DD1FE66-5536-41E3-B786-70068887B3F4}) (Version:  - Broderbund LLC)
Unity Web Player (HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version:  - )
Windows Media Player Plus! 2.5 (HKLM-x32\...\{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1) (Version: 2.5 - BM-productions)
Wondershare Video Converter Ultimate(Build 6.6.0.5) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.6.0.5 - Wondershare Software)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

25-06-2015 16:01:57 Windows Update
25-06-2015 16:20:45 Windows Update
25-06-2015 16:22:42 Windows Update
25-06-2015 16:23:47 Windows Update
25-06-2015 16:30:21 Windows Update
03-07-2015 00:40:29 Scheduled Checkpoint
05-07-2015 19:49:56 Installed HP Support Solutions Framework

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CB3039-ABB6-4DB2-9FC9-A4E5EE315984} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {1EEAA57B-70CD-4FC7-BB09-0FA0E2A5A4BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {226B6488-47EA-41A0-9F88-A54960EB472C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {2BD376ED-99E1-40EF-8DB0-45935BB3CF7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {3B69B84F-BAD2-40D3-B323-69175F912326} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {56669892-4C26-4801-95D0-99E675197442} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {5F4083DC-E2F5-4681-A4AC-B41DB1924BB6} - System32\Tasks\ScanToPCActivationApp.exe_{282F603E-E5EF-420A-8DB4-1B9D234F32D8} => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6CB1069A-9E14-4305-BF58-9AC87DCACBC3} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {72438707-2EDB-46EA-8588-FBE750C7AFBE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {91B64708-9852-45D8-97D4-E621D475AF98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {962F8BF8-D35B-4BDE-8D56-51BA72E1BB41} - System32\Tasks\HPCeeScheduleForBobnJane => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A2867D2B-E13F-4BDF-9791-D83970882108} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {B214B773-894E-4E7D-9A6C-94B26329B126} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {C69815E3-D54C-42EE-B01B-BFB22C0425F2} - System32\Tasks\ABC Nightly CCleaner and Backup => C:\Program Files\CCleaner\CCleaner64.exe [2015-03-13] (Piriform Ltd)
Task: {C73FEDFA-5A12-46AE-A0C1-68ABEA95A3A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN43DF42BV05KD => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {C7A167A0-00DD-4AEC-A1CA-EB758EB8C1F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {CDEED36C-C3D9-4FA5-802D-F3B521B3DE77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19E1K2SM05KD => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {CF4ECE8D-E33D-47F7-BE3C-722615DFA2BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19L1S2FM05KC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {D106452B-8D01-40E4-8AA9-D8E9FCA22E66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D7D82B2D-D80D-4207-B4E5-57906A417193} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FB6A41C2-B7D3-4BC7-9CE7-ADA9D4F1B114} - System32\Tasks\FFS Left to Right => C:\Program Files\FreeFileSync\FreeFileSync.exe [2014-07-01] (freefilesync.sourceforge.net)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBobnJane.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-15 20:48 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-06-14 15:35 - 2015-05-07 15:12 - 05886784 _____ () C:\Users\BobnJane\AppData\Local\Amazon Music\Amazon Music Helper.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2892335037-1765663906-1450860951-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BobnJane\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^BobnJane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Circus.lnk => C:\Windows\pss\Jacquie Lawson Circus.lnk.Startup
