Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by natco_000 (2015-12-12 18:15:21)
Running from C:\Users\natco_000\Desktop
Windows 8.1 (X64) (2015-05-19 17:01:28)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2357461914-1037170958-1439947839-500 - Administrator - Disabled)
Guest (S-1-5-21-2357461914-1037170958-1439947839-501 - Limited - Disabled)
natco_000 (S-1-5-21-2357461914-1037170958-1439947839-1002 - Administrator - Enabled) => C:\Users\natco_000
QBDataServiceUser25 (S-1-5-21-2357461914-1037170958-1439947839-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser25

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{4049853E-9328-B198-1563-F1DCF89C5734}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW(R) Home & Student Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.3.5715 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3220 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2.3220 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4502 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Free FreeCell Solitaire 2015 v3.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version:  - TreeCardGames)
Golden Path (HKLM-x32\...\Golden Path_is1) (Version: 1.0 - Media Contact LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{6AAEDF97-4B93-4169-8FCA-FCB0378CED52}) (Version: 1.1.0.0 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.5.15 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
QB2Excel (HKLM-x32\...\{1E2FC0B9-8908-4A18-B681-C0528B99FCA6}) (Version: 5.0.0 - InformationActive)
QuickBooks (x32 Version: 25.0.4007.2506 - Intuit Canada ULC) Hidden
QuickBooks Premier: Mfg and Whsle Edition 2015 (HKLM-x32\...\{846F435B-6F13-47EF-AF92-0C15C4A24405}) (Version: 25.0.4004.2506 - Intuit Canada ULC)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.22 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7344 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.37 - REALTEK Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.13 - Synaptics Incorporated)
TpmsToolObdUpdater (HKLM-x32\...\InstallShield_{0A7B7D64-1222-49A4-B938-6ED5A532077A}) (Version: 1.00.0000 - 31)
TpmsToolObdUpdater (x32 Version: 1.00.0000 - 31) Hidden
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-11-2015 18:31:34 Scheduled Checkpoint
28-11-2015 10:31:49 Scheduled Checkpoint
30-11-2015 11:32:59 Installed HP Support Solutions Framework
08-12-2015 10:42:33 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C1AB32-36AF-4367-AC10-1BD7AE91234A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {0711F9E5-6C05-4F0C-A3EF-27F30A2EF8C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {08A46ABB-C6CA-4C92-9A38-76F544C4C7B3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {0F79212D-3CD8-4554-BE86-17913372A8FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {18629024-153D-455B-B424-7A56506DE39D} - System32\Tasks\HPCeeScheduleFornatco_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {22D637C7-3EFF-4141-B68F-7D47364D3C8C} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {283527FD-4FB0-409B-AAF1-1C488F3FC2F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {2894BB1C-E3BB-4FF6-88EC-0FECE9F27918} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {2DACC1F5-DF22-4403-A4AB-6A27194E9196} - \GameZooks Ver -> No File <==== ATTENTION
Task: {2E3D9461-9A98-4A14-8E3D-B1F33CD6174A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {3F3B9F02-0B7F-4114-B4A5-E0225E79840C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {4E30A1B0-8FE4-4049-B6F4-974E53784DBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {50CDFF27-0488-4D57-A245-8D4D4DC1FC12} - \Cassiopesa rori -> No File <==== ATTENTION
Task: {53957D8C-0856-48EA-A86C-180D3077EC4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {6C69C10D-DB39-45F2-8308-E008BB3CBA19} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {74