Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible CSRSS.exe infection according to HP


  • This topic is locked This topic is locked
27 replies to this topic

#1 chfrank2

chfrank2

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 15 July 2015 - 05:58 PM

I had a problem with my printer not printing yellow even after a new cartridge was installed.  I called HP to try and get the problem resolved and they told me that the CSRSS.EXE file was infected.  Not sure how to fix it.  downloaded FRST and this is the frsl.log...

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Frank (administrator) on FRANK-PC on 15-07-2015 18:47:26
Running from C:\Users\Frank\Desktop
Loaded Profiles: Frank (Available Profiles: Frank)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Dropbox, Inc.) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-19\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Run: [Dropbox Update] => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-05] (Dropbox, Inc.)
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NofolderOptions] 0
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49819;https=127.0.0.1:49819
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.4.0.13
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {665C19F7-943F-491C-9285-27912C9A2E15} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3014819020-142153081-3914904618-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3014819020-142153081-3914904618-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-13] (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-13] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3014819020-142153081-3914904618-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File not found
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{44BB822E-7A9B-48F0-B529-33FE1AEA9A9D}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\wxw6pfm9.default
FF NewTab: www.google.com
FF DefaultSearchEngine: eBay
FF DefaultSearchEngine.US: eBay
FF SelectedSearchEngine: eBay
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-07-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-09-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-09-13] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3014819020-142153081-3914904618-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Frank\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-13] (Citrix Online)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-30]
CHR Extension: (RealDownloader) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-30]
CHR Extension: (Norton Identity Protection) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-07-30]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-05]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [906752 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe [282016 2015-06-17] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150715.001\IDSvia64.sys [692984 2015-07-09] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150715.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150715.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-26] ()
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1605000.07C\SYMTDIV.SYS [477400 2015-06-04] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 18:47 - 2015-07-15 18:47 - 02133504 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2015-07-15 18:47 - 2015-07-15 18:47 - 00022133 _____ C:\Users\Frank\Desktop\FRST.txt
2015-07-14 21:44 - 2015-07-14 21:44 - 01219276 _____ C:\Users\Frank\Documents\eCFR — Code of Federal Regulations.htm
2015-07-14 21:44 - 2015-07-14 21:44 - 00000000 ____D C:\Users\Frank\Documents\eCFR — Code of Federal Regulations_files
2015-07-13 21:23 - 2015-07-13 20:55 - 00898144 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2015-07-13 21:23 - 2015-07-13 20:55 - 00817760 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-07-13 20:56 - 2015-07-13 20:55 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-13 19:42 - 2015-07-14 16:59 - 00000248 _____ C:\Windows\error.log
2015-07-13 19:40 - 2015-07-14 16:59 - 00000056 _____ C:\Windows\errord.log
2015-07-13 19:40 - 2015-07-13 19:40 - 00000356 _____ C:\Windows\PFRO.log
2015-07-13 18:44 - 2015-07-13 19:17 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-07-13 18:44 - 2015-07-13 18:44 - 00000000 ____D C:\Users\Frank\AppData\Local\Citrix
2015-07-11 04:24 - 2015-07-11 04:24 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-10 20:48 - 2015-07-15 12:55 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000
2015-07-10 20:48 - 2015-07-15 12:55 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000
2015-07-10 12:42 - 2015-07-10 12:42 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-10 12:34 - 2015-07-10 12:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-09 19:29 - 2015-07-09 19:36 - 00000000 ____D C:\Users\Frank\Documents\Nuclear
2015-07-05 20:39 - 2015-07-15 18:44 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000UA.job
2015-07-05 20:39 - 2015-07-14 20:44 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000Core.job
2015-07-05 20:39 - 2015-07-05 20:39 - 00003802 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000UA
2015-07-05 20:39 - 2015-07-05 20:39 - 00003406 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000Core
2015-07-05 20:39 - 2015-07-05 20:39 - 00000000 ____D C:\Users\Frank\AppData\Local\Dropbox
2015-07-05 20:39 - 2015-07-05 20:39 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 18:47 - 2014-07-20 20:00 - 00000000 ____D C:\FRST
2015-07-15 18:19 - 2012-04-01 11:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-15 18:14 - 2011-01-06 09:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 17:45 - 2015-02-13 19:43 - 01854072 _____ C:\Windows\WindowsUpdate.log
2015-07-15 16:59 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 16:59 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 15:02 - 2013-10-29 17:35 - 00003686 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB8D0CAD-2E4F-4F57-B583-0459E3885F59}
2015-07-15 10:14 - 2011-01-06 09:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 21:10 - 2006-11-02 08:46 - 00763650 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 18:19 - 2012-04-01 11:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 18:19 - 2012-04-01 11:26 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 18:19 - 2011-07-08 11:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 17:02 - 2012-10-21 08:14 - 00000000 ___RD C:\Users\Frank\Dropbox
2015-07-14 17:02 - 2012-10-21 08:11 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Dropbox
2015-07-14 16:59 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 16:58 - 2006-11-02 11:42 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-13 21:34 - 2014-08-09 14:37 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-07-13 21:34 - 2014-08-09 14:37 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-07-13 20:55 - 2013-09-29 14:45 - 00000000 ____D C:\ProgramData\Oracle
2015-07-13 20:55 - 2012-09-16 10:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-11 10:09 - 2011-01-06 09:56 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-11 10:09 - 2011-01-06 09:56 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-10 12:35 - 2012-10-14 15:42 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-10 12:35 - 2009-11-13 09:10 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-10 12:34 - 2013-10-13 13:19 - 00002016 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-10 12:13 - 2009-11-13 13:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-05 18:13 - 2009-05-06 07:30 - 00000000 ____D C:\ProgramData\Norton
2015-07-05 18:12 - 2009-11-13 09:11 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-05 18:12 - 2009-11-13 09:11 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-05 18:12 - 2009-11-13 09:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-05 18:10 - 2012-07-26 06:29 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-30 20:13 - 2009-09-09 16:46 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

==================== Files in the root of some directories =======

2012-08-05 13:50 - 2013-03-06 09:13 - 0000288 _____ () C:\Users\Frank\AppData\Roaming\.backup.dm
2009-12-17 22:49 - 2014-03-07 19:07 - 0000872 _____ () C:\Users\Frank\AppData\Roaming\wklnhst.dat
2009-09-10 08:15 - 2014-07-26 21:49 - 0008376 _____ () C:\Users\Frank\AppData\Local\d3d9caps.dat
2012-07-25 21:46 - 2012-07-27 21:27 - 0000732 _____ () C:\Users\Frank\AppData\Local\d3d9caps64.dat
2009-11-03 18:03 - 2014-11-27 21:28 - 0013824 _____ () C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-29 13:32 - 2014-06-29 13:32 - 0440430 _____ () C:\Users\Frank\AppData\Local\dd_vcredistMSI42F6.txt
2013-12-24 08:44 - 2013-12-24 08:44 - 0420672 _____ () C:\Users\Frank\AppData\Local\dd_vcredistMSI532E.txt
2013-12-24 09:20 - 2013-12-24 09:20 - 0353228 _____ () C:\Users\Frank\AppData\Local\dd_vcredistMSI6EBF.txt
2014-06-29 13:32 - 2014-06-29 13:32 - 0011646 _____ () C:\Users\Frank\AppData\Local\dd_vcredistUI42F6.txt
2013-12-24 08:44 - 2013-12-24 08:44 - 0016670 _____ () C:\Users\Frank\AppData\Local\dd_vcredistUI532E.txt
2013-12-24 09:20 - 2013-12-24 09:20 - 0044818 _____ () C:\Users\Frank\AppData\Local\dd_vcredistUI6EBF.txt
2011-05-12 15:18 - 2011-05-22 11:19 - 0001940 _____ () C:\Users\Frank\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2009-09-09 20:09 - 2010-03-24 18:51 - 0005036 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe

Some files in TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcwmz0.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-15 17:12

==================== End of log ============================



BC AdBot (Login to Remove)

 


