Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC sluggish


  • This topic is locked This topic is locked
31 replies to this topic

#1 linda0929

linda0929

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 18 November 2015 - 12:56 PM

I have ran Combo fix and now have a log - is help available to review my log below and assist with any issue? 
 
 
 
ComboFix 15-11-17.01 - Linda 11/18/2015   9:13.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4863.3216 [GMT -5:00]
Running from: c:\users\Linda\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Linda\AppData\Local\Temp\_MEI22282\_ctypes.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\_elementtree.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\_hashlib.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\_multiprocessing.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\_psutil_windows.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\_socket.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\_ssl.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\_yappi.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\common.time34.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\hashobjs_ext.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\pyexpat.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\pysqlite2._sqlite.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\python27.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\pythoncom27.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\PyWinTypes27.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\select.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\unicodedata.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\usb_ext.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32api.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32com.shell.shell.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32crypt.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32event.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32file.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32gui.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32inet.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32pdh.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32pipe.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32process.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32profile.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32security.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\win32ts.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\windows._lib_cacheinvalidation.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._animate.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._controls_.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._core_.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._gdi_.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._html2.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._misc_.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._windows_.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wx._wizard.pyd
c:\users\Linda\AppData\Local\Temp\_MEI22282\wxbase30u_net_vc90.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\wxbase30u_vc90.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\wxmsw30u_adv_vc90.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\wxmsw30u_core_vc90.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\wxmsw30u_html_vc90.dll
c:\users\Linda\AppData\Local\Temp\_MEI22282\wxmsw30u_webview_vc90.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-18 to 2015-11-18  )))))))))))))))))))))))))))))))
.
.
2015-11-18 14:29 . 2015-11-18 14:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-18 13:41 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C51F861-6097-4D21-A742-A5522D1B4BFD}\mpengine.dll
2015-11-18 13:41 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-12 12:21 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:20 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-11 14:19 . 2015-10-20 18:42 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-11 14:15 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-10 22:26 . 2015-11-10 22:26 5286088 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-11-06 17:58 . 2015-11-06 17:58 -------- d-----w- c:\users\Linda\AppData\Local\CEF
2015-11-01 13:01 . 2015-11-01 13:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-10-29 02:53 . 2015-10-29 02:53 -------- d-----w- c:\program files\iPod
2015-10-29 02:53 . 2015-10-29 02:53 -------- d-----w- c:\program files (x86)\iTunes
2015-10-29 02:53 . 2015-10-29 02:54 -------- d-----w- c:\program files\iTunes
2015-10-28 11:23 . 2015-07-01 11:55 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFEA7888-E259-445E-82EE-2F3D9B040849}\gapaengine.dll
2015-10-21 15:17 . 2015-10-21 15:17 -------- d-----w- c:\program files (x86)\Common Files\Sagekey Software
2015-10-21 15:17 . 2015-10-21 16:07 -------- d-----w- c:\program files (x86)\Matilda
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-12 08:14 . 2011-03-15 17:41 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-11-10 22:27 . 2012-04-08 15:04 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-10 22:27 . 2011-06-08 15:29 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-01 13:00 . 2014-10-16 12:25 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-29 17:50 . 2015-11-11 14:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 14:19 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 14:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 14:19 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 14:19 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 14:19 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 14:19 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 14:19 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 14:19 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-27 12:35 . 2013-02-26 14:31 632432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-10-20 00:45 . 2015-11-11 14:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-13 06:29 . 2015-10-13 06:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 06:22 . 2015-10-13 06:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-01 18:06 . 2015-10-14 14:17 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-01 18:04 . 2015-10-14 14:17 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-01 18:00 . 2015-10-14 14:16 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 18:00 . 2015-10-14 14:16 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 18:00 . 2015-10-14 14:16 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 18:00 . 2015-10-14 14:16 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 18:00 . 2015-10-14 14:16 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-14 14:16 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-01 17:00 . 2015-10-14 14:16 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-18 19:22 . 2015-10-15 11:50 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 19:19 . 2015-10-15 11:50 700416 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 19:19 . 2015-10-15 11:50 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 19:19 . 2015-10-15 11:50 503808 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 19:19 . 2015-10-15 11:50 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 19:19 . 2015-10-15 11:50 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 19:09 . 2015-10-15 11:50 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 03:04 . 2015-09-09 10:08 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 10:08 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 10:08 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 10:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 10:08 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 10:08 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 10:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 10:08 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:47 . 2015-09-09 10:08 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 10:08 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 10:09 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 10:09 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 10:08 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 10:08 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 10:08 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 10:08 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 10:08 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 10:08 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-10-27 12:36 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-10-27 12:36 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-10-27 12:36 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-10-12 22568216]
"cdloader"="c:\users\Linda\AppData\Roaming\mjusbsp\cdloader2.exe" [2014-07-04 51592]
"HP Officejet 4630 series (NET)"="c:\program files\hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" [2014-07-21 3487240]
"Spotify Web Helper"="c:\users\Linda\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-11-16 2541160]
"Spotify"="c:\users\Linda\AppData\Roaming\Spotify\Spotify.exe" [2015-11-16 7660648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"lxdqmon.exe"="c:\program files (x86) (x86)\Lexmark Z2400 Series\lxdqmon.exe" [2010-02-04 672424]
"EzPrint"="c:\program files (x86) (x86)\Lexmark Z2400 Series\ezprint.exe" [2010-02-04 107176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-10 336384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-10-13 60688]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Veebeam.lnk - c:\program files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe -hidden [2013-10-24 2539008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys;c:\windows\SYSNATIVE\drivers\urfltv64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 veebeampol;Veebeam Loader Driver Service;c:\windows\system32\DRIVERS\veebeampol.sys;c:\windows\SYSNATIVE\DRIVERS\veebeampol.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 glancedrv;glancedrv;c:\windows\system32\DRIVERS\glancedrv.sys;c:\windows\SYSNATIVE\DRIVERS\glancedrv.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys;c:\windows\SYSNATIVE\DRIVERS\covpnv64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:27]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 17:49]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 17:49]
.
2015-11-16 c:\windows\Tasks\HPCeeScheduleForLinda.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 14:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-10-12 16:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-06-13 18:17 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-06-13 18:17 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-06-13 18:17 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-10-27 12:36 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-10-27 12:36 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-10-27 12:36 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-08-06 508240]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.protopage.com/linda0929
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: alpineaccess.com\vge01
Trusted Zone: ancestry.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-KodakHomeCenter - c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files (x86)\InstallShield Installation Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
AddRemove-Font Installer Packages - c:\users\Linda\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Font Installer Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2015-11-18  12:16:31 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-18 17:16
.
Pre-Run: 868,693,053,440 bytes free
Post-Run: 867,939,057,664 bytes free
.
- - End Of File - - 2E5A3AF56C98D23C492B27761FBF7E84
079D0682CD490BC7164944091CAC6891

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 20 November 2015 - 09:58 PM

Hello linda0929,

 

My name is Ray and I'll be assisting you with your issue. Please give me a few hours to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to be posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

 

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 21 November 2015 - 10:29 AM

Hi linda0929,

Thank you for the ComboFix log. It shows that some unnecessary files have been deleted. I also see some time-consuming items as well as some possible malware.

Please refer to Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.

You can omit steps 3 and 7 on that page, however, do perform the rest of the instructions including the running of the Farbar Recovery Scan Tool (FRST). Please be sure the Addition.txt box is checkmarked.

Note that step 6 refers to two versions of the FRST tool. FRST64 is appropriate for your PC.

I notice that the Lightscribe utility is constantly running on your PC. "Lightscribe is a discontinued optical disc recording technology, created by the Hewlett-Packard Company, that uses specially coated recordable CD and DVD media to produce laser-etched labels with text or graphics, as opposed to stick-on labels and printable discs." If you use Lightscribe only occasionally, I recommend we stop it from launching automatically, and you can start it only when needed.

In your next message to me, please copy and paste the entire text from the FRST.txt and Addition.txt files into the body of your message.


Also, please tell me what applications seem to be abnormally slow.

Thank you.
 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 25 November 2015 - 03:08 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48 hours you have not replied to this thread then it will have to be closed.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 linda0929

linda0929
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 29 November 2015 - 08:49 PM

Ray thank you and yes.... I  just  log in  and found my initial post.  If you would please give me 3 days to work on your instructions.  



#6 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 30 November 2015 - 04:12 AM

Hi linda0929,

If you have any problem following my instructions in Post #3, just ask for clarification. I'm here to help.

Regards,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 linda0929

linda0929
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 02 December 2015 - 09:26 PM

Thanks Ray , so far so good, I am backing up my data this evening and should be at step 6.  Did not realize how long a back up takes!  Again thanks for your help, it is appreciated. 



#8 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 03 December 2015 - 04:14 AM

Hi linda0929,

Thank you for your reply.

Doing regular backups of important files is a very good practice.

Please consider the info presented at these sites:
 

Windows backup – Don’t leave it until it is too late!

 

Back up your files (includes a one minute video)


However, even if backups are not complete, please post the FRST logs in the mean time. Note: copy and paste the logs into the body of your message.

