Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-11-2015 Ran by Owner (2015-11-16 15:19:19) Running from C:\Users\Owner\Desktop Windows 8.1 (X64) (2013-12-03 19:14:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2068536090-2483931195-1033279513-500 - Administrator - Disabled) fpopp_000 (S-1-5-21-2068536090-2483931195-1033279513-1007 - Limited - Enabled) => C:\Users\fpopp_000 Guest (S-1-5-21-2068536090-2483931195-1033279513-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2068536090-2483931195-1033279513-1009 - Limited - Enabled) Karson Yount (S-1-5-21-2068536090-2483931195-1033279513-1004 - Limited - Enabled) => C:\Users\Karson Yount Owner (S-1-5-21-2068536090-2483931195-1033279513-1001 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden Amazon Music (HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) bjnplugin (HKLM-x32\...\{57C78206-EA6C-4505-BC06-AFB1554D2D4D}) (Version: 2.6.255.8 - Blue Jeans) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix) Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6104 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deal or No Deal (HKLM-x32\...\{CEA0BA90-DED4-169F-BA18-D9F57E43E6AD}) (Version: 1.0.1 - Global Star) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden EZ Chart (HKLM-x32\...\EZ Chart) (Version: Excel 2000-2010 - KnowWare International Inc) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.5.5 - Telerik) Fitbit Connect (HKLM-x32\...\{252787DA-515C-44B6-896F-CB644D518EA1}) (Version: 2.0.0.6598 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden GoToMeeting 7.5.1.3911 (HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\GoToMeeting) (Version: 7.5.1.3911 - CitrixOnline) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd) HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard) HP My Display TouchSmart Edition (HKLM-x32\...\{68973009-FAE6-48B6-A75B-902D54D8B39A}) (Version: 2.03.016 - Portrait Displays, Inc.) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HSR Toolkit (HKLM-x32\...\HSR Toolkit) (Version: - NIST) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company) Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION LogMeIn Rescue Technician Console (HKLM-x32\...\{0ADF74CA-0A4E-49F1-B157-7177AB3130EF}) (Version: 7.4.2170 - LogMeIn, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.) Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4415 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Meeting 2007 (HKLM-x32\...\{AFADA6D3-EBC0-406E-B3ED-079B7A831467}) (Version: 8.0.6362.229 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation) Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden Open Workbench (HKLM-x32\...\{AED0B5AC-0771-4600-9777-9C4C910EBE09}) (Version: 1.1.3 - Niku) P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis) Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team) Photo Slideshow Creator 4.31 (HKLM-x32\...\{2CEF6CD7-0093-4EA1-8EA5-12E843E980BF}_is1) (Version: - AMS Software) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.42 - NCH Software) PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.34 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.73 - NCH Software) PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.) QuickBooks (x32 Version: 25.0.4005.2506 - Intuit Inc.) Hidden QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4005.2506 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Ralink Bluetooth Stack64 (HKLM\...\{66C75C3D-11A0-E560-B1EC-0AC14B6012E3}) (Version: 9.0.730.1 - Ralink Corporation) Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek) rbjnplugin (HKLM-x32\...\{AF0C6873-2615-4F92-AAB6-939C25B771F0}) (Version: 2.7.232.8 - Blue Jeans) RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28137 - Realtek Semiconductor Corp.) RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.0.6122 - CyberLink Corp.) Hidden Rosetta Stone audio optimizer (HKLM-x32\...\com.rosettastone.RosettaStoneAudioOptimizer) (Version: 1.0.5 - Rosetta Stone, Ltd) Rosetta Stone audio optimizer (x32 Version: 1.0.5 - Rosetta Stone, Ltd) Hidden Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) ScrewDrivers Client v4 (HKLM-x32\...\{F71D752F-B892-4AC7-BE76-D83506E1D8DC}) (Version: 4.7.02 - triCerat, Inc.) SDK (x32 Version: 2.35.013 - Portrait Displays, Inc.) Hidden ShopAtHome.com BrowserAppCore Service Chrome (HKLM-x32\...\ShopAtHome.com BrowserAppCore Service Chrome) (Version: - ShopAtHome.com) <==== ATTENTION ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.2.0.12 - ShopAtHome.com) <==== ATTENTION ShopAtHome.com Toolbar (HKLM-x32\...\ShopAtHome.com Toolbar) (Version: 7.2.0.12 - ShopAtHome.com) <==== ATTENTION Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) Sony PC Companion 2.10.289 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony) Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 1.3.26) (Version: 1.3.26 - Sparkol) Sparkol VideoScribe (x32 Version: 1.3.26 - Sparkol) Hidden Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden The QI Macros for Excel (HKLM-x32\...