Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015 Ran by hp (2015-10-04 19:52:43) Running from C:\Users\hp\Downloads Windows 7 Professional Service Pack 1 (X64) (2015-02-26 21:42:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3276688173-742700953-812249821-500 - Administrator - Disabled) Guest (S-1-5-21-3276688173-742700953-812249821-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3276688173-742700953-812249821-1003 - Limited - Enabled) hp (S-1-5-21-3276688173-742700953-812249821-1001 - Administrator - Enabled) => C:\Users\hp ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.) Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Drive (HKLM-x32\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{89A12FD9-8FA0-4EB9-AE9A-34C7EB25C25B}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Scanjet G4050 (HKLM\...\{27E19BA1-B30F-4E97-835B-1481803F54DC}) (Version: 14.5 - HP) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) hpg4050 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation) Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation) NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation) NVIDIA Graphics Driver 326.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.80 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden Roxio Creator 2011 Special Edition (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio) Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions) Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.) SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden Smilebox (HKU\S-1-5-21-3276688173-742700953-812249821-1001\...\Smilebox) (Version: 1.0.0.29487 - Smilebox, Inc.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.) VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.14260 - WinZip International LLC) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3276688173-742700953-812249821-1001_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {099C35B2-3C66-4B81-ABF6-1AF9C7A4C77B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.) Task: {26C5FDB9-CEF3-4222-B559-69322C53AF9E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.) Task: {3943032D-FA62-4978-917C-DE290705D2B4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation) Task: {3A731639-295D-4091-A0F5-B4C615BBCACB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {45568289-4E17-4774-B5FD-5147A2CC7709} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation) Task: {4E779103-26E1-4EAE-A6E6-4A4B54BDF3BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation) Task: {515C7E13-3421-4103-84D7-5B649C4D0AF8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation) Task: {6C049AC6-C4B5-420E-80DE-764C875773A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {6E1E5809-80B2-4156-8F3A-A03A052232A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.) Task: {80AD1C91-D8AB-42DD-906A-C94229D8F8F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {84B9FDDB-968A-4A86-9A43-5D034A447D6E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation) Task: {8F91C6D1-B596-4B2C-A36B-12B8AB65C085} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard) Task: {ABA85DCB-5DCC-49BD-B685-ACD1FB7B1C94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {BF72FBF3-ECA3-4A96-8215-6AFD478ADB84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated) Task: {C5C6BDB7-498E-411E-A918-6803ED828B4C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.) Task: {C92703CC-E935-4199-941F-FFAA1B65B288} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.) Task: {D66B4CF7-51A2-496B-A4C4-08FF15CEADDF} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {DF453226-7FF7-4B17-80A4-76674C253C42} - System32\Tasks\HPCeeScheduleForhp => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {E0849E6C-E3F6-447D-980F-A127B05E8C5A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.) Task: {E96E433E-4E19-485C-865A-24FEA20E9590} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2015-03-13] (Nico Mak Computing) Task: {EF5F7971-5EC4-4FF3-817E-F357C969D3C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard) Task: {F070F320-84CF-42EA-8E4D-D371DF0E1665} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation) Task: {F3FD7D95-63DA-4D00-B329-ED7F5B8D8072} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {F81E671F-F59D-4F38-8854-A183083F8B54} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {F8CFC894-5F86-4422-BA20-715342532736} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForhp.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (Whitelisted) ============== 2013-10-14 13:23 - 2013-10-14 13:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-10-14 13:24 - 2013-10-14 13:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 13:25 - 2013-10-14 13:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 13:22 - 2013-10-14 13:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 13:22 - 2013-10-14 13:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 13:22 - 2013-10-14 13:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 13:35 - 2013-10-14 13:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 13:35 - 2013-10-14 13:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2014-05-25 18:14 - 2013-08-18 14:34 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-01 17:43 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-05-25 18:14 - 2015-09-15 00:22 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-09-14 14:03 - 2015-08-11 22:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-08-12 21:06 - 2013-08-12 21:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-12 21:06 - 2013-08-12 21:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-12 21:06 - 2013-08-12 21:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2010-07-13 21:23 - 2010-07-13 21:23 - 00084464 _____ () C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe 2010-06-30 09:10 - 2010-06-30 09:10 - 00477680 _____ () C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe 2015-10-02 15:02 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll 2015-10-02 15:02 - 2015-03-13 14:34 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll 2015-09-14 14:03 - 2015-08-11 19:57 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2015-06-04 18:32 - 2015-05-28 02:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-10-04 16:44 - 2015-10-04 16:44 - 00071168 _____ () c:\users\hp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf22fci.dll 2015-07-15 15:14 - 2015-09-23 18:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-07-15 15:14 - 2015-09-23 18:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-29 22:29 - 2015-09-23 18:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-07-15 15:14 - 2015-09-23 18:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-10-02 14:46 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll 2015-10-02 14:46 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll 2014-05-25 18:15 - 2013-08-09 07:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-10-02 14:46 - 