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{20C0362B-8348-4B64-8CFC-A2FC55F617EC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{6ABF32F7-87A9-4FD7-A250-3EE217CB7853}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{89883700-3845-457A-B6BA-132B2B561520}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{AD7ED162-529D-4D55-97CF-822AD7507406}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{01DAF2C1-6CFA-4AAE-87CF-1F78A1EE88E0}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{B60A6025-AC6F-4D26-917E-4335FDC3332F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{A5406D79-448B-4997-939F-5974871D1FAD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{AD215DA0-121C-4D55-926F-C5F5B51BE4EA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{28C3FCC5-6E92-447C-8AD3-A5FAAC6DC959}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{EB806E99-8EB4-43CC-9ADB-05ED3A5F136C}] => (Allow) svchost.exe
FirewallRules: [{6404B30A-9BF9-47F3-992B-2FB39D7C6EE1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{4BD7EEDC-2A39-4D49-8B64-F893DF2742A8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{A2A1BDFE-23D3-42BA-BB9B-A422C1022444}] => (Allow) hpqkygrp.exe
FirewallRules: [{1B0B5BA9-723A-4B82-A2FF-69DA75F74B31}] => (Allow) hpqkygrp.exe
FirewallRules: [{51126165-A463-4DCC-8CD8-9894F83DDC41}] => (Allow) hpqkygrp.exe
FirewallRules: [{6298EE0B-070A-4B41-9651-09ECB848A5E6}] => (Allow) hpqkygrp.exe
FirewallRules: [{A3B120A7-C42F-4917-A396-88F8730444E2}] => (Allow) hpqscnvw.exe
FirewallRules: [{FE4DCF21-F927-4BE6-A301-DBFE76D4561C}] => (Allow) hpqscnvw.exe
FirewallRules: [{93F85266-C336-4719-9BAA-CB01CFC3C8C0}] => (Allow) hpqscnvw.exe
FirewallRules: [{2D3F6ED9-1B06-4E4F-963B-DD084F7E8DD7}] => (Allow) hpqscnvw.exe
FirewallRules: [{59B00213-3912-4359-AAF5-9BFC8E706099}] => (Allow) hpqste08.exe
FirewallRules: [{C92E2BC9-6C66-462D-858D-4624AF1676F9}] => (Allow) hpqste08.exe
FirewallRules: [{0058833E-B098-494D-B934-2F3B192F6289}] => (Allow) hpqste08.exe
FirewallRules: [{477840D7-CFCB-4138-A600-B9A28288A280}] => (Allow) hpqste08.exe
FirewallRules: [{CBF604FC-5A5B-41FE-957D-FF8F60F90A79}] => (Allow) hpqthb08.exe
FirewallRules: [{F58C64DD-D5C5-404B-8C62-49DFBFAFDEA9}] => (Allow) hpqthb08.exe
FirewallRules: [{EE5AC8A2-FB1D-410C-9740-8D1D3782A002}] => (Allow) hpqthb08.exe
FirewallRules: [{67910ECB-7B45-42C3-8D9E-F4FB4118C627}] => (Allow) hpqthb08.exe
FirewallRules: [{BCA3FB9B-FFB3-4FD8-B1AB-45958C5EA3D8}] => (Allow) hpqtra08.exe
FirewallRules: [{30BE42CD-C0F1-4696-AA64-EE4FE3C14ED3}] => (Allow) hpqtra08.exe
FirewallRules: [{FAAEE167-B615-45AF-AB70-E88FF26C8ACE}] => (Allow) hpqtra08.exe
FirewallRules: [{33C55337-69A7-4FB0-8E89-FEB7E13C3A67}] => (Allow) hpqtra08.exe
FirewallRules: [{949D55B3-F9A6-487D-9E20-CE1BAF644326}] => (Allow) C:\Program Files (x86)\Sonos\sonos.exe
FirewallRules: [{23DD1524-434A-4FEA-AEED-0131CBB4F02C}] => (Allow) C:\Program Files (x86)\Sonos\sonos.exe
FirewallRules: [TCP Query User{8DC68008-BFF7-4033-9887-4617DE282AD8}C:\users\bobnjane\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bobnjane\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{128E2C6A-FF2B-464D-AAF2-D5B6A5C60694}C:\users\bobnjane\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bobnjane\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{13FD681E-BAFB-4FE9-BD5B-5DE9E4FAD58F}C:\users\bobnjane\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bobnjane\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{53521200-B619-49D1-B1A6-DA5EF3BC7CAB}C:\users\bobnjane\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bobnjane\appdata\local\akamai\netsession_win.exe
FirewallRules: [{6D58A5D2-1D32-4842-BE16-5BCACB49608A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{3691E35D-47B5-433B-BAFE-11D46F51E7A6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DAF9C952-10D1-4983-8F83-8DBE840E9533}] => (Allow) LPort=2869
FirewallRules: [{FDA9F40E-CB79-479B-B857-BB42F04B4ABF}] => (Allow) LPort=1900
FirewallRules: [{0462D447-8BFE-4CB0-AB4E-0BCF3F09B86B}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS2C40\HPDiagnosticCoreUI.exe
FirewallRules: [{8EB639D3-B577-4658-B19E-E3C0558DC038}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS2C40\HPDiagnosticCoreUI.exe
FirewallRules: [{DF41FE8D-4F13-4A61-B1A8-20B736E9B2FE}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS5AF8\HPDiagnosticCoreUI.exe
FirewallRules: [{966446DC-E974-44E8-A94A-3C9515578666}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS5AF8\HPDiagnosticCoreUI.exe
FirewallRules: [{59557274-21B1-4CC7-BE15-828235E435E3}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS5F10\HPDiagnosticCoreUI.exe
FirewallRules: [{2AF9DA10-BA43-49D0-8816-A2A1E8061978}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS5F10\HPDiagnosticCoreUI.exe
FirewallRules: [{6775E872-D466-4F2C-8D54-D9A8F90231C2}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS66F5\hppiw.exe
FirewallRules: [{B1621E50-73C2-4993-90B5-F6BC20390358}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS66F5\hppiw.exe
FirewallRules: [{C9F9E772-82DC-48ED-8C5D-7F5687D2F7E8}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS6870\HPDiagnosticCoreUI.exe
FirewallRules: [{DE45BC2E-E1E6-41EB-80C9-8E006A8A6D57}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS6870\HPDiagnosticCoreUI.exe
FirewallRules: [{B252B007-CF43-4934-BC78-9CC0690B5D57}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS6C61\HPDiagnosticCoreUI.exe
FirewallRules: [{0243D354-6366-4E89-9759-90ED0167CF8E}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS6C61\HPDiagnosticCoreUI.exe
FirewallRules: [{E673D023-71CD-4C48-B2FA-13C76E7E801C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{6F41BE92-A4E3-4E2B-A81F-DF79BF097A59}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{ED35E92C-F70D-4018-9EAC-E5ADA745691D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{7CFEB4B3-A42B-4F0F-9F1E-62E16FC04569}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{74DC931B-FE79-4C49-9FE6-9E86BF984356}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{142579A2-8947-425B-835D-7836C98C99A7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{22D9760F-E732-4175-81DE-5250B2713F07}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS76D4\HPDiagnosticCoreUI.exe
FirewallRules: [{5A685779-0997-42A7-9C7D-573BA43F0C2D}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS76D4\HPDiagnosticCoreUI.exe
FirewallRules: [{D575F9A7-316B-49EC-A615-A65192463978}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS46C7\HPDiagnosticCoreUI.exe
FirewallRules: [{8B3493F4-10B1-4E98-8DA8-CE105BB8BAFF}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS46C7\HPDiagnosticCoreUI.exe
FirewallRules: [{68DFF5B9-1811-4A45-8C34-730FDFC2DC8A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{61FB7098-B67F-443B-A527-B156708137F7}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS1EE5\HPDiagnosticCoreUI.exe
FirewallRules: [{418195A2-7EC9-436C-8EBC-BB06354D56AD}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS1EE5\HPDiagnosticCoreUI.exe
FirewallRules: [{289C47CC-7F46-4193-8259-BFCBB824FC78}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS201B\HPDiagnosticCoreUI.exe
FirewallRules: [{0459772E-304B-4913-A45A-8B3FE3A94DBB}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS201B\HPDiagnosticCoreUI.exe
FirewallRules: [{66AD65FB-D9F6-4F33-AF2D-8A58448F3617}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS2CC2\HPDiagnosticCoreUI.exe
FirewallRules: [{32CCDDF8-228F-43CA-BB83-835C54B5A3A1}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS2CC2\HPDiagnosticCoreUI.exe
FirewallRules: [{588E7C87-2172-48B5-B6EC-B5C94C293F00}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS2D52\HPDiagnosticCoreUI.exe
FirewallRules: [{344E2B2C-DFD7-4F50-B3AC-4DFE8155F06D}] => (Allow) C:\Users\BobnJane\AppData\Local\Temp\7zS2D52\HPDiagnosticCoreUI.exe
FirewallRules: [{4052F5AE-F18A-41F6-B379-D9B3DDCF0C2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B177F7ED-EE67-430B-BCC4-30E45F44DF29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{94C0C3B4-FEC6-49AD-B9C4-AC1AD5653A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D6DF080F-26B3-40BA-B9BE-BB34501E3EAB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC67DF2F-FD0A-4DD1-A91C-47072F2825FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2242246C-19C5-4A17-83E8-1AD38B14C75F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{503992EE-754A-4096-BF62-D29587FECD53}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D24446D6-DECB-4D24-9230-350DF83055E3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3EB1EE24-8394-4DDE-B0E5-0D0920E17F7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B20BD34A-E6AA-4C4C-8BAC-3EF43A9CE7C5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Officejet Pro 8600
Description: HP Officejet Pro 8600
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2015 11:20:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program sidebar.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e28