Regards,

Ray




 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 linda0929

linda0929
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 03 December 2015 - 07:54 AM

good morning Ray, here is the frst.txt file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Linda (2015-12-03 07:46:41)
Running from C:\Users\Linda\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-11 17:07:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1852320340-3763420829-3560972882-500 - Administrator - Disabled)
Guest (S-1-5-21-1852320340-3763420829-3560972882-501 - Limited - Disabled)
Linda (S-1-5-21-1852320340-3763420829-3560972882-1001 - Administrator - Enabled) => C:\Users\Linda
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.1.110 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Ancestry World Archives Project - Keying Tool (HKLM-x32\...\{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}) (Version: 1.1.0102 - Ancestry.com)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8E9405C3-4A81-A757-1670-56B202B46F3C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.821.0 - ATI Technologies) Hidden
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2014.1120.2109 - F5 Networks, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blockbuster On Demand (HKLM-x32\...\{52E41739-9696-4E19-8C64-C2FC54B66B08}) (Version: 2.7.162 - Echostar)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.379 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.379 - Ancestry.com) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.383 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.383 - Ancestry.com, Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Glance 2.9 (HKLM-x32\...\Glance_is1) (Version:  - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
HydraVision (x32 Version: 4.2.188.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
Legacy 7.5 (HKLM-x32\...\Legacy 7.5) (Version: 7.5  - Millennia Corporation)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Living Cookbook 2015 (HKLM-x32\...\Living Cookbook 2015) (Version: 5.0.85 - Radium Technologies, Inc.)
Living Cookbook 2015 (x32 Version: 5.0.85 - Radium Technologies) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
magicJack (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Photo Editor (HKLM-x32\...\Microsoft Photo Editor_is1) (Version:  - Microsoft, Inc.)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Spotify (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Veebeam (HKLM-x32\...\{F1510D0A-AD9F-4810-A191-E9A5C706B115}) (Version: 1.1.44725 - Veebeam Ltd)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Restore Points =========================
 
20-11-2015 09:50:47 Windows Update
23-11-2015 11:02:48 Windows Update
26-11-2015 20:52:14 Windows Update
30-11-2015 20:08:56 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-06-11 08:20 - 2015-11-24 07:26 - 00000025 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01B7E4FD-AE49-4309-B6C5-3AFB34933D48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {04904F23-7116-47FC-9735-11A0D992BE76} - System32\Tasks\{E8E3D317-9CC6-46AC-A032-AF32BCBE194B} => C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [2010-10-10] ()
Task: {09BE9BC2-A2E0-41F4-A6CC-411288E24429} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {0EA4307C-6AB7-45D5-B102-BE7B2A0EB2FC} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {122CBE5E-9B46-468C-84AD-DDF31D24CC45} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {18A8B41C-BE21-4C1F-9F5D-73D643CD13A6} - System32\Tasks\{B9864AD1-74B8-4051-95FB-79DFA3E9F670} => pcalua.exe -a E:\setup.exe -d E:\
Task: {1C7028A1-E480-455D-A427-F17C2F60F36D} - System32\Tasks\{1BBD8E10-3A78-433C-9A1C-4E19CC1503DC} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {1CB32ECF-5833-4B53-98FD-AE09A55F3ABC} - System32\Tasks\{A31F0E56-9C0B-42A3-BB2A-3F07413F90BF} => pcalua.exe -a "C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86N8K03T\MFInstall[1].exe" -d C:\Users\Linda\Desktop
Task: {285F40A2-F939-4D52-AB99-EBC4B22D8F47} - \LaunchApp -> No File <==== ATTENTION
Task: {2D687E65-9D06-448F-9271-D831F5D368D9} - System32\Tasks\HP AR Program Upload - 30c5ebd4bf9347c3a9957b28fa633605dd879b5454fd468bbc66b5571abe943e => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {39DD82D1-B578-45C0-84FA-E21A43687421} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {3A94F5CA-0856-40C2-A4A3-B557EFB33898} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {49D73EA6-95CF-4998-9746-E47FA6D4F4B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {4EEC1415-5DA8-4CD4-86DB-6A8323CBBDB0} - System32\Tasks\{772AAFC1-0B96-4BF1-B751-0A2FAECE56DA} => pcalua.exe -a "C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFVYRQOF\PC_Health_Check[1].exe" -d C:\Users\Linda\Desktop
Task: {52237EBF-77AA-4D5D-AB20-01A5755DB8D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {5EAAD13D-1B5A-499B-99C3-FF281E1953AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {75AA29EE-2E38-4E31-B81E-911B3B8DE175} - System32\Tasks\{0B4B3F91-C0C5-412C-942D-C4F133024095} => pcalua.exe -a "C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFVUALHF\application_HTC_USB_Tethering_Driver[1].exe" -d C:\Users\Linda\Desktop
Task: {81E6F687-D073-41B4-B3D5-033C199481BC} - System32\Tasks\HP AR Program Upload - e0d12dd47b9b4283bd69522f08e32afa4298ff4bb06541f9bc1838638e844a03 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {86FE5103-0A19-4A4F-9AED-E6714A36F5CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8DFDAC23-8E67-4877-AD1A-048AFED0E7E7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {9EC27666-9586-408D-811A-5EB64993CE24} - System32\Tasks\{8E0C1184-E10E-424B-AA23-C8E82FAE8D3C} => C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [2010-10-10] ()
Task: {A0BED904-F895-4EE3-9DDE-5BB8C382D527} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {A19A8CEE-3F46-4A27-9C50-D48F0E8B88BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {A1A92A40-A2E5-4CF1-B688-43CFA9E65579} - System32\Tasks\HP AR Program Upload - 6e84c216b0fa467abae70453820d0f839f8676d7337d4044ab4b4fea7c1b68aa => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {A4796212-5390-4D69-BE06-38836B75F0BA} - System32\Tasks\{823AF92E-FDB9-4B86-9FF5-86823FD10C47} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {AA4066D8-0C30-41B8-ACFA-16448015A3E2} - System32\Tasks\{81130310-09E4-4BEB-99CF-FAF972EC2C3A} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {B0B45963-F554-46FE-A14D-CF5F7B137F6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {B631D1A6-81F6-49D8-9A0F-4F2D026D7263} - System32\Tasks\{DDFBF312-F2C6-4984-95D7-37E0EADF061D} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {BBE5AE8E-D5A7-4E6C-A5EE-AE3F38DC67C6} - System32\Tasks\HPCeeScheduleForLinda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {CF94E2DD-19A1-4705-8B45-3FE73E2F1C42} - System32\Tasks\HP AR Program Upload - 6122a700eda9418295f1478bb1c0a441f0a80bf2bac44f3dbccd5f6cc15aa52d => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {D87149E7-2312-4603-A4BF-6354AEEA4F28} - System32\Tasks\HP AR Program Upload - ca59a8315bf24e7d93ccaaac1627b5543ba3cce964e946a4ba27e345134cebaf => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {DE4938B5-155E-4642-9C82-E64E7B92FD53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {E1C4813A-75D9-46AA-B157-EA8D88A36A2E} - System32\Tasks\AdobeAAMUpdater-1.0-Linda-HP-Linda => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {E364BE34-4D57-4635-866E-7A73176B429A} - System32\Tasks\HP AR Program Upload - 3b26e4b61ebb40c5ab510aeb26c11badf0f191082d2145a9b8943203b2376402 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {E7868895-43D0-4A70-9592-E6B0CD52CD95} - System32\Tasks\{D96E8924-A44C-484A-AC32-F849D224AC90} => C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [2010-10-10] ()
Task: {EB0F74DC-7FF0-4127-9BF8-4A482C95BBE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {EB8363D9-DC4D-4410-A8F1-CD60CB8BA5A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {EF9510A8-CF44-4BDD-AEF8-061D067DB536} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {F482F861-BE4C-48F2-AF8D-588EA282F886} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F5B7147F-14A9-414A-9614-A58280EFE801} - System32\Tasks\{CFFE8EB7-22E7-420C-9B7E-0B00432092BA} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {FFBA2B8C-42DC-4DD6-9AFE-68165C656539} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLinda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=quickenfc&pf=cndt&locale=en_us&bd=pavilion&c=104 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=hp_softwarestore&pf=cndt&locale=en_us&bd=all&c=104 <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-13 13:17 - 2015-06-13 13:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-27 07:36 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-03-09 21:59 - 2011-03-09 21:59 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-03-21 07:30 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-24 14:30 - 2013-10-24 14:30 - 02539008 _____ () C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe
2011-03-09 22:00 - 2011-03-09 22:00 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-09 22:05 - 2011-03-09 22:05 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 13:20 - 2011-03-14 13:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-12-02 21:59 - 2015-11-24 13:12 - 01971528 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-02 21:59 - 2015-11-24 13:12 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
2011-07-23 15:25 - 2007-08-08 15:55 - 00364544 _____ () C:\Program Files (x86) (x86)\Lexmark Z2400 Series\iptk.dll
2011-07-23 15:25 - 2007-07-09 23:45 - 00151552 _____ () C:\Program Files (x86) (x86)\Lexmark Z2400 Series\lxdqptp.dll
2013-10-24 09:39 - 2013-10-24 09:39 - 00906752 _____ () C:\Program Files (x86)\Veebeam\VeebeamApp\libx264-x86.dll
2013-10-24 09:39 - 2013-10-24 09:39 - 01537655 _____ () C:\Program Files (x86)\Veebeam\VeebeamApp\libsamplerate-0.dll
2015-11-27 09:52 - 2015-11-27 09:52 - 00098816 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32api.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00110080 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\pywintypes27.dll
2015-11-27 09:52 - 2015-11-27 09:52 - 00364544 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\pythoncom27.dll
2015-11-27 09:52 - 2015-11-27 09:52 - 00046080 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_socket.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 01208320 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_ssl.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00320512 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32com.shell.shell.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00776704 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_hashlib.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 01176576 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._core_.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00806400 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._gdi_.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00816128 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._windows_.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 01067008 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._controls_.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00733184 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._misc_.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00682496 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\pysqlite2._sqlite.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00088064 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_ctypes.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00119808 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32file.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00108544 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32security.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00007168 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\hashobjs_ext.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00017920 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\thumbnails_ext.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00079360 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\usb_ext.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00167936 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32gui.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00018432 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32event.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00128512 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_elementtree.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00127488 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\pyexpat.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00013824 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\common.time34.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00036864 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_psutil_windows.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00038912 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32inet.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00525640 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\windows._lib_cacheinvalidation.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00011264 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32crypt.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00077312 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._html2.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00027136 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_multiprocessing.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00020480 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\_yappi.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00035840 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32process.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00686080 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\unicodedata.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00123392 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._wizard.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00024064 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32pipe.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00010240 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\select.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00025600 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32pdh.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00017408 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32profile.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00022528 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\win32ts.pyd
2015-11-27 09:52 - 2015-11-27 09:52 - 00078848 _____ () C:\Users\Linda\AppData\Local\Temp\_MEI23002\wx._animate.pyd
2010-09-28 14:00 - 2010-09-28 14:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\alpineaccess.com -> hxxps://vge01.alpineaccess.com
IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\ancestry.com -> ancestry.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Spotify => "C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Linda\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CDAEEB6F-8D6C-42AB-95FC-CC6E629AEBCF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{B9C56E44-8694-44B5-9393-B618921AE88D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{72E82170-20A4-4D76-A257-B6602B46AC9E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{668BFDAD-0F5F-4935-BD8D-7230B73B2556}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{AC4809C7-B974-4D22-AA68-69F272A78F0A}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{6D6CAE87-C6D8-4AB8-98E9-7DB17D6955C6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{F10AC8FD-9A9B-41DE-8384-6BEC33D8B3F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{A7EB5645-DAA2-4E84-A53E-BB87777A54B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{E0F96C15-A300-476C-BA42-4C1EC4D1C84E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{5C6D8504-587C-4F4A-8D9B-82D3073F3B62}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{021DE7D7-1146-4956-B1C9-6301F0D644CC}] => (Allow) svchost.exe
FirewallRules: [{90A8F4D7-7DAE-4C73-93D8-705CD8736465}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{81DD6621-6228-4EA4-85E7-C53B367523DE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C078EEEE-34AD-42D1-892A-26ADE497BCB0}] => (Allow) LPort=2869
FirewallRules: [{811DB6FF-9DD5-4C11-98C6-5BCAC2DA328B}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{F03B0AE7-E4CB-4B0F-BE84-71C2FFEC7B3C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{1BB29D2E-E3B6-47C6-956E-672CB467DC99}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{8DEFA216-B11E-4ABA-8C40-CF7C88F9AA0D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{97675147-645B-4A8C-B5C3-5C6BEE98D0CF}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{07948C03-06D3-4439-B4BC-32A7F3F52555}] => (Allow) LPort=5353
FirewallRules: [{B71E8438-8E4B-4430-9A94-B84B127CF07C}] => (Allow) C:\Program Files (x86) (x86)\Lexmark Z2400 Series\lxdqmon.exe
FirewallRules: [{0257D7A2-CFBB-4A86-B6B2-93CC180822A9}] => (Allow) C:\Program Files (x86) (x86)\Lexmark Z2400 Series\lxdqmon.exe
FirewallRules: [{5D65BF53-2F44-47DA-94B0-22B96299122C}] => (Allow) LPort=5353
FirewallRules: [{CF2CA0BB-A325-489F-9815-96BA52D9B081}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{770743C9-11E0-4361-A3E4-ED41DF78A3D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{386EED47-2FC3-4D27-BBF8-2A657DA55E6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A80BEBC0-5B45-443D-9644-A3C3DEBB8E7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{21C5F2BD-1998-40AD-8033-E28C78BCDE27}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\linda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{173AFB37-8210-47F2-BC57-8C67F32C23E6}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\linda\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5DA142C0-9496-4BE1-A787-3570EBFB0FCF}E:\bin\nssapp.exe] => (Allow) E:\bin\nssapp.exe
FirewallRules: [UDP Query User{0DD442FA-ACAC-495A-8CE2-7C154BE404B9}E:\bin\nssapp.exe] => (Allow) E:\bin\nssapp.exe
FirewallRules: [TCP Query User{0CB0324A-7615-48B5-BA37-244121AEF3AF}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\linda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B20A4647-B811-40B3-B924-562B1859C343}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\linda\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4E2EC66A-1AFF-40A3-8AD8-5629403D967C}] => (Allow) LPort=9322
FirewallRules: [{3E573C3C-6D87-4FE0-8897-8CDDA606B4AA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [TCP Query User{E28AE1B4-C542-4ECA-B003-475DAB25CD4A}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{777F0956-7D02-4396-9A9F-08AC1425C62D}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{79BFDACE-EE20-4F4B-B4B3-C2D1474F2658}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{4F7AE23B-8361-463A-8EA1-7C40C66FA4F9}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{AA2090BE-CC4B-4CFE-8C61-9BCE5F482D7F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{7C6E8AC2-68BC-4F66-98B4-BD0BA3EB64B9}C:\programdata\blockbuster on demand\blockbusterondemand.exe] => (Allow) C:\programdata\blockbuster on demand\blockbusterondemand.exe
FirewallRules: [UDP Query User{4E8EF54F-3150-4FE6-9F21-D6F0645915AD}C:\programdata\blockbuster on demand\blockbusterondemand.exe] => (Allow) C:\programdata\blockbuster on demand\blockbusterondemand.exe
FirewallRules: [{D8D16B86-F2F9-47F6-881C-830C7F9B8B87}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe
FirewallRules: [{E004476B-7F54-40D2-B7EC-D314203058AC}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe
FirewallRules: [{10058F48-B06B-4B24-9651-3B507B5DE963}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe
FirewallRules: [{F2E17819-0A4A-4689-9DC2-6EDCB085FBCE}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe
FirewallRules: [TCP Query User{4E5A5B10-0934-4D7B-AA2B-1DB7FB7F619D}C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe] => (Block) C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe
FirewallRules: [UDP Query User{B5BAD660-415E-4F8B-A1C2-7559E891899C}C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe] => (Block) C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe
FirewallRules: [{84D18268-5EE3-4B75-9C3C-08F645EDB2E2}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS45E5\HPDiagnosticCoreUI.exe
FirewallRules: [{6E9D84CF-5DD9-4E9B-BD59-EDEB53E60FD3}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS45E5\HPDiagnosticCoreUI.exe
FirewallRules: [{6C0E9230-6DFB-4A9D-8BC1-C8A3F133901A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{AF8D3954-D209-4AB6-8416-D8FD8D3765C8}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{7E13FAB0-FE51-44FA-B91D-0BE17827EADB}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{718A7CC5-630B-46AF-B8C7-6B09B56E4264}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{8E96458A-68A8-47E2-ACC4-76252ED400A2}] => (Allow) LPort=5357
FirewallRules: [{4697EEF5-197C-41CC-B05C-CF5C8DD5E45D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AD5E3D6E-8679-4CBB-A6FC-0317AD5E5F32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1270541E-4B0D-4D09-A660-EF5A085A3A50}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A02E04C5-FD65-4A08-BF3D-B15584137219}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1DB63A8-CB87-49C2-A330-EA34069BEB73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F3DF141-7533-414D-B29F-D1AC1B35DFBB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{56F937CD-2B13-4744-88D3-CFED341C386D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{15602061-2BD5-4F3B-B5DD-AAF64B2D096C}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D27\HPDiagnosticCoreUI.exe
FirewallRules: [{B416759B-8FC8-4AA6-8ED4-71A2A85FC3E0}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D27\HPDiagnosticCoreUI.exe
FirewallRules: [{08DD9DFF-5EAE-4E8A-A410-BE9649B7B5A1}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D69\HPDiagnosticCoreUI.exe
FirewallRules: [{D4FD1D84-ECE1-48F2-80DD-0D10DBE50310}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D69\HPDiagnosticCoreUI.exe
FirewallRules: [{9DF32B93-947E-489E-96BD-B13DEBD10EF6}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS35A9\HPDiagnosticCoreUI.exe
FirewallRules: [{9A640C93-8949-4D48-89AC-E94DB909F7D1}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS35A9\HPDiagnosticCoreUI.exe
FirewallRules: [{7482DFBD-A83A-431F-A667-DF9B17574730}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{69E6EE53-EF51-4FD7-9AE5-F64504910C4C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5CFBF050-0602-4D60-8AE7-AD7183597F3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{09B8C20F-85A3-4EE6-8D8B-3387F0D1F10E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6B929133-BA0D-4DF5-A95B-B25B170D59F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/03/2015 00:08:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (12/03/2015 00:05:55 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/02/2015 07:34:47 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.
 