\The QI Macros for Excel) (Version: 2014.11 - KnowWare International Inc) The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdaterEX (HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\UpdaterEX) (Version: - UpdaterEX) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.) VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.) Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.29 - NCH Software) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2068536090-2483931195-1033279513-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Restore Points ========================= 16-11-2015 13:07:06 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2015-11-12 13:37 - 00000858 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {21BDB64A-782E-4274-BB9A-49B69395AB99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {2E8844D9-B52A-4008-817F-34E0E06A7DB1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {36FBC2E5-7A22-40E8-9236-1D120753D26B} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {3914D8F0-7840-464A-8C56-7CA25E22E4F4} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] () Task: {3B381C1E-DF49-4182-AABF-8334F98B395C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2068536090-2483931195-1033279513-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {44326FF4-EDA9-4830-86E0-BF8E235DD729} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation) Task: {449F67C1-B546-473D-BE79-AC559703F817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3AI1T0D7 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard) Task: {471FDF8E-BD82-4F52-A02C-95C59F2E6918} - System32\Tasks\{F4D727C8-4A3F-4951-BE02-76400A7FE532} => pcalua.exe -a C:\Users\Owner\Desktop\FirmwareFlashLauncher.exe -d C:\Users\Owner\Desktop Task: {476294E7-0D98-40B2-80CF-235241172055} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.) Task: {4C2127F3-6B04-42A6-925F-29BF666FCA74} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {5715949B-2F0D-4EEE-8613-4B947EE75A06} - System32\Tasks\HP AR Program Upload - 2e84517fc55d44aba42c8133641056cc12c9f515e4544dc79f43bb1eecddb305 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {599C057E-0897-4552-B52F-CB99E4495B52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5C7E3FEF-0D86-408D-BDB3-F8A79BD6F94E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-12-26] (CyberLink) Task: {6545B2E8-4537-4A27-9B50-964F5A40F005} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation) Task: {65E7FB46-B7D1-424F-89FB-6146118621B4} - System32\Tasks\HP AR Program Upload - 14dc47447e0548a887908bfdba51c86ce8e47e829ad6448d95d3bc3a2001d9a6 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {6605BE30-72A7-49BE-B325-4A0CFFD859F7} - System32\Tasks\{A2424BEA-5269-4F16-896C-737ECF4EE753} => pcalua.exe -a C:\Users\Owner\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Owner\Downloads Task: {682A51EC-C495-4D8D-841C-C57075E45A48} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {6A38B463-EED7-4E67-BB51-F7CA09DDB8FC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-24] (Facebook Inc.) Task: {6BD996D5-F1C5-4481-A434-C83D1938F628} - System32\Tasks\HP AR Program Upload - 63a3338208634ae0af5d890581b3885923869bbf2df84433ac8fc741febd352e => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {755E4110-04F1-4AB6-B3EB-2F6F47518100} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {86964F87-A5F8-4F36-AEE1-2F28C760FCDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {893D5ADA-71AF-40B0-93ED-2828742592AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard) Task: {8E220C72-1846-4A8A-9532-D3296AB96AD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation) Task: {95BB1358-C1B0-45AB-83AE-3461526E7163} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink) Task: {96E95DED-5D37-4847-8402-97ACC18D8563} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {9FD37494-F779-41DC-98EB-328FE1CB7ED6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {A5518555-D9BD-4248-915C-563625F57C98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-24] (Facebook Inc.) Task: {AEAE5764-8101-4AFE-A077-BDFFA90D5602} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {B0879AA0-7ED3-4E4B-86D2-2F177429D9DE} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-07-27] () Task: {BDE1C5A0-AAD1-4215-AA30-1CC7985B6B49} - System32\Tasks\HP AR Program Upload - 0b069c54048945129133387402f27f4c1a2fe258694a45e98f0e19566bd57880 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {C4E10DC1-BD4C-4A73-93AC-7952FB98DAD8} - System32\Tasks\HP AR Program Upload - 5669acc025224448806c749e062c8d9ad6987bc7b16c48178b74b00f35d64590 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {C9C7705C-5DFA-45BF-96ED-9CBB8874B952} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {CD287933-05EC-48C5-8959-444CF4AEE2F4} - System32\Tasks\G2MUploadTask-S-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\3911\g2mupload.exe [2015-11-12] (Citrix Online, a division of Citrix Systems, Inc.) Task: {D175F0D1-F3B7-4EE9-8A3C-A9FD3FC1A996} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.) Task: {D1C50541-57FD-4F18-9F9A-A1A50A768670} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated) Task: {D7F8B0B9-2521-4494-91F6-E883401BC8C9} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-09-15] (Microsoft Corporation) Task: {D8BF0415-274B-4F94-9C84-C33B407C3B7F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {DA6BDAF1-A277-4CCB-A43A-C6C1BD1822EA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation) Task: {DBE31596-776D-4202-9515-7228774D3EA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {DE517DDF-BA7A-41FE-B0DC-874C74762BE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard) Task: {E1713C59-B4C0-47EF-8320-174617220936} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1004Core => C:\Users\Karson Yount\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-26] (Google Inc.) Task: {E23E6F76-AE15-4BF3-A285-ADF87E94ACFF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\3911\g2mupdate.exe [2015-11-12] (Citrix Online, a division of Citrix Systems, Inc.) Task: {E71699B7-70DD-4E0E-8FCD-8FFC10803725} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1004UA => C:\Users\Karson Yount\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-26] (Google Inc.) Task: {EA0EF4F3-4D08-4331-945D-76FA79E9CA5A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2068536090-2483931195-1033279513-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {FABDBBFD-DFE6-4175-BBDD-43329D716767} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2068536090-2483931195-1033279513-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.) Task: {FD70B6A1-1224-4967-9654-D72C0CB53B10} - System32\Tasks\Digital Sites => C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {FF975B42-A1DD-41A7-B3B3-6705AAF46397} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2068536090-2483931195-1033279513-1001.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\3911\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2068536090-2483931195-1033279513-1001.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\3911\g2mupload.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1004Core.job => C:\Users\Karson Yount\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2068536090-2483931195-1033279513-1004UA.job => C:\Users\Karson Yount\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2013-10-10 16:55 - 2012-10-04 18:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll 2014-03-22 15:06 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-07-27 20:28 - 2015-07-27 20:28 - 00032880 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2012-11-06 17:11 - 2012-11-06 17:11 - 00017160 _____ () C:\windows\system32\BsHelpCSps.dll 2014-08-29 05:59 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-11-06 17:11 - 2012-11-06 17:11 - 00369928 _____ () C:\windows\system32\BsExtendFunc.dll 2012-11-06 17:11 - 2012-11-06 17:11 - 00029960 _____ () C:\windows\system32\BsTrace.dll 2012-11-06 17:11 - 2012-11-06 17:11 - 00062216 _____ () C:\windows\system32\BlueSoleilCSps.dll 2013-10-08 06:12 - 2013-10-08 06:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-08-04 06:47 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2014-11-30 20:54 - 2014-12-08 01:27 - 06277952 _____ () C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe 2015-07-27 18:40 - 2015-07-27 18:40 - 00614464 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-06 17:11 - 2012-11-06 17:11 - 00029960 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll 2012-10-23 19:25 - 2012-10-23 19:25 - 00335176 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll 2011-07-05 12:53 - 2011-07-05 12:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll 2012-11-06 17:11 - 2012-11-06 17:11 - 00017160 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll 2012-11-06 17:11 - 2012-11-06 17:11 - 00062216 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll 2015-07-27 20:28 - 2015-07-27 20:28 - 00037512 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll 2015-07-27 20:28 - 2015-07-27 20:28 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll 2015-07-27 20:28 - 2015-07-27 20:28 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll 2013-05-28 10:07 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-06-20 18:19 - 2014-11-16 06:25 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-10-24 17:14 - 2015-05-08 05:50 - 01754296 _____ () C:\Program Files\Microsoft Office 15\root\office15\tmpod.dll 2013-11-17 13:38 - 2013-11-17 13:38 - 00022696 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll 2014-08-04 06:47 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2014-08-04 06:47 