large advertising pop ups, can not move or delete, which obscures viewing of pages.
Clicking on web page links, it will direct me to another ad website, my Norton software will block this page and display; Malicious Malware Page Blocked.
After closing all web pages, there will be some windows reaming on desktop (ads) or requesting downloads updates.
P C does not appear to have slowed in any operations.
Needles to say, My Norton software has been very busy last few days.
Thanks,
jprzybilla
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Jerome (administrator) on OFFICE on 07-02-2015 07:37:54
Running from C:\Users\j1977_000\Desktop
Loaded Profiles: Jerome (Available profiles: Jerome & Emma & Administrator & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\webzoom\1.1.0.29\cozwdhost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\ProgramData\webzoom\1.1.0.29\cozaghost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
() C:\ProgramData\webzoom\1.1.0.29\coz32host.exe
() C:\ProgramData\webzoom\1.1.0.29\cozahost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\ProgramData\webzoom\1.1.0.29\coz64host.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 32-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [CouponXplorer AppIntegrator 64-bit] => C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [OnlineMapFinder AppIntegrator 32-bit] => C:\PROGRA~2\ONLINE~3\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [OnlineMapFinder AppIntegrator 64-bit] => C:\PROGRA~2\ONLINE~3\bar\1.bin\AppIntegrator64.exe
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2611808 2014-01-20] ()
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\RunOnce: [Adobe Speed Launcher] => 1423314303
Startup: C:\Users\j1977_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Alert.lnk
ShortcutTarget: Desktop Alert.lnk -> C:\LiveOnline_4108433.exe (No File)
Startup: C:\Users\j1977_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\j1977_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Alert.lnk
ShortcutTarget: Desktop Alert.lnk -> C:\LiveOnline_4108433.exe (No File)
Startup: C:\Users\j1977_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dn ... 457542&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dn ... 457542&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=523482&fr=spigot-yhp-ie
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_16_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtC0F0ByC0A0EyDtC0E0B0A0C0DtN0D0Tzu0SzztAzztN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyD0E0DtB0FyEyCtGtAzzyByEtGtAyDtByBtGyEtDzyzztGyByD0A0FyEzz0AyEtAyCtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzyyDtBtBtC0FtG0EyBtDtAtGyBtCtCtBtG0B0ByC0BtGtByD0EtDyB0CyC0D0AtC0FyD2Q&cr=1978457542&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_16_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtC0F0ByC0A0EyDtC0E0B0A0C0DtN0D0Tzu0SzztAzztN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyD0E0DtB0FyEyCtGtAzzyByEtGtAyDtByBtGyEtDzyzztGyByD0A0FyEzz0AyEtAyCtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzyyDtBtBtC0FtG0EyBtDtAtGyBtCtCtBtG0B0ByC0BtGtByD0EtDyB0CyC0D0AtC0FyD2Q&cr=1978457542&ir=
SearchScopes: HKLM -> {722A3CD8-665F-4C4B-8147-0AB3273932E6} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AFA^xdm338^S10945^us&si=49588_Mom-Lander2&ptb=255CC981-9718-464F-A060-E9F26CC96869&ind=2014111908&n=780ce8a4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {722A3CD8-665F-4C4B-8147-0AB3273932E6} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1141139573-402178876-1469993118-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_16_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtC0F0ByC0A0EyDtC0E0B0A0C0DtN0D0Tzu0SzztAzztN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyD0E0DtB0FyEyCtGtAzzyByEtGtAyDtByBtGyEtDzyzztGyByD0A0FyEzz0AyEtAyCtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzyyDtBtBtC0FtG0EyBtDtAtGyBtCtCtBtG0B0ByC0BtGtByD0EtDyB0CyC0D0AtC0FyD2Q&cr=1978457542&ir=
SearchScopes: HKU\S-1-5-21-1141139573-402178876-1469993118-1001 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60002
SearchScopes: HKU\S-1-5-21-1141139573-402178876-1469993118-1001 -> {722A3CD8-665F-4C4B-8147-0AB3273932E6} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1141139573-402178876-1469993118-1001 -> {D6CD22A7-8473-4F32-9A6E-FF0FADCC59D0} URL = http://isearch.shopathome.com?user_id={111aba70-9bf7-4164-bc7c-af6a14334274}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1141139573-402178876-1469993118-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll (Hewlett-Packard)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1141139573-402178876-1469993118-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1141139573-402178876-1469993118-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} https://col0-sec.mail.live.com/mail/Mai ... =588777323
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1141139573-402178876-1469993118-1001: hp.com/HPDetect -> C:\Users\j1977_000\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-12]
FF HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 cozaghost; C:\ProgramData\webzoom\1.1.0.29\cozaghost.exe [481776 2015-02-05] ()