Start Time: 01d0b696e6e81012

Termination Time: 0

Application Path: C:\Program Files\Windows Sidebar\sidebar.exe

Report Id: 468eb773-2303-11e5-96d1-c80aa9fda6b0

Error: (06/30/2015 01:44:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program sidebar.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6a0

Start Time: 01d0b31f46640c55

Termination Time: 0

Application Path: C:\Program Files\Windows Sidebar\sidebar.exe

Report Id: b74e4be3-1f22-11e5-9227-c80aa9fda6b0

Error: (06/20/2015 07:54:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ONENOTE.EXE, version: 14.0.7151.5000, time stamp: 0x555461db
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0b8df854
Faulting process id: 0x86b4
Faulting application start time: 0xONENOTE.EXE0
Faulting application path: ONENOTE.EXE1
Faulting module path: ONENOTE.EXE2
Report Id: ONENOTE.EXE3

Error: (06/18/2015 04:01:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: nvd3dum.dll, version: 8.17.11.9819, time stamp: 0x4c29f60f
Exception code: 0xc0000005
Fault offset: 0x0029788c
Faulting process id: 0xf80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/10/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.7151.5001, time stamp: 0x555f7e9e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0bbffb9c
Faulting process id: 0x16e0
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (06/10/2015 08:00:58 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (06/07/2015 01:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: Flash32_17_0_0_188.ocx, version: 17.0.0.188, time stamp: 0x553ba5fa
Exception code: 0xc0000005
Fault offset: 0x006ab6ea
Faulting process id: 0xdb4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/30/2015 04:47:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0x116c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/28/2015 08:28:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0x88
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/24/2015 09:01:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: jscript9.dll, version: 11.0.9600.17801, time stamp: 0x55366d21
Exception code: 0xc0000005
Fault offset: 0x001729a2
Faulting process id: 0x1908
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (07/09/2015 01:17:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/09/2015 02:00:48 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (07/08/2015 02:00:42 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (07/07/2015 02:00:49 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (07/06/2015 06:22:11 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/06/2015 06:22:11 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/05/2015 07:50:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (07/05/2015 07:50:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (07/04/2015 04:14:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/04/2015 03:50:31 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Microsoft Office:
=========================
Error: (07/05/2015 11:20:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: sidebar.exe6.1.7601.17514e2801d0b696e6e810120C:\Program Files\Windows Sidebar\sidebar.exe468eb773-2303-11e5-96d1-c80aa9fda6b0

Error: (06/30/2015 01:44:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: sidebar.exe6.1.7601.175146a001d0b31f46640c550C:\Program Files\Windows Sidebar\sidebar.exeb74e4be3-1f22-11e5-9227-c80aa9fda6b0

Error: (06/20/2015 07:54:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ONENOTE.EXE14.0.7151.5000555461dbunknown0.0.0.000000000c00000050b8df85486b401d0ab4f765aca38C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXEunknown1c681542-1743-11e5-9672-c80aa9fda6b0

Error: (06/18/2015 04:01:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbnvd3dum.dll8.17.11.98194c29f60fc00000050029788cf8001d0aa00faa46b77C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\nvd3dum.dllcb46a72e-15f4-11e5-9672-c80aa9fda6b0

Error: (06/10/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE14.0.7151.5001555f7e9eunknown0.0.0.000000000c00000050bbffb9c16e001d0a3bab87b28d5C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEunknown0a4b34e2-0fb1-11e5-aa5b-c80aa9fda6b0