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll 2014-08-04 06:47 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll 2014-08-04 06:47 - 2015-04-21 12:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll 2013-05-28 10:16 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-12-11 16:40 - 2014-12-11 16:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll 2015-09-08 16:26 - 2015-09-08 16:26 - 00089152 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll 2015-11-16 15:14 - 2015-11-16 15:14 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32api.pyd 2015-11-16 15:13 - 2015-11-16 15:13 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\pywintypes27.dll 2015-11-16 15:14 - 2015-11-16 15:14 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\pythoncom27.dll 2015-11-16 15:14 - 2015-11-16 15:14 - 00046080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_socket.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 01208320 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_ssl.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32com.shell.shell.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00776704 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_hashlib.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 01176576 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._core_.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00806400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._gdi_.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00816128 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._windows_.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 01067008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._controls_.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00733184 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._misc_.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00682496 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\pysqlite2._sqlite.pyd 2015-11-16 15:13 - 2015-11-16 15:13 - 00088064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_ctypes.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32file.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32security.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00007168 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\hashobjs_ext.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00070144 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\usb_ext.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00167936 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32gui.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32event.pyd 2015-11-16 15:13 - 2015-11-16 15:14 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_elementtree.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\pyexpat.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00013824 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\common.time34.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00036864 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_psutil_windows.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32inet.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32crypt.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00077312 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._html2.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00027136 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_multiprocessing.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00020480 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\_yappi.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32process.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\unicodedata.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00123392 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._wizard.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32pipe.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\select.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32pdh.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\windows._lib_cacheinvalidation.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32profile.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\win32ts.pyd 2015-11-16 15:14 - 2015-11-16 15:14 - 00078848 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI56682\wx._animate.pyd 2012-11-06 17:11 - 2012-11-06 17:11 - 00080648 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll 2012-11-06 17:11 - 2012-11-06 17:11 - 00369928 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll 2015-07-27 18:35 - 2015-07-27 18:35 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll 2013-05-28 10:16 - 2012-11-01 09:29 - 00807440 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll 2014-06-20 18:21 - 2014-11-16 06:27 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-06-20 18:19 - 2014-11-16 06:25 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp_svinoya_norway_sunset.