Error: (12/02/2015 06:20:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x4dc
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (12/02/2015 03:44:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x1d74
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (12/02/2015 02:56:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x1d98
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (12/02/2015 02:56:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x18d8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (12/02/2015 01:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x1cfc
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (12/02/2015 08:47:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (12/02/2015 08:44:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/29/2015 08:45:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.26.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/29/2015 08:45:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.211.1188.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/29/2015 08:45:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.211.1188.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/29/2015 08:45:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.211.1188.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/27/2015 10:02:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (11/27/2015 10:02:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (11/27/2015 09:54:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/27/2015 09:53:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.0 service failed to start due to the following error: 
%%3
 
Error: (11/27/2015 09:50:33 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {29876C13-B9A8-4D5E-A545-F15B3C1FD359}
 
Error: (11/27/2015 09:50:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 
CodeIntegrity:
===================================
  Date: 2015-11-18 09:21:48.415
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-18 09:21:48.352
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 45%
Total physical RAM: 4863.29 MB
Available physical RAM: 2652.73 MB
Total Virtual: 9724.78 MB
Available Virtual: 6772.32 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.45 GB) (Free:697.8 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.96 GB) (Free:1.46 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6E947156)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 04 December 2015 - 09:34 AM


Hi linda0929,

Thank you for that log. It is the second of two logs produced by the FRST scan. You sent me Addition.txt. You will find FRST.txt in the same location as Addition.txt.

Please copy and paste the entire contents of FRST.txt into your next message to me.

In your normal use of this PC, please tell me what applications seem to be abnormally slow. It may be useful to see what applications are using the most memory and which are using the most processing power. When your PC seems most sluggish, please do the following:

  • Press your Start key.
  • Enter taskmgr into the search window, and press Enter.
  • When the Windows Task Manager window opens, click the Processes tab.
  • Checkmark the Show processes from all users box near the bottom of the window.
  • Click the CPU column heading to sort the processes, and tell me the image names of the top three processes that are using the most CPU time.
  • Click the Memory column heading, and tell me the image names of the top three processes that are using the most memory.

In your next message to me, please include:

  • The contents of the FRST.txt file.
  • The image names of the three biggest users of CPU time and memory.