2015-09-23 21:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3276688173-742700953-812249821-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{29E5A070-5FFE-4AFA-95D9-E0F68BD185DD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{13031E4F-6867-44A9-BE55-995A18387CEF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{5A491457-465D-4221-871E-6E98B1EB592E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{1C690B55-4014-4D26-9087-D029D816576A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{03A291B1-2C13-4B3C-8131-F605D0F26B84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C9B69A08-1F9A-4D85-AEDC-26F645DC853B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DAC1AAED-F77B-42D7-9346-6BE48C83D402}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{9A9E552C-35B0-4CA2-8B13-A73981FFC738}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A2657E8D-0149-44A4-84AA-ECCBEE748333}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{64F774C6-5C2F-467E-A66B-B24AF51052E8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{6D31D770-1978-42D7-A85F-B3D53CCD768A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{15151795-3907-4B3A-96DA-2C94D6C049DA}] => (Allow) E:\Setup.exe FirewallRules: [{41E8AE29-41F5-4F9E-8F6F-C59A2501E23D}] => (Allow) E:\Setup.exe FirewallRules: [{961DC119-4D70-4E57-AD6E-990CAD10E402}] => (Allow) E:\Setup.exe FirewallRules: [{F2F09A29-333D-4788-8FDF-2EB9882E403B}] => (Allow) E:\Setup.exe FirewallRules: [{4C7BC7DD-864D-47AE-8F86-CE212BBFCCA0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{63A5DF00-4D7C-4264-AF34-C8ACC55F3CA3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{AE9FD1ED-98F6-4966-B651-6A14F4F7FB69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{7D178C9F-FE54-4D86-B45A-CF44209EB3EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{A4E14315-E04A-4287-B4D9-FF8FC08AAEC5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{C3A670CB-4216-4448-9DE6-8D7D2BC3461F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{DF21849A-CC7C-4B2E-B33C-537F5FCCBF76}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{94620707-55EB-4A0D-8765-CCF6D7D21DAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{67696ABC-C437-4DD1-9710-B68D7C7D9FBB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{44F70082-19C3-47BA-B5B5-04C9156B50A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{27879BBF-092A-44CC-9B30-9168E410A1EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D0A6729D-13B0-47F1-9DA7-465A70D4AE7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0AB8B920-95B4-48A9-BDA9-78B73CB7A881}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CF6C5C64-EAC8-4381-88AE-B4DF43CE95AF}] => (Allow) C:\Users\hp\AppData\Local\Temp\nsh9BCD.tmp\Installer-75732662.exe FirewallRules: [{153AF15A-0346-4136-87F6-4BD1252C80E3}] => (Allow) C:\Users\hp\AppData\Local\Temp\nsh9BCD.tmp\Installer-75732662.exe FirewallRules: [{6C0A4421-B302-4246-B7D4-F60BF068F6C7}] => (Allow) C:\Users\hp\AppData\Local\Temp\nst378F.tmp\Installer-10971731.exe FirewallRules: [{D1A78DFF-D2A8-4D2E-8A7E-AD69A52792E2}] => (Allow) C:\Users\hp\AppData\Local\Temp\nst378F.tmp\Installer-10971731.exe FirewallRules: [{D36A2E89-B905-4A76-80E3-8F5C7C696A92}] => (Allow) C:\Users\hp\AppData\Local\Temp\nsc5952.tmp\Installer-75732662.exe FirewallRules: [{503409B1-1EAC-4C95-BA53-7E8D6A98A311}] => (Allow) C:\Users\hp\AppData\Local\Temp\nsc5952.tmp\Installer-75732662.exe FirewallRules: [{50B8BCA3-EEFA-4261-AAC8-0943A61C5868}] => (Allow) C:\Users\hp\AppData\Local\Temp\nstC0CB.tmp\Installer-75732662.exe FirewallRules: [{A1DCD9EC-728C-4D08-A699-DA0E9F3609B6}] => (Allow) C:\Users\hp\AppData\Local\Temp\nstC0CB.tmp\Installer-75732662.exe FirewallRules: [{66ADDEB4-0283-43E3-8433-FBC91F29AF3C}] => (Allow) C:\Users\hp\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{48CBCE0D-193E-4EF4-BA99-9C0DEE273769}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{3A3C2E72-53CD-4479-A01B-C12C3C0CA01A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{76096186-1668-4020-80DE-2E5B35513539}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{C7B0F2F7-7A43-4020-B262-665ADF8898E5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{191723E9-D320-4153-9F9F-600D7632FB5B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{AC5E4933-5342-4116-A6BA-9B59EAB56DFA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{45EB66BD-4920-485B-B147-7EE84DCE95AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B0D58555-32DE-4054-98A8-61AB6100BA5B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{5F11B919-92AD-4FEA-A7E8-0BF0BAA23625}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/04/2015 06:22:37 PM) (Source: MsiInstaller) (EventID: 11606) (User: hp-HP) Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. Error: (10/04/2015 06:22:36 PM) (Source: MsiInstaller) (EventID: 11606) (User: hp-HP) Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. Error: (10/04/2015 06:22:00 PM) (Source: MsiInstaller) (EventID: 11606) (User: hp-HP) Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. Error: (10/04/2015 04:43:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2015 11:28:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2015 11:20:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2015 02:40:25 AM) (Source: System Restore) (EventID: 8211) (User: ) Description: The scheduled restore point could not be created. Additional information: (0x8004231f). Error: (10/03/2015 02:40:25 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8004231f). Error: (10/02/2015 04:08:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2015 02:52:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/04/2015 06:57:58 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (10/04/2015 04:43:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/04/2015 04:43:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. Error: (10/04/2015 04:42:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/04/2015 04:00:48 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (10/04/2015 11:28:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/04/2015 11:28:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. Error: (10/04/2015 11:26:48 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/04/2015 11:20:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/04/2015 11:20:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Percentage of memory in use: 34% Total physical RAM: 12224.11 MB Available physical RAM: 7953.54 MB Total Virtual: 23402.43 MB Available Virtual: 19122.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1375.17 GB) (Free:2.75 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:21.8 GB) (Free:2.34 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.06 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 9DCBDB56) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1375.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.8 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of Addition.txt ============================