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk" HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk" HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk" HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor" HKLM\...\StartupApproved\Run32: => "Conime" HKLM\...\StartupApproved\Run32: => "mobilegeni daemon" HKLM\...\StartupApproved\Run32: => "EKStatusMonitor" HKLM\...\StartupApproved\Run32: => "BrowserAppCoreService" HKLM\...\StartupApproved\Run32: => "Fitbit Connect" HKLM\...\StartupApproved\Run32: => "ScrewDrivers RDP Plugin" HKLM\...\StartupApproved\Run32: => "Intuit SyncManager" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater" HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher" HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\StartupApproved\Run: => "Facebook Update" HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\StartupApproved\Run: => "DW7" HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\StartupApproved\Run: => "ApplePhotoStreams" HKU\S-1-5-21-2068536090-2483931195-1033279513-1001\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2F7E011E-F760-445E-85C9-F3F66A45149D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [UDP Query User{E8352C6F-AE2B-4563-B788-2965C4B2D523}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{9F9948AE-8E8E-4852-9CC8-695A220482CC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{3BE0456B-9705-45CC-A63A-FDD676BC73F8}] => (Allow) LPort=5353 FirewallRules: [{ACE71153-4ECF-4423-8596-2A0B8DFC5ED5}] => (Allow) LPort=9322 FirewallRules: [{A2C5970C-EA76-49C8-A52C-C619A3BBD762}] => (Allow) LPort=5353 FirewallRules: [UDP Query User{CCE0A9B5-3BD1-426A-B66F-777DEF15C68A}C:\users\owner\appdata\local\microsoft lync attendee\attendeecommunicator.exe] => (Allow) C:\users\owner\appdata\local\microsoft lync attendee\attendeecommunicator.exe FirewallRules: [TCP Query User{3FB6834B-6A32-4311-B4FA-851E0FD13233}C:\users\owner\appdata\local\microsoft lync attendee\attendeecommunicator.exe] => (Allow) C:\users\owner\appdata\local\microsoft lync attendee\attendeecommunicator.exe FirewallRules: [{F4E96013-3DB2-480F-989E-29B481C176D7}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{195AE19E-D9BB-44A6-AE05-BB67A70BE9F1}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe FirewallRules: [{2A29C751-999A-49E0-A05B-398F5139A045}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe FirewallRules: [{32D028A0-971C-4FC1-8B35-98B755A6F644}] => (Allow) LPort=1900 FirewallRules: [{B9C59EFB-F769-490D-84A6-30CF87256569}] => (Allow) LPort=2869 FirewallRules: [{BAAFDB97-9EAE-4D21-BFF0-D04A91ABED65}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{B2072703-A55A-44AC-A45D-429DD1C0AF37}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{B351B904-B902-4B44-A793-B812BC5C2995}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{4CFD2213-82B5-4DED-B198-326423E7177E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{19C63554-8558-4EF2-9CC5-78302D773A68}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{494A105E-42E0-4348-846F-02CFB87E656D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0F9F2329-0F58-4BCF-80E5-D663D3127B97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ABF82C56-807A-45E8-B774-56A69CDD7ED3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DA496ADE-C285-4989-BEDF-485208501D74}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{D3AF2F02-96F9-42C1-9EAA-67E26CAE299F}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{29D66173-779A-4883-A05B-8BE7CF31A15A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{9A33E97F-E8AE-48A4-B8FC-0F5DE8ACF14E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{61124984-532D-4BFA-BBE6-988DE001DFB0}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{B7CDB0C7-8E41-4E87-B11D-7C6DD5DCD2D1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [TCP Query User{60116EEC-B2D6-4DC2-A36B-B12DCF2EE9CC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{37451AD8-2603-47E5-AF47-7B8BCB91E7B5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{BDEBE00E-6852-49CC-B770-A6464329CB84}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{C1AAB344-19E2-4FD4-984A-56FBBE957F4B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{0202BDBD-AB4F-4DE0-B72E-AF709E92FA7E}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [UDP Query User{2D22AC87-742A-4FB8-AF0A-B0C5B9F3A865}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [TCP Query User{3E369D85-4078-4D11-842B-199E47B29915}C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe] => (Allow) C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe FirewallRules: [UDP Query User{C3558FCC-AF59-46F7-AFBA-6E6EA44D8EA3}C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe] => (Allow) C:\program files (x86)\logmein rescue technician console\logmeinrescuetechnicianconsole_x64\lmirtechconsole.exe FirewallRules: [{A24BDD41-C9C9-4257-8682-637120120A0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D87058E7-D977-457B-82FE-37E6A1B2D89B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E25951DD-2FD1-4313-B544-FE3395DCA6AA}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{9D059F5F-3C2B-4D7F-9AE8-42D870B7D8A1}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{4F937586-40B4-4AE3-91CF-F96263366498}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{E2022961-B257-4C26-8E45-D2875962AA8B}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{33CC3E0C-1CCB-4FC2-B664-1CE8BDDF977C}] => (Allow) C:\Users\Owner\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{7A50661D-866D-4C6A-A90E-F34F77B59824}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [TCP Query User{E4A717D4-A290-4FD0-A1AB-C5CFC7BECEAB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{72CC2BD6-264C-44F9-B017-3F7F6D13E3CE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1BD78AEB-178B-412C-B6BB-CED859AA6A87}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{7644997F-8CCD-4630-8295-F94AF4C0CAC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{E2DDBE2A-3DE0-4925-B307-272160B8D1F6}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS0DFE\HPDiagnosticCoreUI.exe FirewallRules: [{7EC6755D-BC84-4531-9B41-44EDA77118CC}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS0DFE\HPDiagnosticCoreUI.exe FirewallRules: [{9150D910-C8FF-45EB-AE76-5EBB1FBD5C10}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{0C185727-31DA-434F-8FE2-4289FE00C199}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7CAA\HPDiagnosticCoreUI.exe FirewallRules: [{143CA6A6-2399-4E84-952F-E45D6C6C8984}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7CAA\HPDiagnosticCoreUI.exe FirewallRules: [{AF244A5C-FB48-4199-A451-1D9843F8D85E}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7D13\HPDiagnosticCoreUI.exe FirewallRules: [{35308DBC-D601-4327-923B-1EAC21F69BD9}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS7D13\HPDiagnosticCoreUI.exe FirewallRules: [{C93007D5-3749-424C-AC0C-C17341DE73F5}] => (Allow) LPort=9322 FirewallRules: [{95DE4F63-6E28-4461-8B7C-278B37ECD972}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe FirewallRules: [{F58B2FD1-19AF-40A9-B368-73071079F975}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe FirewallRules: [{B82812FE-37E7-476A-A576-DB019B3DFB1E}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe FirewallRules: [{601510F3-1DDA-41EF-9C76-EB4601E7FC53}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe FirewallRules: [{22B421C2-22AC-47D0-9B21-D529F7D6AF74}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe FirewallRules: [{3A7E7375-A88E-43BA-A240-263CEB3755B7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe FirewallRules: [{671A324A-B737-4E30-A4C2-2BED106724F6}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe FirewallRules: [{A3EBC679-A2E6-452E-9231-79DCC730E5CD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe FirewallRules: [{06516CFD-5901-4031-8656-789F310C2480}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe FirewallRules: [{FE7E0CF0-436D-4FDE-A51C-A80F250EDFE2}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe FirewallRules: [{E90F3F1F-3D10-4292-90F2-BE78E2C45BA4}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS4302\HPDiagnosticCoreUI.exe FirewallRules: [{0D54564E-42DC-4A06-B10F-968138C616C7}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS4302\HPDiagnosticCoreUI.exe FirewallRules: [{8EB10280-4C61-4ADB-B45F-F8A0101610DF}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe FirewallRules: [{97708408-C60F-4B6D-AB5A-4160FC730C2A}] => (Allow) LPort=5357 FirewallRules: [{A450C437-D6D9-4124-8E3A-E9758E91602C}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{7F727EA3-F721-451A-8FAF-B4DC8FBFAE3F}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS4802\HPDiagnosticCoreUI.exe FirewallRules: [{4E341645-55BB-493E-8A2C-674E319117A8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS4802\HPDiagnosticCoreUI.exe FirewallRules: [{323561D5-9F42-434D-A78E-C33FCB2E0645}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe FirewallRules: [{5542BD04-46DC-4385-9C96-F0DFA96AFB9F}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe FirewallRules: [{D803AD90-92DC-4D83-8B9B-8ADF7C86528C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{ABC10B6C-2B1B-4CE0-8864-9968ECA8DC8F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{D019ABBC-3A8A-4E6A-A456-405112446173}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [TCP Query User{7A5FC38D-8C0A-468C-AD0D-F0B1C8A75A2F}C:\program files\microsoft office 15\root\office15\lync.exe] => (Allow) C:\program files\microsoft office 15\root\office15\lync.exe FirewallRules: [UDP Query User{F8E5F2FC-A1D1-4B65-A2F8-C1CA4E8992C9}C:\program files\microsoft office 15\root\office15\lync.exe] => (Allow) C:\program files\microsoft office 15\root\office15\lync.exe FirewallRules: [{B144AA4F-0446-435F-9058-F896AA68C715}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{F7A78E35-078E-4A54-AA4D-4FE973142A96}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{98CCE0C6-54DF-400B-99C6-9B962C9AE1F1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{3CE3DF29-E163-46A0-9F06-F4B3EF804ADF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [TCP Query User{E96C1EEB-3C81-4620-AB78-7ABC44B0A4AE}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [UDP Query User{D4DBE123-5EAC-4279-9BE2-C234A2C0B63A}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [{331172C1-4808-46E8-9D0E-6A89FA2085BC}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{32B0BD6A-E9CD-42BC-8093-04DF79A3C661}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{1E7C8A9C-3735-4585-8440-8E766F194B30}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/16/2015 03:18:56 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5d8 Start Time: 01d120ab4645bca3 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 3c209dfc-8c9f-11e5-bf2b-1c3e84b62fce Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (11/16/2015 03:11:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 10 124.1.168.192.in-addr.arpa. PTR pc.local. Error: (11/16/2015 03:11:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.124:5353 12 124.1.168.192.in-addr.arpa. PTR pc-2.local. Error: (11/16/2015 03:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 10 124.1.168.192.in-addr.arpa. PTR pc.local. Error: (11/16/2015 03:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.124:5353 12 124.1.168.192.in-addr.arpa. PTR pc-2.local. Error: (11/16/2015 03:03:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/16/2015 03:03:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC) Description: Activation of app Microsoft.LyncMX_8wekyb3d8bbwe!Microsoft.LyncMX failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/16/2015 03:03:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/16/2015 03:03:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/16/2015 02:19:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 16.11.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 148c Start Time: 01d120a363aeff56 Termination Time: 4294967295 Application Path: C:\Users\Owner\Desktop\FRST64.exe Report Id: e649a4a8-8c96-11e5-bf29-1c3e84b62fce Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (11/16/2015 03:10:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Server service terminated with the following error: %%1115 Error: (11/16/2015 03:10:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Computer Browser service terminated with the following error: %%1115 Error: (11/16/2015 03:08:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Modules Installer service terminated with the following error: %%3 Error: (11/16/2015 03:03:20 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (11/16/2015 03:03:20 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (11/16/2015 03:03:16 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (11/16/2015 03:03:16 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (11/16/2015 03:03:13 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: Microsoft.LyncMX.AppXn4jb767ryqs4qfwd4c3qbajfew39nmhp.mca Error: (11/16/2015 03:03:12 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (11/16/2015 03:03:12 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca CodeIntegrity: =================================== Date: 2015-11-16 15:19:08.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 15:19:08.132 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 14:27:37.898 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 14:27:37.648 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 14:19:54.315 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 14:19:54.049 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 12:47:14.893 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 11:54:07.293 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-16 11:19:34.673 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-16 11:19:34.438 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3330S CPU @ 2.70GHz Percentage of memory in use: 26% Total physical RAM: 8058.35 MB Available physical RAM: 5922.58 MB Total Virtual: 8458.35 MB Available Virtual: 6243.43 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1841.82 GB) (Free:1671.46 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery Image) (Fixed) (Total:18.38 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (DealNoDeal) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS Drive h: (NIKON D3100) (Removable) (Total:15.02 GB) (Free:6.01 GB) FAT32 Drive i: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:657.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: C6E74EA9) Partition: GPT. ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B1A1185C) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================