Thank you,

Ray


 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 linda0929

linda0929
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 04 December 2015 - 07:37 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Linda (administrator) on LINDA-HP (03-12-2015 07:44:59)
Running from C:\Users\Linda\Downloads
Loaded Profiles: Linda (Available Profiles: Linda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Spotify Ltd) C:\Users\Linda\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lexmark International Inc.) C:\Program Files (x86) (x86)\Lexmark Z2400 Series\ezprint.exe
() C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\hp\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [lxdqmon.exe] => C:\Program Files (x86) (x86)\Lexmark Z2400 Series\lxdqmon.exe [672424 2010-02-04] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark Z2400 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Run: [cdloader] => C:\Users\Linda\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Run: [Spotify Web Helper] => C:\Users\Linda\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-11-15] (Spotify Ltd)
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Run: [Spotify] => C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-11-15] (Spotify Ltd)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Veebeam.lnk [2014-09-13]
ShortcutTarget: Veebeam.lnk -> C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{FA1204F1-7136-433C-9662-ED5517BF784C}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.protopage.com/linda0929
SearchScopes: HKLM -> DefaultScope {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {630E967D-2720-4481-BC12-4EF54DDD641B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {BF8B6B74-025D-48FF-BF15-8118EF25D913} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {DC85C71F-3013-4AEA-8300-51161FC6CEAD} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {630E967D-2720-4481-BC12-4EF54DDD641B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BF8B6B74-025D-48FF-BF15-8118EF25D913} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {DC85C71F-3013-4AEA-8300-51161FC6CEAD} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001 -> {630E967D-2720-4481-BC12-4EF54DDD641B} URL = 
SearchScopes: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001 -> {6EFC6DD3-4FE7-40DC-B143-3219A07C2CED} URL = 
SearchScopes: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001 -> {BF8B6B74-025D-48FF-BF15-8118EF25D913} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} hxxps://vge01.alpineaccess.com/public/download/urxvpn.cab#version=7091,2014,1120,2109
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} hxxps://vge01.alpineaccess.com/public/download/f5tunsrv.cab#version=7091,2014,1120,2109
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} hxxps://vge01.alpineaccess.com/public/download/f5InspectionHost.cab#7091,2014,1120,2109
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} hxxps://vge01.alpineaccess.com/public/download/urxshost.cab#7091,2014,1120,2109
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} hxxps://vge01.alpineaccess.com/public/download/urxhost.cab#version=7091,2014,1120,2109
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-12-17] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1852320340-3763420829-3560972882-1001: @hulu.com/Hulu Desktop -> C:\Users\Linda\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-03-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-29] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig?hl=en
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Learn French - Très Bien) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2014-09-19]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-03]
CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-09-19]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Full Screen Weather) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pin It Button) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-23]
CHR Extension: (Ancestry Family Search Extension) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahjgikepkkgkinlhipagkkdgfbobphh [2015-06-13]
CHR Extension: (Crackle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-08]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-09-19]
CHR Extension: (Do Not Disturb!) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2015-04-12]
CHR Extension: (Free Website Builder & Design Engine - Breezi) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcddmlaijhcifebdodoofgaojgnahlhk [2014-09-19]
CHR Extension: (PDF to Word Converter App) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2014-09-19]
CHR Extension: (Walmart Deals App) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\khopmdnhncdeojhcdpelanocficgdfng [2015-10-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Viewster - Watch Free Movies Online) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh [2014-09-19]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-04-27] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [30952 2014-11-20] (F5 Networks, Inc.)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2013-12-11] (F5 Networks, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 veebeampol; C:\Windows\System32\DRIVERS\veebeampol.sys [14952 2013-10-24] (Veebeam Corporation)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 07:44 - 2015-12-03 07:45 - 00029682 _____ C:\Users\Linda\Downloads\FRST.txt
2015-12-03 07:44 - 2015-12-03 07:44 - 02350080 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2015-12-03 07:44 - 2015-12-03 07:44 - 00000000 ____D C:\FRST
2015-12-02 20:43 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.171
2015-12-02 20:43 - 2015-12-02 21:58 - 44372480 _____ C:\Users\Linda\Documents\Drive_C.172
2015-12-02 20:42 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.170
2015-12-02 20:42 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.169
2015-12-02 20:42 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.168
2015-12-02 20:41 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.167
2015-12-02 20:41 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.166
2015-12-02 20:40 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.165
2015-12-02 20:40 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.164
2015-12-02 20:39 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.163
2015-12-02 20:39 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.162
2015-12-02 20:38 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.161
2015-12-02 20:38 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.160
2015-12-02 20:37 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.159
2015-12-02 20:36 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.158
2015-12-02 20:34 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.157
2015-12-02 20:33 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.156
2015-12-02 20:33 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.155
2015-12-02 20:32 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.154
2015-12-02 20:32 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.153
2015-12-02 20:32 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.152
2015-12-02 20:31 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.151
2015-12-02 20:30 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.150
2015-12-02 20:30 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.149
2015-12-02 20:29 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.148
2015-12-02 20:29 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.147
2015-12-02 20:28 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.146
2015-12-02 20:27 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.145
2015-12-02 20:27 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.144
2015-12-02 20:26 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.143
2015-12-02 20:26 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.142
2015-12-02 20:25 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.141
2015-12-02 20:25 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.140
2015-12-02 20:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.139
2015-12-02 20:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.138
2015-12-02 20:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.137
2015-12-02 20:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.136
2015-12-02 20:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.135
2015-12-02 20:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.134
2015-12-02 20:23 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.133
2015-12-02 20:23 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.132
2015-12-02 20:23 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.131
2015-12-02 20:22 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.130
2015-12-02 20:22 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.129
2015-12-02 20:22 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.128
2015-12-02 20:21 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.127
2015-12-02 20:20 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.126
2015-12-02 20:20 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.125
2015-12-02 20:19 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.124
2015-12-02 20:19 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.123
2015-12-02 20:18 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.122
2015-12-02 20:17 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.121
2015-12-02 20:17 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.120
2015-12-02 20:16 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.119
2015-12-02 20:15 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.118
2015-12-02 20:15 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.117
2015-12-02 20:14 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.116
2015-12-02 20:14 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.115
2015-12-02 20:13 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.114
2015-12-02 20:13 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.113
2015-12-02 20:12 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.112
2015-12-02 20:11 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.111
2015-12-02 20:11 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.110
2015-12-02 20:10 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.109
2015-12-02 20:10 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.108
2015-12-02 20:09 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.107
2015-12-02 20:08 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.106
2015-12-02 20:08 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.105
2015-12-02 20:07 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.104
2015-12-02 20:06 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.103
2015-12-02 20:06 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.102
2015-12-02 20:05 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.101
2015-12-02 20:04 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.100
2015-12-02 20:04 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.099
2015-12-02 20:03 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.098
2015-12-02 20:03 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.097
2015-12-02 20:02 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.096
2015-12-02 20:01 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.095
2015-12-02 20:01 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.094
2015-12-02 20:00 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.093
2015-12-02 20:00 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.092
2015-12-02 19:59 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.091
2015-12-02 19:58 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.090
2015-12-02 19:58 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.089
2015-12-02 19:57 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.088
2015-12-02 19:56 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.087
2015-12-02 19:56 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.086
2015-12-02 19:55 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.085
2015-12-02 19:54 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.084
2015-12-02 19:54 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.083
2015-12-02 19:53 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.082
2015-12-02 19:53 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.081
2015-12-02 19:52 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.080
2015-12-02 19:51 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.079
2015-12-02 19:51 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.078
2015-12-02 19:50 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.077
2015-12-02 19:50 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.076
2015-12-02 19:49 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.075
2015-12-02 19:48 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.074
2015-12-02 19:48 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.073
2015-12-02 19:47 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.072
2015-12-02 19:47 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.071
2015-12-02 19:46 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.070
2015-12-02 19:45 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.069
2015-12-02 19:45 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.068
2015-12-02 19:44 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.067
2015-12-02 19:44 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.066
2015-12-02 19:43 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.065
2015-12-02 19:42 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.064
2015-12-02 19:42 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.063
2015-12-02 19:41 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.062
2015-12-02 19:41 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.061
2015-12-02 19:40 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.060
2015-12-02 19:39 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.059
2015-12-02 19:39 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.058
2015-12-02 19:38 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.057
2015-12-02 19:38 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.056
2015-12-02 19:37 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.055
2015-12-02 19:36 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.054
2015-12-02 19:36 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.053
2015-12-02 19:35 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.052
2015-12-02 19:34 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.051
2015-12-02 19:33 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.050
2015-12-02 19:33 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.049
2015-12-02 19:32 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.048
2015-12-02 19:31 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.047
2015-12-02 19:31 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.046
2015-12-02 19:30 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.045
2015-12-02 19:29 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.044
2015-12-02 19:29 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.043
2015-12-02 19:28 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.042
2015-12-02 19:27 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.041
2015-12-02 19:27 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.040
2015-12-02 19:27 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.039
2015-12-02 19:27 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.038
2015-12-02 19:26 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.037
2015-12-02 19:26 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.036
2015-12-02 19:26 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.035
2015-12-02 19:26 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.034
2015-12-02 19:25 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.033
2015-12-02 19:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.032
2015-12-02 19:24 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.031
2015-12-02 19:23 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.030
2015-12-02 19:23 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.029
2015-12-02 19:22 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.028
2015-12-02 19:21 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.027
2015-12-02 19:21 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.026
2015-12-02 19:20 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.025
2015-12-02 19:19 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.024
2015-12-02 19:19 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.023
2015-12-02 19:18 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.022
2015-12-02 19:17 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.021
2015-12-02 19:17 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.020
2015-12-02 19:16 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.019
2015-12-02 19:15 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.018
2015-12-02 19:15 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.017
2015-12-02 19:14 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.016
2015-12-02 19:13 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.015
2015-12-02 19:13 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.014
2015-12-02 19:12 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.013
2015-12-02 19:11 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.012
2015-12-02 19:11 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.011
2015-12-02 19:10 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.010
2015-12-02 19:09 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.009
2015-12-02 19:08 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.008
2015-12-02 19:07 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.007
2015-12-02 19:06 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.006
2015-12-02 19:05 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.005
2015-12-02 19:04 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.004
2015-12-02 19:03 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.003
2015-12-02 19:02 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.002
2015-12-02 19:00 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.001
2015-12-02 18:59 - 2015-12-02 21:58 - 688128000 _____ C:\Users\Linda\Documents\Drive_C.dat
2015-12-02 18:59 - 2015-12-02 21:58 - 105974056 _____ C:\Users\Linda\Documents\Drive_C.xml