#2 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 15 July 2015 - 06:00 PM

Here is the addition.txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Frank at 2015-07-15 18:48:23
Running from C:\Users\Frank\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3014819020-142153081-3914904618-500 - Administrator - Disabled)
Frank (S-1-5-21-3014819020-142153081-3914904618-1000 - Administrator - Enabled) => C:\Users\Frank
Guest (S-1-5-21-3014819020-142153081-3914904618-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909a (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Labs' Natural Voices 1.4 - Desktop Runtime (HKLM-x32\...\AT&T Labs' Natural Voices 1.4 - Desktop Runtime_is1) (Version: 1.4.0916 - AT&T Labs)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist 1.0 (HKLM-x32\...\Bejeweled Twist 1.0) (Version: 1.0 - PopCap Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
D7500 (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
D7500_Help (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
DriverDoc (HKLM-x32\...\DriverDoc_is1) (Version: 10.0 - Driver-Soft Inc.)
Dropbox (HKU\S-1-5-21-3014819020-142153081-3914904618-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5144.16 - PC-Doctor, Inc.)
HD Writer LE 2.1 (HKLM-x32\...\{DD982DF5-0402-4749-AAE3-0EFFE345E5CF}) (Version: 2.01.014.1033 - Panasonic Corporation)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.1000.1002 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.66 - WildTangent)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart D7500 Printer Driver Software 11.0 Rel .4 (HKLM\...\{57A62553-DA56-431d-92FA-02133BF95DC0}) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
LightScribe Applications (HKLM-x32\...\{7D8B9DA5-370A-48B6-AD8D-63574C974AAC}) (Version: 1.18.26.7 - LightScribe)
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOK) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MPM (HKLM-x32\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.0.124 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
Officejet Pro 8500 A909 Series (HKLM\...\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}) (Version: 12.0 - HP)
PanoStandAlone (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
PhotoSync (HKLM\...\{679C79D2-15C6-45DE-B846-B5196B1C36DE}) (Version: 1.6.2 - touchbyte GmbH)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PS_SF_04_D7500_ProductContext (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
PS_SF_04_D7500_Software (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
PS_SF_04_D7500_Software_Min (x32 Version: 110.0.209.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ResumeMaker (HKLM-x32\...\{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}) (Version: 16.0.0 - Individual Software Inc.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
sp44626 (HKLM-x32\...\sp44626) (Version:  - Hewlett-Packard)
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3014819020-142153081-3914904618-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3014819020-142153081-3914904618-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points =========================