R2 cozwdhost; C:\ProgramData\webzoom\1.1.0.29\cozwdhost.exe [247280 2015-02-05] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-22] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150206.001\IDSvia64.sys [669400 2015-02-05] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150206.016\ENG64.SYS [129752 2015-01-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150206.016\EX64.SYS [2137304 2015-01-26] (Symantec Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-02-05] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 07:37 - 2015-02-07 07:38 - 00027077 _____ () C:\Users\j1977_000\Desktop\FRST.txt
2015-02-07 07:37 - 2015-02-07 07:37 - 00000000 ____D () C:\FRST
2015-02-07 07:33 - 2015-02-07 07:33 - 02131968 _____ (Farbar) C:\Users\j1977_000\Desktop\FRST64.exe
2015-02-06 20:37 - 2015-02-06 20:37 - 00000000 ____D () C:\Users\j1977_000\AppData\Local\CrashDumps
2015-02-06 20:25 - 2015-02-06 20:25 - 00000199 _____ () C:\Users\j1977_000\Desktop\Free Malware Removal Forum - community support for infected computers.url
2015-02-06 19:00 - 2015-02-06 19:00 - 37987520 _____ (Microsoft Corporation) C:\Users\j1977_000\Downloads\Windows-KB890830-x64-V5.20.exe
2015-02-06 10:35 - 2015-02-06 10:35 - 01513577 _____ () C:\WINDOWS\shost.bin
2015-02-05 18:29 - 2015-02-05 18:29 - 00001499 _____ () C:\Users\j1977_000\Desktop\Download Java for Windows - Offline Installation.url
2015-02-05 18:29 - 2015-02-05 18:29 - 00000477 _____ () C:\Users\j1977_000\Desktop\Norton Power Eraser has detected that you have an older version of Java which is vulnerable.url
2015-02-05 18:26 - 2015-02-05 18:26 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR430.dat
2015-02-05 18:25 - 2015-02-05 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-05 18:25 - 2015-02-05 18:24 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-05 18:17 - 2015-02-05 18:17 - 00001380 _____ () C:\Users\j1977_000\Desktop\Download Java for Windows.url
2015-02-05 18:08 - 2015-02-05 18:09 - 00000000 ____D () C:\NPE
2015-02-05 18:06 - 2015-02-05 18:26 - 00108216 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS
2015-02-05 18:05 - 2015-02-05 18:26 - 00000000 ____D () C:\Users\j1977_000\AppData\Local\NPE
2015-02-05 10:35 - 2015-02-05 10:35 - 00000000 ____D () C:\ProgramData\webzoom
2015-02-05 10:02 - 2015-02-05 10:02 - 00016603 _____ () C:\Users\j1977_000\Documents\Inventory Template.dotx
2015-02-01 17:02 - 2015-02-01 17:02 - 00000204 _____ () C:\Users\j1977_000\Desktop\Seeing error You haven't accessed the Google Play Store app on your device with this email account - Google Play Help.url
2015-02-01 11:09 - 2015-02-01 11:15 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-30 20:06 - 2015-01-30 20:06 - 00000209 _____ () C:\Users\j1977_000\Desktop\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.url
2015-01-30 09:22 - 2015-02-03 16:04 - 00000000 ____D () C:\Users\j1977_000\Desktop\Scott Grove
2015-01-27 19:02 - 2015-01-27 19:02 - 00000343 _____ () C:\Users\j1977_000\Desktop\Hangout With Matt Monarch.url
2015-01-26 16:32 - 2015-01-26 16:32 - 00000235 _____ () C:\Users\j1977_000\Desktop\The Raw Food World - Dragon's Blood 35ml-1.18fl oz (100% Raw Croton Lechleri Sap).url
2015-01-20 13:56 - 2015-01-29 16:19 - 00000000 ____D () C:\Users\j1977_000\Desktop\Amazon
2015-01-14 05:11 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 05:11 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 05:11 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 05:11 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 05:11 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 05:11 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 05:11 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 05:11 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 05:11 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 05:11 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 05:11 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 05:11 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 05:11 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 05:11 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 05:11 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 05:11 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 05:11 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 05:11 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 05:11 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 05:11 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 05:11 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 05:11 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 05:11 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 05:11 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 05:11 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 05:11 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 05:11 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 05:11 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 05:11 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 05:11 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 05:11 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Emma\AppData\Local\OnlineMapFinder_9p