Error: (06/10/2015 08:00:58 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (06/07/2015 01:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cFlash32_17_0_0_188.ocx17.0.0.188553ba5fac0000005006ab6eadb401d0a14900a087bdC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_188.ocx4adb8232-0d3c-11e5-80b1-c80aa9fda6b0

Error: (05/30/2015 04:47:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cFlash32_17_0_0_169.ocx17.0.0.1695529d7e1c0000005006aacca116c01d09b19bfa02039C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_169.ocx14f08c2e-070d-11e5-8a98-c80aa9fda6b0

Error: (05/28/2015 08:28:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cFlash32_17_0_0_169.ocx17.0.0.1695529d7e1c0000005006aacca8801d09941ac9aa397C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_169.ocxfc1c1072-0534-11e5-8a98-c80aa9fda6b0

Error: (05/24/2015 09:01:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cjscript9.dll11.0.9600.1780155366d21c0000005001729a2190801d09685faf9c225C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll8c57ebfb-0279-11e5-8a98-c80aa9fda6b0

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 880 @ 3.07GHz
Percentage of memory in use: 29%
Total physical RAM: 8151.11 MB
Available physical RAM: 5761.07 MB
Total Virtual: 16300.43 MB
Available Virtual: 13796.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1384.12 GB) (Free:1254.08 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.04 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 1B1DCFBC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1384.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End of log ============================



#4 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 July 2015 - 03:32 PM

Hi Toffee - We'll be unable to reply to any messages from you for about the next hour.  Should be back online by 7/9 17:30 US Eastern Daylight



#5 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 July 2015 - 04:32 PM

Back online now.



#6 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 09 July 2015 - 08:33 PM

Hi Toffee -  We see that you're 5 hours ahead of us, and perhaps you'll be reading this Friday am before we're even awake.  So we wanted to give you this background: 

 

About June 25, our Norton 360 auto-updated to v 22.5.0.124 (presumably a Windows 10 - compatible version).  The first time a scheduled full scan ran after that on June 28, we (and many other Norton customers) got dozens of false positives for heuristic viruses on some of our other W7-SP1 PC's.  Many of these files were deleted and quarantined without even asking us.  Since the GUI was new, we had to learn that at the same time we were trying figure out how to recover all our deleted files, etc, and eliminate the phantom "Action Required" popup screens.  It turned out that if you had rebooted your machine between the v 22 installation and the first full scan, you were probably OK, but if not, Norton 360 often "detected" dozens, and in some cases hundreds, of false positive heuristic viruses.

 

You must certainly be wondering by now why we're telling you all this ?!?  Well, here's where the plot thickens.  We had some doctor and hospital appointments to keep on Thursday.  Early Thursday morning I noticed that Norton 360 was reporting an intrusion prevention of a Trojan at least once an hour.  Even though Norton said no action was required, we just shut the machine down for the 6 hours that we were gone.  When we got home, we rebooted the machine and contacted you at bleepingcomputer.com.  The curious thing is this:  since we rebooted, Norton 360 has reported NO intrusion preventions for 8 straight hours (as of Thursday night). 

 

Possibly these Trojan servers stop trying to contact an IP address for a while if it doesn't respond for X hours or Y attempts; you might know more about that.  However, after our recent experience with Norton 360 behaving much better after a reboot, we are also suspicious about false positives coming from the new Norton 360 software.

 

Anyway, we ran a Norton 360 full scan Wednesday afternoon and it reported nothing but cookie deletions, as usual.  We'll run another full scan Thursday evening.  Friday morning, we'll report to you those results and whether we got any new "intrusion preventions" overnight.

 

Thanks!



#7 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 July 2015 - 05:07 AM

Hi Toffee - 

 

The overnight Norton 360 scan ran with nothing identified except 35 cookies found and deleted (about normal on this system). 

 

There STILL have not been any NEW intrusion preventions reported by Norton since the reboot after the 6-hour power-down, now almost 14 hours ago (see previous post).



#8 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 July 2015 - 08:02 AM

Early Friday morning (US Eastern Daylight) Norton 360 applied a patch after an interactive run of Norton LiveUpdate.  Not sure if anything in this patch is related to our situation, but we've still had no intrusion detections/preventions since re-booting our system yesterday, now nearly 20 hours ago.