09-08-2014 20:06:10 ComboFix created restore point
09-08-2014 20:20:49 Installed Java 7 Update 67
16-08-2014 03:00:35 Windows Update
28-08-2014 03:00:11 Windows Update
12-09-2014 03:00:14 Windows Update
24-09-2014 03:00:12 Windows Update
16-10-2014 03:00:14 Windows Update
13-11-2014 04:00:34 Windows Update
20-11-2014 04:00:11 Windows Update
10-12-2014 04:00:40 Windows Update
14-12-2014 04:00:11 Windows Update
14-01-2015 04:00:11 Windows Update
11-02-2015 04:00:37 Windows Update
12-02-2015 04:00:12 Windows Update
11-03-2015 03:00:48 Windows Update
15-04-2015 03:00:38 Windows Update
13-05-2015 03:00:15 Windows Update
10-06-2015 03:00:40 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2014-07-26 21:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A83B01C-3BD0-450B-B93A-D05564686F01} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {18FCF200-C6D3-428E-BCE3-59D4C5C0F1E7} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-6 No Task File <==== ATTENTION
Task: {1C2C6688-2008-430C-9EAF-F26E8C7190BF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1C538700-C234-438F-9201-0584F91AC5C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23A80926-9794-4A87-84BF-C9BB3DDCEB09} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-1 No Task File <==== ATTENTION
Task: {267D2C12-B1A5-4B64-9ADB-FA2B0CA21099} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {2B169828-A038-4686-B5E1-57F3BA36AF48} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-5 No Task File <==== ATTENTION
Task: {2F0BB04B-B7A7-4AC6-A57D-23830FC7832F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {323A33F1-D87A-465B-8F7C-754317B1D851} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {33EFA158-4344-4A41-906F-5D1CFA538074} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {3C1B5682-B556-4CC6-96D1-F9C6E2A14972} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {42920688-A908-40B9-B7F4-993EA58D7254} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-11 No Task File <==== ATTENTION
Task: {4647F825-F8C6-4F80-B24B-0C550A007BA9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000UA => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {53AD9DCA-036A-4FBC-8C8F-42AA87E2BE4A} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user No Task File <==== ATTENTION
Task: {540FCDB5-A8CA-4A8E-899E-451679EF0EFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5E8CB0E9-262A-4669-8E03-A688505DCA7E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02] (PC-Doctor, Inc.)
Task: {8F6A7025-9E4C-4CAC-97D3-8F87C2E6D27B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000Core => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-05] (Dropbox, Inc.)
Task: {956BA0E2-6C7D-4899-ADF1-D46A1B14B22C} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {9BDE0606-AF38-40B8-BC30-08ACBE3C37E2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {B9103285-75C0-489E-BA00-47FDCC6C8BD1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {BAAC502B-21E0-49FF-8DBF-BD99DAA75F8A} - System32\Tasks\SearchGuardPlusUpdater => C:\Program Files\Search Guard PlusU\sgpupdaters.exe
Task: {C9BE50B4-5E36-4E71-8F05-FE15EC6DF729} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CA7CD84E-EB7A-437D-933E-D1329E515D30} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-2 No Task File <==== ATTENTION
Task: {CFC1CF0B-7819-471A-B04B-01F6E31673E0} - System32\Tasks\{2918FF6E-7EBF-41FC-9D61-1F0C54A3E06F} => pcalua.exe -a E:\Epson.exe -d E:\
Task: {D0497BEA-5BC0-49C4-AA6B-33554FC77888} - System32\Tasks\{C00703AD-CE28-4024-A368-E7CBFEB4F7B5} => pcalua.exe -a "C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24HMY81X\epson12688[1].exe" -d C:\Users\Frank\Desktop
Task: {D301B96B-0F36-48D1-A415-A620DF6E343F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {D31D057F-D167-4E27-81F7-5C00CDD346E8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014819020-142153081-3914904618-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E5A642A2-16D4-48A9-85FC-71ABA050B448} - \DriverUpdate Startup No Task File <==== ATTENTION
Task: {E9452928-5D08-4476-B633-B39F37B5B3F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {F4038EE8-9478-4BC8-905D-C328632661B8} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-3 No Task File <==== ATTENTION
Task: {F5FC5884-DAE3-4CAD-8823-A9368377F856} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-7 No Task File <==== ATTENTION
Task: {F8888602-1F75-497E-9920-6E06305F5D65} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-4 No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000Core.job => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3014819020-142153081-3914904618-1000UA.job => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2012-10-16 11:22 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-14 17:00 - 2015-07-14 17:00 - 00043008 _____ () c:\users\frank\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcwmz0.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00750080 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00047616 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00865280 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-19 03:15 - 00200704 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3014819020-142153081-3914904618-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk => C:\Windows\pss\HD Writer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: NVRaidService => C:\Windows\system32\nvraidservice.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A36E5E18-735D-4F18-BB2A-3D32EAC96DC1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7E3BE397-6F12-4F54-9CB7-0CA5A897350E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FC5F00C6-0573-4782-AF48-FAE45760769B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{223A9DCA-46A9-4263-B929-DFDDD2E5CD8E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{394D3EEB-4E2E-4E27-AB6F-396028E87B02}] => (Allow) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{918A9CA3-AF75-4D1B-B542-2565B61AE330}] => (Allow) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E90D5D97-C6E9-4735-AA47-491BFDF6E3BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D35101B-C8B9-4633-B919-CF24825F9BBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EA67EB2-FD76-4600-880D-0ABB5EFF2B3D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E1E5EFDF-E1A6-4853-931E-C4781F93ACAE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F2271972-9E50-437F-A0B3-8B2829621B47}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D9D2EBEB-F2D1-460F-B84A-8862C6CA7F26}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 05:00:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 05:00:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/14/2015 04:57:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 10.1.12.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 12a0
Start Time: 01d0be774d4613e4
Termination Time: 13637

Error: (07/13/2015 08:47:33 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (07/13/2015 07:42:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 07:41:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/12/2015 03:34:38 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: The requested resource is in use. (0x800700AA).