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 07:33 - 2014-01-26 10:55 - 01115861 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-07 07:19 - 2014-01-25 16:09 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1141139573-402178876-1469993118-1001
2015-02-07 07:17 - 2014-09-15 18:54 - 00000354 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-02-07 07:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-07 07:05 - 2014-05-25 16:41 - 00000000 ____D () C:\Users\j1977_000\.rainlendar2
2015-02-07 07:05 - 2014-03-11 03:47 - 00000000 ___RD () C:\Users\j1977_000\SkyDrive
2015-02-07 07:01 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-06 20:37 - 2014-02-02 19:13 - 00000000 ____D () C:\Users\j1977_000\AppData\Roaming\ClassicShell
2015-02-06 19:40 - 2014-02-09 08:11 - 00000314 _____ () C:\WINDOWS\Tasks\updaterex.job
2015-02-06 08:19 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-05 19:17 - 2014-01-30 16:26 - 00003166 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJerome
2015-02-05 19:17 - 2014-01-30 16:26 - 00000350 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJerome.job
2015-02-05 18:25 - 2014-02-07 13:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-05 18:24 - 2014-02-07 13:52 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-05 18:13 - 2013-11-14 01:28 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-05 18:08 - 2013-08-22 08:46 - 00343794 _____ () C:\WINDOWS\setupact.log
2015-02-05 18:08 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 18:07 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-05 18:06 - 2013-05-14 10:03 - 00000000 ____D () C:\ProgramData\Norton
2015-02-05 15:49 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-05 14:38 - 2014-01-25 11:18 - 00000000 ____D () C:\Users\j1977_000\Documents\Natures Illuminations Expenses
2015-02-03 13:31 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 05:23 - 2014-01-28 19:31 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-02-03 05:22 - 2014-01-28 19:31 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-31 09:06 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 09:05 - 2013-11-14 01:20 - 00174770 _____ () C:\WINDOWS\PFRO.log
2015-01-30 14:16 - 2014-01-28 14:33 - 00000000 ___RD () C:\Users\j1977_000\Desktop\Health & WellBeing
2015-01-29 14:21 - 2014-06-22 18:23 - 00000000 ___RD () C:\Users\j1977_000\Desktop\Guitar December 2014
2015-01-27 09:10 - 2014-02-04 20:29 - 00000000 ____D () C:\Users\j1977_000\Desktop\Info
2015-01-25 19:23 - 2014-01-29 19:00 - 00000000 ___RD () C:\Users\j1977_000\Desktop\Websites
2015-01-24 15:24 - 2014-02-08 13:19 - 00000000 ____D () C:\Users\j1977_000\Documents\Drive Green
2015-01-24 14:58 - 2013-05-14 09:47 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-16 03:13 - 2014-01-26 08:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 16:04 - 2014-07-13 07:39 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{18FB5B35-DD2B-4941-97DA-3B3CAFEEA49D}
2015-01-10 08:01 - 2014-07-13 07:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1141139573-402178876-1469993118-1007
==================== Files in the root of some directories =======
2014-01-28 13:26 - 2014-07-19 04:40 - 0000129 _____ () C:\Users\j1977_000\AppData\Roaming\WB.CFG
2014-01-27 17:35 - 2014-01-27 17:35 - 0003584 _____ () C:\Users\j1977_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 09:42 - 2014-01-28 09:42 - 0007616 _____ () C:\Users\j1977_000\AppData\Local\Resmon.ResmonCfg
2014-01-26 13:30 - 2014-01-26 13:30 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\j1977_000\AppData\Local\Temp\BaiduJP_Setup_MINI_Silent.exe
C:\Users\j1977_000\AppData\Local\Temp\cfcabfccdd.exe
C:\Users\j1977_000\AppData\Local\Temp\ExPromo.exe
C:\Users\j1977_000\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\j1977_000\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\j1977_000\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\j1977_000\AppData\Local\Temp\LMkRstPt.exe
C:\Users\j1977_000\AppData\Local\Temp\nse7AA8.exe
C:\Users\j1977_000\AppData\Local\Temp\nsgFB9C.exe
C:\Users\j1977_000\AppData\Local\Temp\nskA092.exe
C:\Users\j1977_000\AppData\Local\Temp\nssACC2.tmp.exe
C:\Users\j1977_000\AppData\Local\Temp\ShellHook.dll
C:\Users\j1977_000\AppData\Local\Temp\sp64126.exe
C:\Users\j1977_000\AppData\Local\Temp\Sqlite3.dll
C:\Users\j1977_000\AppData\Local\Temp\tmd_34014658.exe
C:\Users\j1977_000\AppData\Local\Temp\tmpFB48.exe
C:\Users\j1977_000\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\j1977_000\AppData\Local\Temp\UninstallRC-8876480.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-02 05:17
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Jerome at 2015-02-07 07:38:32
Running from C:\Users\j1977_000\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version: - )
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Extended Update (HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Smart Print 2.1 (HKLM-x32\...\{8046B41C-FB30-4614-898F-57D44D0C66EB}) (Version: 2.1.0.235 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6451.0 - IDT)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
MediaDrug (HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.7 - IObit)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WebZoom (HKLM-x32\...\webzoom) (Version: 1.1.0.29 - WebZoom)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1141139573-402178876-1469993118-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\j1977_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