2015-12-02 18:56 - 2015-12-02 18:56 - 00001073 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2015-12-02 18:56 - 2015-12-02 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2015-12-02 18:56 - 2015-12-02 18:56 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2015-12-02 18:55 - 2015-12-02 18:56 - 02026456 _____ C:\Users\Linda\Downloads\dixmlsetup.exe
2015-12-02 18:39 - 2015-12-02 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-12-02 18:39 - 2015-12-02 18:39 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2015-12-02 18:33 - 2015-12-02 18:33 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Linda\Downloads\cbSetup (1).exe
2015-12-02 18:32 - 2015-12-02 18:33 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Linda\Downloads\cbSetup.exe
2015-12-01 19:52 - 2015-12-01 19:52 - 00165695 _____ C:\Users\Linda\Desktop\mikasa order..pdf
2015-11-29 18:47 - 2015-11-29 18:47 - 00948768 _____ C:\Users\Linda\Downloads\CR-CL-5052-0715_Wilson.pdf
2015-11-29 08:48 - 2015-11-29 08:48 - 01167893 _____ C:\Users\Linda\Downloads\2015-06-14.pdf
2015-11-28 09:17 - 2015-11-28 09:17 - 01240642 _____ C:\Users\Linda\Downloads\2015-11-14 (1).pdf
2015-11-28 09:14 - 2015-11-28 09:14 - 01240642 _____ C:\Users\Linda\Downloads\2015-11-14.pdf
2015-11-25 07:32 - 2015-11-25 07:32 - 00272085 _____ C:\Users\Linda\Downloads\The_Robesonian_Tue__Feb_8__1955_.pdf
2015-11-24 08:13 - 2015-11-24 08:13 - 00003995 _____ C:\Users\Linda\.recently-used.xbel
2015-11-23 13:33 - 2015-11-23 13:33 - 00000000 ____D C:\Users\Linda\AppData\Local\{B95F0B2E-C1AE-493F-A755-E2F2DF7DC97B}
2015-11-22 19:58 - 2015-11-30 06:31 - 00000000 ____D C:\Users\Linda\Desktop\POPE STUFF
2015-11-21 14:22 - 2015-11-21 14:22 - 00002145 _____ C:\Users\Linda\Desktop\Google Chrome.lnk
2015-11-20 15:43 - 2015-11-20 15:43 - 00002962 _____ C:\Windows\System32\Tasks\{E8E3D317-9CC6-46AC-A032-AF32BCBE194B}
2015-11-20 15:43 - 2015-11-20 15:43 - 00002962 _____ C:\Windows\System32\Tasks\{D96E8924-A44C-484A-AC32-F849D224AC90}
2015-11-20 15:43 - 2015-11-20 15:43 - 00002962 _____ C:\Windows\System32\Tasks\{8E0C1184-E10E-424B-AA23-C8E82FAE8D3C}
2015-11-19 09:14 - 2015-11-19 09:14 - 00000000 ____D C:\Users\Linda\Documents\HpReg_Backup
2015-11-18 22:03 - 2015-11-18 22:04 - 170428968 _____ C:\Users\Linda\Downloads\OJ4630_198.exe
2015-11-18 22:01 - 2015-11-18 22:01 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\Linda\Downloads\HPSupportSolutionsFramework-12.0.30.219 (3).exe
2015-11-18 22:01 - 2015-11-18 22:01 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\Linda\Downloads\HPSupportSolutionsFramework-12.0.30.219 (2).exe
2015-11-18 22:00 - 2015-11-18 22:00 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\Linda\Downloads\HPSupportSolutionsFramework-12.0.30.219 (1).exe
2015-11-18 21:59 - 2015-11-18 22:00 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\Linda\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-11-18 12:23 - 2015-11-18 12:23 - 00025091 _____ C:\Users\Linda\Desktop\ComboFix.txt
2015-11-18 12:16 - 2015-11-18 12:16 - 00025091 _____ C:\ComboFix.txt
2015-11-18 09:07 - 2015-11-18 09:07 - 05639131 _____ (Swearware) C:\Users\Linda\Downloads\ComboFix (1).exe
2015-11-15 20:27 - 2015-11-15 20:27 - 00106518 _____ C:\Users\Linda\Desktop\Patagonia - Order Receipt.pdf
2015-11-15 11:59 - 2015-11-15 11:59 - 00084940 _____ C:\Users\Linda\Desktop\Guitar Center _ Checkout _ Order Confirmation.pdf
2015-11-15 09:53 - 2015-11-15 09:53 - 00002193 _____ C:\Users\Linda\Desktop\HP Support Assistant.lnk
2015-11-15 09:53 - 2015-11-15 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-13 08:14 - 2015-11-13 08:14 - 00302106 _____ C:\Users\Linda\Documents\Scan0012.pdf
2015-11-12 07:21 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 12:17 - 2015-11-11 12:17 - 01194065 _____ C:\Users\Linda\Desktop\Moore Wedding 2.pdf
2015-11-11 12:16 - 2015-11-11 12:16 - 01072238 _____ C:\Users\Linda\Desktop\Moore Wedding 1.PDF
2015-11-11 09:21 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 09:21 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 09:21 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 09:21 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 09:21 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 09:21 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 09:21 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 09:21 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 09:21 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 09:21 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 09:21 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 09:21 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 09:21 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 09:21 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 09:21 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 09:21 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 09:21 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 09:21 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 09:21 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 09:21 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 09:21 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 09:21 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 09:21 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 09:21 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 09:21 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 09:21 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 09:21 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 09:21 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 09:21 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 09:21 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 09:21 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 09:21 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 09:21 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 09:21 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 09:21 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 09:21 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 09:21 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 09:21 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 09:21 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 09:21 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 09:21 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 09:21 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 09:21 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 09:21 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 09:21 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 09:21 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 09:21 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 09:21 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 09:21 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 09:21 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 09:21 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 09:21 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 09:21 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 09:21 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 09:21 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 09:21 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 09:21 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 09:21 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 09:21 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 09:21 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 09:21 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 09:21 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 09:21 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 09:21 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 09:20 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 09:20 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 09:20 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 09:20 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 09:20 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 09:20 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 09:20 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 09:20 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 09:20 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 09:20 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 09:20 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 09:20 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 09:20 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 09:20 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 09:20 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 09:20 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 09:20 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 09:20 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 09:20 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 09:20 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 09:20 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 09:20 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 09:20 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 09:20 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 09:20 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 09:20 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 09:20 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 09:20 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 09:20 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 09:20 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 09:20 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 09:20 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 09:20 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 09:20 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 09:20 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 09:20 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 09:20 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 09:19 - 2015-11-11 09:19 - 00001154 _____ C:\Users\Linda\Desktop\ComboFix - Shortcut.lnk
2015-11-11 09:19 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 09:19 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 09:19 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 09:19 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 09:19 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 09:19 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 09:19 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 09:19 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 09:19 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 09:19 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 09:19 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 09:19 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 09:19 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 09:19 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 09:19 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 09:19 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 09:19 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 09:19 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 09:19 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 09:19 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 09:19 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 09:19 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 09:19 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 09:19 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 09:19 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 09:18 - 2015-11-11 09:18 - 00001132 _____ C:\Users\Linda\Downloads\ComboFix - Shortcut.lnk
2015-11-11 09:15 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 09:14 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 09:14 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 09:14 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 17:26 - 2015-11-10 17:26 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-11-07 18:10 - 2015-11-07 18:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{79C0B825-25B4-4C0C-BECA-56199C28292D}
2015-11-07 14:53 - 2015-11-07 14:55 - 00055290 _____ C:\Windows\ntbtlog.txt
2015-11-07 14:19 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-07 14:19 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-07 14:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-07 14:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-07 14:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-07 14:19 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-07 14:19 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-07 14:19 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-07 13:59 - 2015-11-18 12:17 - 00000000 ____D C:\Qoobox
2015-11-07 13:59 - 2015-11-18 12:14 - 00000000 ____D C:\Windows\erdnt
2015-11-07 13:57 - 2015-11-18 09:10 - 05639131 ____R (Swearware) C:\Users\Linda\Downloads\ComboFix.exe
2015-11-06 12:58 - 2015-11-06 12:58 - 00000000 ____D C:\Users\Linda\AppData\Local\CEF
2015-11-06 12:34 - 2015-11-25 07:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 12:34 - 2015-11-06 12:34 - 00002009 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 07:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-03 07:35 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 07:35 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 07:30 - 2012-04-08 10:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 06:59 - 2011-04-09 20:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 02:00 - 2012-11-04 20:53 - 00000000 ____D C:\Users\Linda\AppData\Local\Adobe
2015-12-02 21:59 - 2014-09-19 05:09 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 18:48 - 2011-05-30 16:37 - 00000000 ____D C:\Users\Linda\Documents\Family Tree Maker
2015-12-02 18:46 - 2013-06-22 15:29 - 00000000 ___RD C:\Users\Linda\Google Drive
2015-12-02 18:20 - 2015-06-28 08:14 - 00000000 ____D C:\Users\Linda\AppData\Local\CrashDumps
2015-12-02 17:59 - 2011-04-09 20:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 19:20 - 2014-08-17 13:21 - 00027491 _____ C:\Users\Linda\Documents\Account information and billing 2014a.xlsx
2015-12-01 14:30 - 2014-03-25 08:52 - 00000000 ____D C:\Users\Linda\AppData\LocalLow\Adblock Plus for IE
2015-11-27 09:59 - 2011-11-22 08:29 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Spotify
2015-11-27 09:53 - 2011-11-22 08:29 - 00000000 ____D C:\Users\Linda\AppData\Local\Spotify
2015-11-27 09:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-25 09:26 - 2011-03-15 09:30 - 00000000 ____D C:\Users\Linda\Documents\RECIPES
2015-11-24 18:01 - 2013-06-22 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-24 08:13 - 2013-06-01 18:01 - 00000000 ____D C:\Users\Linda\.gimp-2.6
2015-11-24 08:13 - 2011-03-11 12:07 - 00000000 ____D C:\Users\Linda
2015-11-24 07:31 - 2013-02-26 09:28 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 07:29 - 2013-02-26 09:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-20 15:45 - 2013-06-01 18:02 - 00000000 ____D C:\Users\Linda\AppData\Roaming\gtk-2.0
2015-11-19 09:52 - 2009-07-24 14:22 - 00000000 ____D C:\Windows\Panther
2015-11-19 09:47 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-19 09:16 - 2015-07-13 08:54 - 00001970 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-11-19 08:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-11-18 21:55 - 2015-06-17 07:23 - 00000025 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-11-18 12:05 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-11-18 12:03 - 2009-07-13 21:34 - 54001664 _____ C:\Windows\system32\config\components.bak
2015-11-18 12:03 - 2009-07-13 21:34 - 22020096 _____ C:\Windows\system32\config\system.bak
2015-11-18 12:03 - 2009-07-13 21:34 - 117178368 _____ C:\Windows\system32\config\software.bak
2015-11-18 12:03 - 2009-07-13 21:34 - 01048576 _____ C:\Windows\system32\config\default.bak
2015-11-18 12:03 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-11-18 12:03 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-11-17 13:18 - 2011-03-11 12:16 - 00000000 ____D C:\Users\Linda\AppData\Local\Hewlett-Packard
2015-11-15 21:19 - 2009-07-14 00:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 21:18 - 2010-08-14 18:11 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-11-15 21:18 - 2010-08-14 18:11 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-15 21:13 - 2011-07-23 13:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForLinda.job
2015-11-15 09:53 - 2010-08-14 18:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-15 09:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2015-11-15 09:43 - 2010-08-14 18:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-15 09:39 - 2010-06-14 21:07 - 00000000 ____D C:\swsetup
2015-11-14 18:38 - 2011-07-23 13:40 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLinda
2015-11-13 03:20 - 2009-07-13 23:45 - 00455880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 06:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 03:23 - 2013-07-26 04:45 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 03:14 - 2011-03-15 12:41 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-12 03:14 - 2011-03-11 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 03:03 - 2011-03-11 12:36 - 00778784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-12 03:02 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 17:27 - 2012-04-08 10:04 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 17:27 - 2012-04-08 10:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 17:27 - 2011-06-08 10:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-07 15:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-07 14:56 - 2011-05-12 10:45 - 00000000 ____D C:\Users\Linda\AppData\Local\ElevatedDiagnostics
2015-11-07 14:16 - 2011-07-31 07:40 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Apple Computer
2015-11-07 14:16 - 2011-07-31 07:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-07 14:10 - 2015-07-09 08:26 - 00000000 ____D C:\Windows\Minidump
2015-11-07 14:01 - 2011-03-15 09:55 - 00000000 ____D C:\Users\Linda\Documents\PC INFORMATION
2015-11-06 12:35 - 2015-01-03 18:23 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 12:34 - 2012-11-04 20:53 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 12:34 - 2012-11-04 20:53 - 00000000 ____D C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2013-06-24 15:17 - 2013-06-24 15:17 - 0000031 _____ () C:\Users\Linda\AppData\Roaming\mbam.context.scan
2011-07-24 06:11 - 2011-07-24 06:11 - 0000236 _____ () C:\Users\Linda\AppData\Local\LaunchHomeCenter.log
2014-03-20 20:57 - 2014-03-20 20:57 - 0000017 _____ () C:\Users\Linda\AppData\Local\resmon.resmoncfg
2014-02-27 16:01 - 2014-02-27 16:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-07-23 15:25 - 2011-07-23 15:25 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-03-11 13:47 - 2011-03-11 13:51 - 0000689 _____ () C:\ProgramData\hpzinstall.log
2011-07-23 20:14 - 2015-11-27 10:22 - 0022685 _____ () C:\ProgramData\lxdq.log
 