Error: (07/10/2015 08:47:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/10/2015 08:45:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2015 12:34:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (07/14/2015 05:00:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (07/13/2015 07:42:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (07/12/2015 06:20:36 PM) (Source: DCOM) (EventID: 10016) (User: Frank-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Frank-PCFrankS-1-5-21-3014819020-142153081-3914904618-1000LocalHost (Using LRPC)

Error: (07/10/2015 08:45:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (07/10/2015 12:37:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (07/10/2015 12:34:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (07/09/2015 04:08:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IDSVia64Symantec Extended File Attributes%%1058

Error: (07/08/2015 03:43:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IDSVia64Symantec Extended File Attributes%%1058

Error: (07/07/2015 04:27:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IDSVia64Symantec Extended File Attributes%%1058

Error: (07/06/2015 08:15:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IDSVia64Symantec Extended File Attributes%%1058

Microsoft Office:
=========================
Error: (07/10/2014 07:30:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/29/2013 05:24:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/11/2013 05:57:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/19/2013 09:07:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/01/2012 03:25:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14234 seconds with 3060 seconds of active time.  This session ended with a crash.

Error: (04/16/2011 10:28:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 221 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-07-15 18:48:15.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 18:48:14.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 18:48:14.024
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 18:48:13.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 18:47:47.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 18:47:47.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 18:47:46.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 18:47:45.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-05 18:12:58.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Frank\AppData\Local\Temp\TEMP.^^^\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-05 18:12:57.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Frank\AppData\Local\Temp\TEMP.^^^\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom™ 9650 Quad-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 7934.31 MB
Available physical RAM: 4852.35 MB
Total Virtual: 16043.15 MB
Available Virtual: 13101.3 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:582.31 GB) (Free:394.32 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.86 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)

==================== End of log ============================



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 16 July 2015 - 05:21 PM

Greetings chfrank2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49819;https=127.0.0.1:49819
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3014819020-142153081-3914904618-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
Toolbar: HKU\S-1-5-21-3014819020-142153081-3914904618-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File not found
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [Not Found]
S1 Beep; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]
C:\Users\Public\MyWebTattoo.exe
Task: {0A83B01C-3BD0-450B-B93A-D05564686F01} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {18FCF200-C6D3-428E-BCE3-59D4C5C0F1E7} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-6 No Task File <==== ATTENTION
Task: {23A80926-9794-4A87-84BF-C9BB3DDCEB09} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-1 No Task File <==== ATTENTION
Task: {2B169828-A038-4686-B5E1-57F3BA36AF48} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-5 No Task File <==== ATTENTION
Task: {3C1B5682-B556-4CC6-96D1-F9C6E2A14972} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {42920688-A908-40B9-B7F4-993EA58D7254} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-11 No Task File <==== ATTENTION
Task: {53AD9DCA-036A-4FBC-8C8F-42AA87E2BE4A} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user No Task File <==== ATTENTION
Task: {956BA0E2-6C7D-4899-ADF1-D46A1B14B22C} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {CA7CD84E-EB7A-437D-933E-D1329E515D30} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-2 No Task File <==== ATTENTION
Task: {CFC1CF0B-7819-471A-B04B-01F6E31673E0} - System32\Tasks\{2918FF6E-7EBF-41FC-9D61-1F0C54A3E06F} => pcalua.exe -a E:\Epson.exe -d E:\
Task: {D0497BEA-5BC0-49C4-AA6B-33554FC77888} - System32\Tasks\{C00703AD-CE28-4024-A368-E7CBFEB4F7B5} => pcalua.exe -a "C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24HMY81X\epson12688[1].exe" -d C:\Users\Frank\Desktop
Task: {E5A642A2-16D4-48A9-85FC-71ABA050B448} - \DriverUpdate Startup No Task File <==== ATTENTION
Task: {F4038EE8-9478-4BC8-905D-C328632661B8} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-3 No Task File <==== ATTENTION
Task: {F5FC5884-DAE3-4CAD-8823-A9368377F856} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-7 No Task File <==== ATTENTION
Task: {F8888602-1F75-497E-9920-6E06305F5D65} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-4 No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
CSRSS.EXE
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 19 July 2015 - 08:21 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 July 2015 - 07:13 PM