21-01-2015 07:54:41 Scheduled Checkpoint
28-01-2015 07:53:07 Windows Update
05-02-2015 08:14:05 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {12F62C9B-E443-4746-B1B2-ED7FFD7B10AC} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {1C750A35-F755-4280-A2E9-F0FD2FEBCD1E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {22D68D4F-0B95-4275-A883-358DD9EB6DCC} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {23773136-5487-4AE5-BF35-36FA0EFFCFFB} - System32\Tasks\{9CFDB937-89A1-4FDC-984F-BF6BF36AEC10} => pcalua.exe -a E:\Setupx.exe -d E:\
Task: {285E7178-951B-4901-B23F-706A130EF5C7} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {2C6B1CE8-BB74-4DCC-A675-897CB81C556A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {376CB7EA-3D4B-479B-8156-DED86A10464C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {51F42602-2582-4505-B28E-4011ADF5B6CB} - System32\Tasks\HPCeeScheduleForJerome => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5B85ABCA-414C-4B70-9511-6EF6497F605A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6CCDB908-1B4A-4C73-8B42-CA60DFD79734} - System32\Tasks\UpdaterEX => C:\Users\J1977_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6E3C57C2-245B-4754-8F8F-4B3C5C249D39} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1141139573-402178876-1469993118-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {7B32F929-163F-4448-8BAD-BDAA49DA0354} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {9382FBBE-4339-43A5-AA0C-7307D2174550} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2012-09-06] (IObit)
Task: {9C2BE776-B936-4694-843F-C5632B1809F1} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {C47EE777-8EEC-4757-93A2-ABBBD9B0DB0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C9704927-0451-4F73-BE88-F3D284C53A61} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CAFECF26-9962-42A5-9344-69F2D1760091} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DE806B0A-055D-401E-9491-E91111CDDDB0} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {E115B987-9845-49D6-BAF3-BE2E1179C551} - System32\Tasks\{A61B3EDE-3E38-4C3B-B19F-0911B828B45D} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F25C1F6B-1B18-4901-B800-8C22CFED8558} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-12-25] (IObit)
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJerome.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\updaterex.job => C:\Users\J1977_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2015-02-05 05:18 - 2015-02-05 05:18 - 00247280 _____ () C:\ProgramData\webzoom\1.1.0.29\cozwdhost.exe
2015-02-05 05:19 - 2015-02-05 05:19 - 00481776 _____ () C:\ProgramData\webzoom\1.1.0.29\cozaghost.exe
2015-02-05 05:19 - 2015-02-05 05:19 - 00960512 _____ () C:\ProgramData\webzoom\1.1.0.29\webzooml64.dll
2015-02-05 05:19 - 2015-02-05 05:19 - 00073728 _____ () C:\ProgramData\webzoom\1.1.0.29\coz32host.exe
2015-02-05 05:19 - 2015-02-05 05:19 - 00106496 _____ () C:\ProgramData\webzoom\1.1.0.29\cozahost.exe
2015-02-05 05:19 - 2015-02-05 05:19 - 00081920 _____ () C:\ProgramData\webzoom\1.1.0.29\coz64host.exe
2013-10-21 11:52 - 2013-10-21 11:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 01:48 - 2014-01-20 01:48 - 02611808 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-11-25 04:25 - 2014-11-25 04:25 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-05-14 09:41 - 2012-07-18 02:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-05 05:19 - 2015-02-05 05:19 - 00346624 _____ () C:\ProgramData\webzoom\1.1.0.29\webzooml32.dll
2014-05-27 17:55 - 2011-08-19 15:33 - 00047960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
2015-02-05 05:19 - 2015-02-05 05:19 - 00479744 _____ () C:\ProgramData\webzoom\1.1.0.29\webzoomutil32.dll
2012-05-16 13:01 - 2012-05-16 13:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2014-01-04 11:20 - 2014-01-04 11:20 - 00249344 _____ () C:\Program Files (x86)\Rainlendar2\libical.dll
2014-01-20 01:48 - 2014-01-20 01:48 - 00060512 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2014-01-04 11:00 - 2014-01-04 11:00 - 00065024 _____ () C:\Program Files (x86)\Rainlendar2\libicalss.dll
2012-06-17 07:22 - 2012-06-17 07:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2013-05-14 09:47 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\j1977_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\j1977_000\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\StartupApproved\StartupFolder: => "Desktop Alert.lnk"
HKU\S-1-5-21-1141139573-402178876-1469993118-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
==================== Accounts: =============================
Administrator (S-1-5-21-1141139573-402178876-1469993118-500 - Administrator - Disabled) => C:\Users\Administrator
Emma (S-1-5-21-1141139573-402178876-1469993118-1007 - Limited - Enabled) => C:\Users\Emma
Guest (S-1-5-21-1141139573-402178876-1469993118-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1141139573-402178876-1469993118-1005 - Limited - Enabled)