Some files in TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\HPPSdr.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-30 06:51
 
==================== End of FRST.txt ============================
 
google chrome is listed 3 times - 194,224, then 108,928 and 105,788 user are all me!  Google Chrome 
 
I hope this is what you need. As for the PC when initial opening a browser it isvery slow to respond, the pc itself sounds like a car revving up!  Additional tabs may load normally but for the most part have to refresh.
 
I check task manager with out IE or Chrome running and saw the following - setpoint (wireless keyboard and mouse) explorer.exe and ccc.exe and csrss.exe

Edited by linda0929, 05 December 2015 - 08:07 AM.


#12 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 07 December 2015 - 03:56 AM

Hi linda0929,
 

google chrome is listed 3 times - 194,224, then 108,928 and 105,788 user are all me! Google Chrome

Thank you for this info about the top users of memory. Please open Windows Task Manager again when your PC seems most sluggish and tell me the three top users of CPU, including the percentages of CPU used.

 

 

As for the PC when initial opening a browser it isvery slow to respond, the pc itself sounds like a car revving up! Additional tabs may load normally but for the most part have to refresh.

Each instance of the chrome browser you launch and each tab within the browser opens a separate process within Windows. Each process consumes memory space and CPU processing time. I notice that you had eight instances of the Chrome browser open when you ran the FRST scan. Please confirm that you are using the most up-to-date version.

  • Click the options icon in the upper right corner of the Chrome window.
  • Select Settings.
  • In the left panel, click About.
  • Allow Chrome to complete the automatic check for updates.
  • Make a note of the version number.
  • It may be necessary to relaunch Chrome.
  •  


I check task manager with out IE or Chrome running and saw the following - setpoint (wireless keyboard and mouse) explorer.exe and ccc.exe and csrss.exe

It's normal to see setpoint and explorer.exe running.

 

See: http://www.howtogeek.com/howto/8679/what-is-ccc.exe-and-why-is-it-running/:
You may have used Catalyst Control Center to customize your display when you first acquired the PC, but if you aren't currently using it, we can easily delete it. Please LMK your preference.

CSRSS.exe is the Client Server Runtime Service. It is a necessary component of your Windows operating system. It should use only a small amount of CPU time (maybe less than 1 percent). Please tell me what percentage of CPU time is being consumed by CSRSS.exe on your PC.
Note: Killing the CSRSS.exe process will make your computer crash instantly.



An easy check for system resource conflicts, driver issues, or some other problems is to look for yellow question marks (?) or exclamation points (!) in Device Manager.

yellow-colored-question-mark-device.png?

Please press Windows key + R and type devmgmt.msc and press Enter to open the Device Manager. Tell me the name of any device or controller that is tagged with a yellow exclamation point showing at the left of the name. You can also click the associated plus sign to expand the info about the device or controller. Give me a full description of any tagged item.

For more info about Device Manager see How to Use the Windows Device Manager for Troubleshooting.


The following file may or may not be legitimate. Please submit it to VirusTotal for an online scan:

C:\Windows\System32\printfilterpipelinesvc.exe

  • Please visit https://www.virustotal.com/.
  • Click the File tab.
  • Click Choose File.
  • Use the File Upload window to navigate to C:\Windows\System32\printfilterpipelinesvc.exe on your local PC and click Open.
  • Click the Scan it! button on the VirusTotal website.
  • After a short time, the analysis will be presented on a web page.
  • Please copy the URL of that page (https:// etc.) and paste it into your reply to me.


Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • Carefully examine the contents of the logfile. Let me know about any entries you want to keep.
  • Copy and paste the entire contents of that logfile into your next reply.
  • Copies of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Please relaunch the FRST tool. Be sure to checkmark the Addition.txt box. All the Whitelist boxes should also be checkmarked. Press Scan.


In your next message to me:

  • Tell me the top three users of CPU time when your PC is sluggish.
  • Confirm that Chrome is up to date. Tell me its version number.
  • Tell me whether you would like to delete Catalyst Control Center.
  • Tell me what percentage of CPU time is being consumed by CSRSS.exe.
  • If you found any tagged items in Device Manager, give me a full description of each one.
  • Give me the URL of the analysis page from the VirusTotal website.
  • Copy and paste the contents of AdwCleaner[S#].txt into the body of your reply and tell me which entries you want to keep.
  • Copy and paste the contents of FRST.txt and Addition.txt into the body of your reply. It's OK if you use two posts for all this info.

Note that I am asking for eight items above in your next reply.

Please also tell me how your PC is running now. Any new symptoms?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#13 linda0929

linda0929
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 11 December 2015 - 08:07 PM

Ray my apologies, I have been extremely busy and unable to complete your last request.  I will however have time to complete it on Saturday 12/12/15...



#14 RayS

RayS

  • Malware Response Team
  • 2,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:16 AM

Posted 12 December 2015 - 03:11 AM

Hi linda0929,
 

Ray my apologies, I have been extremely busy and unable to complete your last request. I will however have time to complete it on Saturday 12/12/15...


Thank you for keeping me advised. If you get stuck on any part of my instructions, please LMK. I'm here to help you.

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#15 linda0929

linda0929
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 AM

Posted 13 December 2015 - 06:01 PM

thanks for your patience!  Hope I have completed everything!

 

 

 

 

1.      VERIFY VERSION OF CHROME

a.       Version 47.0.2526.80 m (64-bit) --- Google Chrome is up to date.

 

2.       CATALYST CONTROL CENTRAL – I have modified my display properties from factory defaults so it is probably necessary!  If it is not utilized for that purpose I would like to deactivate it but not delete it.

 

3.       CSRSS.exe – understand will not touch!!!! 

4.       Resource conflicts -  I have checked all Device Manager even in the past and I have no alerts at this time

5.      Issue – Windows\system32\printfilterpipelinesvc.exe

a.       I am unable to locate this file by:

  i  Performing a search

  ii. Using the explore tool selecting Computer-OS (C: ) – Windows – system32 --  subsequent folders do not reflect printfilterpipelinesvc.exe

6.      AdwCleaner Results

a.       # AdwCleaner v5.025 - Logfile created 13/12/2015 at 17:43:19

b.      # Updated 13/12/2015 by Xplode

c.       # Database : 2015-12-13.2 [Server]

d.      # Operating system : Windows 7 Home Premium Service Pack 1 (x64)

e.       # Username : Linda - LINDA-HP

f.        # Running from : C:\Users\Linda\Downloads\AdwCleaner.exe

g.      # Option : Scan

h.      # Support : http://toolslib.net/forum

i.       

j.        ***** [ Services ] *****

k.      

l.       

m.     ***** [ Folders ] *****

n.     

o.      Folder Found : C:\Program Files (x86)\JustCloud

p.      Folder Found : C:\Program Files (x86)\Coupons

q.      Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

r.        Folder Found : C:\Users\Linda\AppData\Local\PackageAware

s.       Folder Found : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk

t.        Folder Found : C:\Users\Linda\AppData\Roaming\download Manager

u.      Folder Found : C:\Users\Linda\AppData\Roaming\Easeware

v.      

w.      ***** [ Files ] *****

x.      

y.      

z.       ***** [ DLL ] *****

aa.   

bb.  

cc.     ***** [ Shortcuts ] *****

dd.  

ee.   

ff.      ***** [ Scheduled tasks ] *****

gg.  

hh.   Task Found : LaunchApp

ii.      

jj.       ***** [ Registry ] *****

kk.    

ll.       Key Found : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}

mm. Key Found : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}

nn.   Key Found : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}

oo.   Key Found : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}

pp.   Key Found : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}

qq.   Key Found : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}

rr.      Key Found : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}

ss.     Key Found : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}

tt.      Key Found : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}

uu.   Key Found : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}

vv.     Key Found : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}

ww.  Key Found : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}

xx.     Key Found : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}

yy.     Key Found : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}

zz.     Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

aaa. Key Found : HKCU\Software\APN PIP

bbb.Key Found : HKCU\Software\SoftSuma

ccc.  Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}

ddd.Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{630E967D-2720-4481-BC12-4EF54DDD641B}

eee.

fff.    ***** [ Web browsers ] *****

ggg.

hhh.[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dkpejdfnpdkhifgbancbammdijojoffk

iii.    

jjj.     ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2751 bytes] ##########

7.       FRST AND ADDITION.TXT RESULTS

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-12-2015

Ran by Linda (2015-12-13 17:50:42)

Running from C:\Users\Linda\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-03-11 17:07:33)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1852320340-3763420829-3560972882-500 - Administrator - Disabled)

Guest (S-1-5-21-1852320340-3763420829-3560972882-501 - Limited - Disabled)

Linda (S-1-5-21-1852320340-3763420829-3560972882-1001 - Administrator - Enabled) => C:\Users\Linda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)

Adobe Connect 9 Add-in (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.1.110 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)

Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)

Ancestry World Archives Project - Keying Tool (HKLM-x32\...\{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}) (Version: 1.1.0102 - Ancestry.com)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{8E9405C3-4A81-A757-1670-56B202B46F3C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)

ATI Problem Report Wizard (Version: 3.0.821.0 - ATI Technologies) Hidden

Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)

Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)

BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2014.1120.2109 - F5 Networks, Inc.)

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blockbuster On Demand (HKLM-x32\...\{52E41739-9696-4E19-8C64-C2FC54B66B08}) (Version: 2.7.162 - Echostar)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)

Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)

DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden

Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.379 - Ancestry.com)

Family Tree Maker 2011 (x32 Version: 20.0.379 - Ancestry.com) Hidden

Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)

Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden

Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.383 - Ancestry.com, Inc.)