Contents of fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Frank at 2015-07-20 20:06:42 Run:4
Running from C:\Users\Frank\Downloads
Loaded Profiles: Frank (Available Profiles: Frank)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: netsh winsock reset
*****************

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog 20:06:43 ====



#6 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 July 2015 - 07:22 PM

Contents of search.txt

 

 

Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Frank at 2015-07-20 20:16:10
Running from C:\Users\Frank\Downloads
Boot Mode: Normal

================== Search Files: "csrss.exe" =============

C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe
[2008-01-20 22:49][2008-01-20 22:49] 0007680 ____A (Microsoft Corporation) B4ABE68596B173FF2AB2076BC7C35EB4 [File is signed]

C:\Windows\System32\csrss.exe
[2008-01-20 22:49][2008-01-20 22:49] 0007680 ____A (Microsoft Corporation) B4ABE68596B173FF2AB2076BC7C35EB4 [File is signed]

====== End of Search ======



#7 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 July 2015 - 07:34 PM

Sorry it took so long to reply work got a little hectic.  Attached is the system.zip file as requested.

 

Frank

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 20 July 2015 - 07:41 PM

Thanks for the information. The fixlist you ran is not what I posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 July 2015 - 08:01 PM

Is this right?  I have no idea where the other results came from.

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Frank at 2015-07-20 20:51:49 Run:5
Running from C:\Users\Frank\Desktop
Loaded Profiles: Frank (Available Profiles: Frank)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49819;https=127.0.0.1:49819
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3014819020-142153081-3914904618-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
Toolbar: HKU\S-1-5-21-3014819020-142153081-3914904618-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File not found
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [Not Found]
S1 Beep; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]
C:\Users\Public\MyWebTattoo.exe
Task: {0A83B01C-3BD0-450B-B93A-D05564686F01} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {18FCF200-C6D3-428E-BCE3-59D4C5C0F1E7} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-6 No Task File <==== ATTENTION
Task: {23A80926-9794-4A87-84BF-C9BB3DDCEB09} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-1 No Task File <==== ATTENTION
Task: {2B169828-A038-4686-B5E1-57F3BA36AF48} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-5 No Task File <==== ATTENTION
Task: {3C1B5682-B556-4CC6-96D1-F9C6E2A14972} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {42920688-A908-40B9-B7F4-993EA58D7254} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-11 No Task File <==== ATTENTION
Task: {53AD9DCA-036A-4FBC-8C8F-42AA87E2BE4A} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user No Task File <==== ATTENTION
Task: {956BA0E2-6C7D-4899-ADF1-D46A1B14B22C} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {CA7CD84E-EB7A-437D-933E-D1329E515D30} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-2 No Task File <==== ATTENTION
Task: {CFC1CF0B-7819-471A-B04B-01F6E31673E0} - System32\Tasks\{2918FF6E-7EBF-41FC-9D61-1F0C54A3E06F} => pcalua.exe -a E:\Epson.exe -d E:\
Task: {D0497BEA-5BC0-49C4-AA6B-33554FC77888} - System32\Tasks\{C00703AD-CE28-4024-A368-E7CBFEB4F7B5} => pcalua.exe -a "C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24HMY81X\epson12688[1].exe" -d C:\Users\Frank\Desktop
Task: {E5A642A2-16D4-48A9-85FC-71ABA050B448} - \DriverUpdate Startup No Task File <==== ATTENTION
Task: {F4038EE8-9478-4BC8-905D-C328632661B8} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-3 No Task File <==== ATTENTION
Task: {F5FC5884-DAE3-4CAD-8823-A9368377F856} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-7 No Task File <==== ATTENTION
Task: {F8888602-1F75-497E-9920-6E06305F5D65} - \94ec019c-72dd-42c2-8eaf-159bb3a68a18-4 No Task File <==== ATTENTION
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3014819020-142153081-3914904618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3014819020-142153081-3914904618-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKU\S-1-5-21-3014819020-142153081-3914904618-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
Winsock: Catalog entry 000000000004 => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk" => key removed successfully
Beep => Service removed successfully
AppMgmt => Service removed successfully
IpInIp => Service removed successfully
lmimirr => Service removed successfully
NwlnkFlt => Service removed successfully