Jerome (S-1-5-21-1141139573-402178876-1469993118-1001 - Administrator - Enabled) => C:\Users\j1977_000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 08:37:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x54d351c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x43636eec
Faulting process id: 0x15ac
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3
Faulting package full name: cozaghost.exe4
Faulting package-relative application ID: cozaghost.exe5
Error: (02/06/2015 08:37:52 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (02/05/2015 06:36:30 PM) (Source: MsiInstaller) (EventID: 10005) (User: OFFICE)
Description: Product: Pro PC Cleaner -- Error 2753. The File 'Uninst000.CA.dll' is not marked for installation.
Error: (02/05/2015 06:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x54d351c4
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0xbec
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3
Faulting package full name: cozaghost.exe4
Faulting package-relative application ID: cozaghost.exe5
Error: (02/05/2015 05:42:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: OFFICE)
Description: Product: Pro PC Cleaner -- Error 2753. The File 'Uninst000.CA.dll' is not marked for installation.
Error: (02/05/2015 05:41:43 PM) (Source: MsiInstaller) (EventID: 10005) (User: OFFICE)
Description: Product: Pro PC Cleaner -- Error 2753. The File 'Uninst000.CA.dll' is not marked for installation.
Error: (02/05/2015 05:06:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: MFMediaEngine.dll, version: 6.3.9600.17331, time stamp: 0x54023166
Exception code: 0xc0000005
Fault offset: 0x000754eb
Faulting process id: 0x4444
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
Error: (02/05/2015 03:55:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: OFFICE)
Description: Product: Pro PC Cleaner -- Error 2753. The File 'Uninst000.CA.dll' is not marked for installation.
Error: (02/05/2015 11:36:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: igd10iumd32.dll, version: 10.18.10.3325, time stamp: 0x52533e49
Exception code: 0xc0000005
Fault offset: 0x00093b27
Faulting process id: 0x4bfc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
Error: (02/05/2015 11:22:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.3.9600.16384, time stamp: 0x52158827
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0xe0434352
Fault offset: 0x00012f71
Faulting process id: 0x256c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
System errors:
=============
Error: (02/06/2015 08:38:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (02/05/2015 06:11:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The cozaghost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/05/2015 06:08:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozaghost service failed to start due to the following error:
%%1053
Error: (02/05/2015 06:08:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the cozaghost service to connect.
Error: (02/05/2015 06:07:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/05/2015 05:36:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozaghost service failed to start due to the following error:
%%1053
Error: (02/05/2015 05:36:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the cozaghost service to connect.
Error: (02/05/2015 03:49:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/02/2015 03:54:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (02/01/2015 05:10:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Microsoft Office Sessions:
=========================
Error: (01/15/2015 07:24:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6440 seconds with 240 seconds of active time. This session ended with a crash.
Error: (12/09/2014 10:22:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4240 seconds with 360 seconds of active time. This session ended with a crash.
Error: (11/20/2014 07:54:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7655 seconds with 780 seconds of active time. This session ended with a crash.
Error: (11/18/2014 08:14:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14483 seconds with 120 seconds of active time. This session ended with a crash.
Error: (11/14/2014 05:15:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9153 seconds with 300 seconds of active time. This session ended with a crash.
Error: (08/31/2014 06:49:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/31/2014 02:51:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 395 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/25/2014 04:37:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1224 seconds with 660 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-21 20:10:44.825
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-06-21 20:10:44.803
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-06-21 20:10:44.772
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 8076.84 MB
Available physical RAM: 4704.82 MB
Total Pagefile: 8956.84 MB
Available Pagefile: 5201.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:446.14 GB) (Free:324.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.81 GB) (Free:2.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 982DFA3D)
Partition: GPT Partition Type.
==================== End Of Log ============================