Family Tree Maker 2014 (Version: 22.0.383 - Ancestry.com, Inc.) Hidden

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Glance 2.9 (HKLM-x32\...\Glance_is1) (Version:  - Glance Networks, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)

Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)

HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)

HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)

 

HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)

HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)

HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)

HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)

Hulu Desktop (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)

HydraVision (x32 Version: 4.2.188.0 - ATI Technologies Inc.) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kobo (HKLM-x32\...\Kobo) (Version:  - )

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden

Legacy 7.5 (HKLM-x32\...\Legacy 7.5) (Version: 7.5  - Millennia Corporation)

LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)

Living Cookbook 2015 (HKLM-x32\...\Living Cookbook 2015) (Version: 5.0.85 - Radium Technologies, Inc.)

Living Cookbook 2015 (x32 Version: 5.0.85 - Radium Technologies) Hidden

Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

magicJack (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)

Microsoft Photo Editor (HKLM-x32\...\Microsoft Photo Editor_is1) (Version:  - Microsoft, Inc.)

Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)

Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)

Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)

PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)

PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden

PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden

PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)

PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)

Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden

Spotify (HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)

System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Veebeam (HKLM-x32\...\{F1510D0A-AD9F-4810-A191-E9A5C706B115}) (Version: 1.1.44725 - Veebeam Ltd)

Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)

Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

 

==================== Restore Points =========================

 

04-12-2015 07:41:13 Windows Update

07-12-2015 13:53:34 Windows Update

10-12-2015 03:00:25 Windows Update

13-12-2015 10:50:41 Windows Update

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-06-11 08:20 - 2015-11-24 07:26 - 00000025 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {01B7E4FD-AE49-4309-B6C5-3AFB34933D48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {04904F23-7116-47FC-9735-11A0D992BE76} - System32\Tasks\{E8E3D317-9CC6-46AC-A032-AF32BCBE194B} => C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [2010-10-10] ()

Task: {09BE9BC2-A2E0-41F4-A6CC-411288E24429} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

Task: {0EA4307C-6AB7-45D5-B102-BE7B2A0EB2FC} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

Task: {122CBE5E-9B46-468C-84AD-DDF31D24CC45} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

Task: {18A8B41C-BE21-4C1F-9F5D-73D643CD13A6} - System32\Tasks\{B9864AD1-74B8-4051-95FB-79DFA3E9F670} => pcalua.exe -a E:\setup.exe -d E:\

Task: {1C7028A1-E480-455D-A427-F17C2F60F36D} - System32\Tasks\{1BBD8E10-3A78-433C-9A1C-4E19CC1503DC} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}\setup.exe" -c -runfromtemp -l0x0409 -removeonly

Task: {1CB32ECF-5833-4B53-98FD-AE09A55F3ABC} - System32\Tasks\{A31F0E56-9C0B-42A3-BB2A-3F07413F90BF} => pcalua.exe -a "C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86N8K03T\MFInstall[1].exe" -d C:\Users\Linda\Desktop

Task: {285F40A2-F939-4D52-AB99-EBC4B22D8F47} - \LaunchApp -> No File <==== ATTENTION

Task: {2D687E65-9D06-448F-9271-D831F5D368D9} - System32\Tasks\HP AR Program Upload - 30c5ebd4bf9347c3a9957b28fa633605dd879b5454fd468bbc66b5571abe943e => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {39DD82D1-B578-45C0-84FA-E21A43687421} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

Task: {3A94F5CA-0856-40C2-A4A3-B557EFB33898} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {49D73EA6-95CF-4998-9746-E47FA6D4F4B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {4EEC1415-5DA8-4CD4-86DB-6A8323CBBDB0} - System32\Tasks\{772AAFC1-0B96-4BF1-B751-0A2FAECE56DA} => pcalua.exe -a "C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFVYRQOF\PC_Health_Check[1].exe" -d C:\Users\Linda\Desktop

Task: {52237EBF-77AA-4D5D-AB20-01A5755DB8D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)

Task: {75AA29EE-2E38-4E31-B81E-911B3B8DE175} - System32\Tasks\{0B4B3F91-C0C5-412C-942D-C4F133024095} => pcalua.exe -a "C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFVUALHF\application_HTC_USB_Tethering_Driver[1].exe" -d C:\Users\Linda\Desktop

Task: {81E6F687-D073-41B4-B3D5-033C199481BC} - System32\Tasks\HP AR Program Upload - e0d12dd47b9b4283bd69522f08e32afa4298ff4bb06541f9bc1838638e844a03 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {86FE5103-0A19-4A4F-9AED-E6714A36F5CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {8DFDAC23-8E67-4877-AD1A-048AFED0E7E7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {9BAD1C1E-18FF-44EB-A45E-7DF9911EFE0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {9EC27666-9586-408D-811A-5EB64993CE24} - System32\Tasks\{8E0C1184-E10E-424B-AA23-C8E82FAE8D3C} => C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [2010-10-10] ()

Task: {A0BED904-F895-4EE3-9DDE-5BB8C382D527} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)

Task: {A19A8CEE-3F46-4A27-9C50-D48F0E8B88BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

Task: {A1A92A40-A2E5-4CF1-B688-43CFA9E65579} - System32\Tasks\HP AR Program Upload - 6e84c216b0fa467abae70453820d0f839f8676d7337d4044ab4b4fea7c1b68aa => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {A4796212-5390-4D69-BE06-38836B75F0BA} - System32\Tasks\{823AF92E-FDB9-4B86-9FF5-86823FD10C47} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

Task: {AA4066D8-0C30-41B8-ACFA-16448015A3E2} - System32\Tasks\{81130310-09E4-4BEB-99CF-FAF972EC2C3A} => pcalua.exe -a E:\SETUP.EXE -d E:\

Task: {B0B45963-F554-46FE-A14D-CF5F7B137F6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)

Task: {B631D1A6-81F6-49D8-9A0F-4F2D026D7263} - System32\Tasks\{DDFBF312-F2C6-4984-95D7-37E0EADF061D} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {BBE5AE8E-D5A7-4E6C-A5EE-AE3F38DC67C6} - System32\Tasks\HPCeeScheduleForLinda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {CF94E2DD-19A1-4705-8B45-3FE73E2F1C42} - System32\Tasks\HP AR Program Upload - 6122a700eda9418295f1478bb1c0a441f0a80bf2bac44f3dbccd5f6cc15aa52d => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {D87149E7-2312-4603-A4BF-6354AEEA4F28} - System32\Tasks\HP AR Program Upload - ca59a8315bf24e7d93ccaaac1627b5543ba3cce964e946a4ba27e345134cebaf => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {DE4938B5-155E-4642-9C82-E64E7B92FD53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {E1C4813A-75D9-46AA-B157-EA8D88A36A2E} - System32\Tasks\AdobeAAMUpdater-1.0-Linda-HP-Linda => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)

Task: {E364BE34-4D57-4635-866E-7A73176B429A} - System32\Tasks\HP AR Program Upload - 3b26e4b61ebb40c5ab510aeb26c11badf0f191082d2145a9b8943203b2376402 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)

Task: {E7868895-43D0-4A70-9592-E6B0CD52CD95} - System32\Tasks\{D96E8924-A44C-484A-AC32-F849D224AC90} => C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe [2010-10-10] ()

Task: {EB0F74DC-7FF0-4127-9BF8-4A482C95BBE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)

Task: {EB8363D9-DC4D-4410-A8F1-CD60CB8BA5A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {EF9510A8-CF44-4BDD-AEF8-061D067DB536} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {F482F861-BE4C-48F2-AF8D-588EA282F886} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {F5B7147F-14A9-414A-9614-A58280EFE801} - System32\Tasks\{CFFE8EB7-22E7-420C-9B7E-0B00432092BA} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {FFBA2B8C-42DC-4DD6-9AFE-68165C656539} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForLinda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=quickenfc&pf=cndt&locale=en_us&bd=pavilion&c=104 <==== ATTENTION

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=hp_softwarestore&pf=cndt&locale=en_us&bd=all&c=104 <==== ATTENTION

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-03-09 21:59 - 2011-03-09 21:59 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll

2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-21 07:30 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-06-13 13:17 - 2015-06-13 13:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2015-10-27 07:36 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

2013-10-24 14:30 - 2013-10-24 14:30 - 02539008 _____ () C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe

2011-03-09 22:00 - 2011-03-09 22:00 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2011-03-09 22:05 - 2011-03-09 22:05 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-03-14 13:20 - 2011-03-14 13:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2015-12-09 20:06 - 2015-12-04 17:17 - 01971528 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll

2015-12-09 20:06 - 2015-12-04 17:17 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll

2011-07-23 15:25 - 2007-08-08 15:55 - 00364544 _____ () C:\Program Files (x86) (x86)\Lexmark Z2400 Series\iptk.dll

2011-07-23 15:25 - 2007-07-09 23:45 - 00151552 _____ () C:\Program Files (x86) (x86)\Lexmark Z2400 Series\lxdqptp.dll

2013-10-24 09:39 - 2013-10-24 09:39 - 00906752 _____ () C:\Program Files (x86)\Veebeam\VeebeamApp\libx264-x86.dll

2013-10-24 09:39 - 2013-10-24 09:39 - 01537655 _____ () C:\Program Files (x86)\Veebeam\VeebeamApp\libsamplerate-0.dll

2010-09-28 14:00 - 2010-09-28 14:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

2010-09-28 14:00 - 2010-09-28 14:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

2010-09-28 14:00 - 2010-09-28 14:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\alpineaccess.com -> hxxps://vge01.alpineaccess.com

IE trusted site: HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\...\ancestry.com -> ancestry.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1852320340-3763420829-3560972882-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

MSCONFIG\startupreg: Spotify => "C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Linda\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{CDAEEB6F-8D6C-42AB-95FC-CC6E629AEBCF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE

FirewallRules: [{B9C56E44-8694-44B5-9393-B618921AE88D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe

FirewallRules: [{72E82170-20A4-4D76-A257-B6602B46AC9E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe

FirewallRules: [{668BFDAD-0F5F-4935-BD8D-7230B73B2556}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

FirewallRules: [{AC4809C7-B974-4D22-AA68-69F272A78F0A}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

FirewallRules: [{6D6CAE87-C6D8-4AB8-98E9-7DB17D6955C6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe

FirewallRules: [{F10AC8FD-9A9B-41DE-8384-6BEC33D8B3F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe

FirewallRules: [{A7EB5645-DAA2-4E84-A53E-BB87777A54B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe

FirewallRules: [{E0F96C15-A300-476C-BA42-4C1EC4D1C84E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe

FirewallRules: [{5C6D8504-587C-4F4A-8D9B-82D3073F3B62}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{021DE7D7-1146-4956-B1C9-6301F0D644CC}] => (Allow) svchost.exe

FirewallRules: [{90A8F4D7-7DAE-4C73-93D8-705CD8736465}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{81DD6621-6228-4EA4-85E7-C53B367523DE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{C078EEEE-34AD-42D1-892A-26ADE497BCB0}] => (Allow) LPort=2869

FirewallRules: [{811DB6FF-9DD5-4C11-98C6-5BCAC2DA328B}] => (Allow) LPort=1900

FirewallRules: [TCP Query User{F03B0AE7-E4CB-4B0F-BE84-71C2FFEC7B3C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe

FirewallRules: [UDP Query User{1BB29D2E-E3B6-47C6-956E-672CB467DC99}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe

FirewallRules: [TCP Query User{8DEFA216-B11E-4ABA-8C40-CF7C88F9AA0D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe

FirewallRules: [UDP Query User{97675147-645B-4A8C-B5C3-5C6BEE98D0CF}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe

FirewallRules: [{07948C03-06D3-4439-B4BC-32A7F3F52555}] => (Allow) LPort=5353

FirewallRules: [{B71E8438-8E4B-4430-9A94-B84B127CF07C}] => (Allow) C:\Program Files (x86) (x86)\Lexmark Z2400 Series\lxdqmon.exe

FirewallRules: [{0257D7A2-CFBB-4A86-B6B2-93CC180822A9}] => (Allow) C:\Program Files (x86) (x86)\Lexmark Z2400 Series\lxdqmon.exe

FirewallRules: [{5D65BF53-2F44-47DA-94B0-22B96299122C}] => (Allow) LPort=5353

FirewallRules: [{CF2CA0BB-A325-489F-9815-96BA52D9B081}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{770743C9-11E0-4361-A3E4-ED41DF78A3D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{386EED47-2FC3-4D27-BBF8-2A657DA55E6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{A80BEBC0-5B45-443D-9644-A3C3DEBB8E7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{21C5F2BD-1998-40AD-8033-E28C78BCDE27}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\linda\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{173AFB37-8210-47F2-BC57-8C67F32C23E6}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\linda\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{5DA142C0-9496-4BE1-A787-3570EBFB0FCF}E:\bin\nssapp.exe] => (Allow) E:\bin\nssapp.exe

FirewallRules: [UDP Query User{0DD442FA-ACAC-495A-8CE2-7C154BE404B9}E:\bin\nssapp.exe] => (Allow) E:\bin\nssapp.exe

FirewallRules: [TCP Query User{0CB0324A-7615-48B5-BA37-244121AEF3AF}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\linda\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{B20A4647-B811-40B3-B924-562B1859C343}C:\users\linda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\linda\appdata\roaming\spotify\spotify.exe

FirewallRules: [{4E2EC66A-1AFF-40A3-8AD8-5629403D967C}] => (Allow) LPort=9322

FirewallRules: [{3E573C3C-6D87-4FE0-8897-8CDDA606B4AA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

FirewallRules: [TCP Query User{E28AE1B4-C542-4ECA-B003-475DAB25CD4A}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [UDP Query User{777F0956-7D02-4396-9A9F-08AC1425C62D}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [TCP Query User{79BFDACE-EE20-4F4B-B4B3-C2D1474F2658}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [UDP Query User{4F7AE23B-8361-463A-8EA1-7C40C66FA4F9}C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\linda\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [{AA2090BE-CC4B-4CFE-8C61-9BCE5F482D7F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [TCP Query User{7C6E8AC2-68BC-4F66-98B4-BD0BA3EB64B9}C:\programdata\blockbuster on demand\blockbusterondemand.exe] => (Allow) C:\programdata\blockbuster on demand\blockbusterondemand.exe

FirewallRules: [UDP Query User{4E8EF54F-3150-4FE6-9F21-D6F0645915AD}C:\programdata\blockbuster on demand\blockbusterondemand.exe] => (Allow) C:\programdata\blockbuster on demand\blockbusterondemand.exe

FirewallRules: [{D8D16B86-F2F9-47F6-881C-830C7F9B8B87}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe

FirewallRules: [{E004476B-7F54-40D2-B7EC-D314203058AC}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe

FirewallRules: [{10058F48-B06B-4B24-9651-3B507B5DE963}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe

FirewallRules: [{F2E17819-0A4A-4689-9DC2-6EDCB085FBCE}] => (Allow) C:\Program Files (x86)\Veebeam\VeebeamApp\VeebeamPlus.exe

FirewallRules: [TCP Query User{4E5A5B10-0934-4D7B-AA2B-1DB7FB7F619D}C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe] => (Block) C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe

FirewallRules: [UDP Query User{B5BAD660-415E-4F8B-A1C2-7559E891899C}C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe] => (Block) C:\program files (x86)\veebeam\veebeamapp\veebeamplus.exe

FirewallRules: [{84D18268-5EE3-4B75-9C3C-08F645EDB2E2}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS45E5\HPDiagnosticCoreUI.exe

FirewallRules: [{6E9D84CF-5DD9-4E9B-BD59-EDEB53E60FD3}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS45E5\HPDiagnosticCoreUI.exe

FirewallRules: [{6C0E9230-6DFB-4A9D-8BC1-C8A3F133901A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe

FirewallRules: [{AF8D3954-D209-4AB6-8416-D8FD8D3765C8}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe

FirewallRules: [{7E13FAB0-FE51-44FA-B91D-0BE17827EADB}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe

FirewallRules: [{718A7CC5-630B-46AF-B8C7-6B09B56E4264}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe

FirewallRules: [{8E96458A-68A8-47E2-ACC4-76252ED400A2}] => (Allow) LPort=5357

FirewallRules: [{4697EEF5-197C-41CC-B05C-CF5C8DD5E45D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{AD5E3D6E-8679-4CBB-A6FC-0317AD5E5F32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1270541E-4B0D-4D09-A660-EF5A085A3A50}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A02E04C5-FD65-4A08-BF3D-B15584137219}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{C1DB63A8-CB87-49C2-A330-EA34069BEB73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8F3DF141-7533-414D-B29F-D1AC1B35DFBB}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{56F937CD-2B13-4744-88D3-CFED341C386D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{15602061-2BD5-4F3B-B5DD-AAF64B2D096C}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D27\HPDiagnosticCoreUI.exe

FirewallRules: [{B416759B-8FC8-4AA6-8ED4-71A2A85FC3E0}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D27\HPDiagnosticCoreUI.exe

FirewallRules: [{08DD9DFF-5EAE-4E8A-A410-BE9649B7B5A1}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D69\HPDiagnosticCoreUI.exe

FirewallRules: [{D4FD1D84-ECE1-48F2-80DD-0D10DBE50310}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS3D69\HPDiagnosticCoreUI.exe

FirewallRules: [{9DF32B93-947E-489E-96BD-B13DEBD10EF6}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS35A9\HPDiagnosticCoreUI.exe

FirewallRules: [{9A640C93-8949-4D48-89AC-E94DB909F7D1}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS35A9\HPDiagnosticCoreUI.exe

FirewallRules: [{7482DFBD-A83A-431F-A667-DF9B17574730}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{69E6EE53-EF51-4FD7-9AE5-F64504910C4C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{5CFBF050-0602-4D60-8AE7-AD7183597F3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{09B8C20F-85A3-4EE6-8D8B-3387F0D1F10E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{BDCCF923-EC37-452F-82CB-9E5B7201F738}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS7284\HPDiagnosticCoreUI.exe

FirewallRules: [{B24C3BDD-A2D5-43B9-BB24-56EA08E49FA1}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS7284\HPDiagnosticCoreUI.exe

FirewallRules: [{3112FF06-0778-4217-AE35-3BABAB2B69E7}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS0840\HPDiagnosticCoreUI.exe

FirewallRules: [{44710E5B-7A3A-4AED-895A-BCAD94861CFE}] => (Allow) C:\Users\Linda\AppData\Local\Temp\7zS0840\HPDiagnosticCoreUI.exe

FirewallRules: [{2FA6331F-23E7-4546-90FD-5EEA4E94D38A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/13/2015 02:34:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x1150

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (12/13/2015 10:09:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AitStatic.exe, version: 10.0.10004.0, time stamp: 0x54c65a8b

Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56259271

Exception code: 0xc000000d

Fault offset: 0x000000000000b3dd

Faulting process id: 0x1ee8

Faulting application start time: 0xAitStatic.exe0

Faulting application path: AitStatic.exe1

Faulting module path: AitStatic.exe2

Report Id: AitStatic.exe3

 

Error: (12/13/2015 10:08:35 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

 

Error: (12/13/2015 10:05:49 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/13/2015 08:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7145

 

Error: (12/13/2015 08:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7145

 

Error: (12/13/2015 08:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/13/2015 08:27:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6131

 

Error: (12/13/2015 08:27:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6131

 

Error: (12/13/2015 08:27:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (12/10/2015 03:47:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureCommand with the following error:

%%5

 

Error: (12/10/2015 03:45:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

%%5

 

Error: (12/10/2015 03:36:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (12/10/2015 03:35:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AODDriver4.0 service failed to start due to the following error:

%%3

 

Error: (12/10/2015 03:31:51 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (12/10/2015 03:31:46 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {29876C13-B9A8-4D5E-A545-F15B3C1FD359}

 

Error: (12/05/2015 05:56:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureCommand with the following error:

%%5

 

Error: (12/05/2015 05:56:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

%%5

 

Error: (12/05/2015 05:48:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (12/05/2015 05:48:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AODDriver4.0 service failed to start due to the following error:

%%3

 

 

CodeIntegrity:

===================================

  Date: 2015-11-18 09:21:48.415

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-11-18 09:21:48.352

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Processor: AMD Athlon™ II X2 250 Processor

Percentage of memory in use: 37%

Total physical RAM: 4863.29 MB

Available physical RAM: 3052.9 MB

Total Virtual: 9724.78 MB

Available Virtual: 6738.37 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:919.45 GB) (Free:701.24 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:11.96 GB) (Free:1.46 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 6E947156)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

 

​browser still slow in opening, still experience the "revving of the engine"  and at times when submitting information such as an internet purchase or even updating info on bleeping computer when I click submit or save changes I remain in a processing mode ie rolling 3 light indicator on bleeping.com or the circling arrow when submitting a purchase on websites... sometimes I click refresh and it resolves it or I have to resubmit....


Edited by linda0929, 13 December 2015 - 06:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users