NwlnkFwd => Service removed successfully
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => Service removed successfully
SYMFW => Service removed successfully
SYMNDISV => Service removed successfully
C:\Users\Public\MyWebTattoo.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A83B01C-3BD0-450B-B93A-D05564686F01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A83B01C-3BD0-450B-B93A-D05564686F01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18FCF200-C6D3-428E-BCE3-59D4C5C0F1E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18FCF200-C6D3-428E-BCE3-59D4C5C0F1E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23A80926-9794-4A87-84BF-C9BB3DDCEB09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A80926-9794-4A87-84BF-C9BB3DDCEB09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B169828-A038-4686-B5E1-57F3BA36AF48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B169828-A038-4686-B5E1-57F3BA36AF48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C1B5682-B556-4CC6-96D1-F9C6E2A14972}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C1B5682-B556-4CC6-96D1-F9C6E2A14972}" => key removed successfully
C:\Windows\System32\Tasks\Optimizer Pro Schedule => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{42920688-A908-40B9-B7F4-993EA58D7254}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42920688-A908-40B9-B7F4-993EA58D7254}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-11" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53AD9DCA-036A-4FBC-8C8F-42AA87E2BE4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53AD9DCA-036A-4FBC-8C8F-42AA87E2BE4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{956BA0E2-6C7D-4899-ADF1-D46A1B14B22C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{956BA0E2-6C7D-4899-ADF1-D46A1B14B22C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA7CD84E-EB7A-437D-933E-D1329E515D30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA7CD84E-EB7A-437D-933E-D1329E515D30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFC1CF0B-7819-471A-B04B-01F6E31673E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFC1CF0B-7819-471A-B04B-01F6E31673E0}" => key removed successfully
C:\Windows\System32\Tasks\{2918FF6E-7EBF-41FC-9D61-1F0C54A3E06F} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2918FF6E-7EBF-41FC-9D61-1F0C54A3E06F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0497BEA-5BC0-49C4-AA6B-33554FC77888}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0497BEA-5BC0-49C4-AA6B-33554FC77888}" => key removed successfully
C:\Windows\System32\Tasks\{C00703AD-CE28-4024-A368-E7CBFEB4F7B5} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C00703AD-CE28-4024-A368-E7CBFEB4F7B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5A642A2-16D4-48A9-85FC-71ABA050B448}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5A642A2-16D4-48A9-85FC-71ABA050B448}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4038EE8-9478-4BC8-905D-C328632661B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4038EE8-9478-4BC8-905D-C328632661B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5FC5884-DAE3-4CAD-8823-A9368377F856}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5FC5884-DAE3-4CAD-8823-A9368377F856}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8888602-1F75-497E-9920-6E06305F5D65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8888602-1F75-497E-9920-6E06305F5D65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94ec019c-72dd-42c2-8eaf-159bb3a68a18-4" => key removed successfully

==== End of Fixlog 20:51:50 ====



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 20 July 2015 - 08:03 PM

Yes, that is much better :).

The file you were concerned about is legitimate. Are you currently having any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 July 2015 - 08:11 PM

The printer is still not printing anything that is yellow.  HP said the printer was hijacked.  Is that possible?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 20 July 2015 - 08:13 PM

Is it a wireless printer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 July 2015 - 08:14 PM

No it's USB



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 20 July 2015 - 08:15 PM

I am not a hardware/printer expert but I don't think that is possible. Did HP have you uninstall and reinstall the device?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 chfrank2

chfrank2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 20 July 2015 - 08:19 PM

HP got into my computer and did a bunch of stuff and it was so quick I couldn't tell what he was doing.  After he was done he said my printer was hijacked.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users