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:31 AM

Posted 10 July 2015 - 11:34 AM

Hi MountainDogs,
 
Thank you for the information. It seems that this was a false positive on Norton's part. Zbot is definitely not an infection which goes away and you would see it in the logs, which I do not, further confirming the false positive situation.
 
I still suggest running this scan to check if there are any underlying infections:
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 July 2015 - 03:42 PM

Hi xXToffeeXx -

 

Thanks for corroborating our growing suspicions of a false positive coming from Norton 360.  If it really was a false positive, this is the second time in two weeks that they've caused us much stress and trouble!  :ranting:  For the near future, any time we see that Norton 360 has applied a patch to its software, we're going to reboot the system as a precaution.

 

Also thanks for the additional analysis tool EEK.  We will get to work on that as soon as we've taken our real dogs for their afternoon walks. :clown:  :clown:

 

We'll send you the log results from EEK as soon as we have them.

 

Thanks again - MountainDogs



#11 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 July 2015 - 05:31 PM

Hi Toffee -

 

We followed your Emsisoft Emergency Kit scanner instructions as best we could.  We think the GUI and/or version may have changed because some of the options and button names were different than what was in the instructions.  At any rate, we did the online update and clicked SCAN (the only choices below SCAN on the OVERVIEW screen were MALWARE and CUSTOM, and the choices within the SCAN sub-window were QUICK, MALWARE, and CUSTOM.  We declined the prompt to include a PUP scan and selected MALWARE.

 

It has flagged 16 items as suspicious, but also classified them ALL as "No Risk" on the SCAN diagnosis screen.  Because of that "No Risk" status, we were reluctant to quarantine them because we don't want to do any damage.  But we will still do so if you think that's prudent.  Should we go ahead and quarantine these items?  If so, can they be retrieved via EMSISOFT if necessary?  We don't want to buy any more trouble at this point if we don't have to!

 

Below is the contents of the log file, which was named "scan_150710-175903.txt" (there was no "a2" at the beginning of its name).

 

c:\eek\bin\reports\scan_150710-175903.txt         report file contents:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 7/10/2015 5:54:49 PM
User account: HP-AIO-200-Quad\BobnJane

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 7/10/2015 5:59:03 PM
C:\Users\BobnJane\AppData\Roaming\OpenCandy  detected: Application.AppInstall (A)
C:\Program Files (x86)\coupons  detected: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2892335037-1765663906-1450860951-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}  detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\HPSF_TASKS_RASAPI32  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\HPSF_TASKS_RASMANCS  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}  detected: Application.AdReg (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> BROWSERPLUGINHELPER  detected: Application.AdStart (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}  detected: Application.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CHGDEABPMPHFHKOEMJJGLMILAJLDEKBP  detected: Application.WebExt (A)

Scanned 75819
Found 16

Scan end: 7/10/2015 6:04:33 PM
Scan time: 0:05:30


Edited by xXToffeeXx, 11 July 2015 - 02:56 PM.
Removed formatting


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:31 AM

Posted 11 July 2015 - 03:03 PM

Hi MountainDogs,
 
You are correct, I need to update my canned. I will do that for the next user.
 

It has flagged 16 items as suspicious, but also classified them ALL as "No Risk" on the SCAN diagnosis screen.  Because of that "No Risk" status, we were reluctant to quarantine them because we don't want to do any damage.  But we will still do so if you think that's prudent.  Should we go ahead and quarantine these items?  If so, can they be retrieved via EMSISOFT if necessary?  We don't want to buy any more trouble at this point if we don't have to!

The no risk is due to them being PUPs, you can quarantine them but leaving them will also do no harm. They can be retrieved as long as they are quarantined, it is a very easy process :)
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 MountainDogs

MountainDogs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 11 July 2015 - 03:33 PM

Thanks xXToffeeXx - Since we have still had zero "intrusion prevention" events from Norton 360 since the reboot (now > 48 hours) we'll probably sit tight, but of course we'll keep the new scanning utilities handy on our desktop.  Thanks again for your guidance.  - MountainDogs 



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:31 AM

Posted 11 July 2015 - 03:40 PM

Hi MountainDogs,

 

Make sure to get the updated version if you want to use them again, or update definitions. You are welcome :) Let me know if Norton reports anything.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:31 AM

Posted 16 July 2015 - 11:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users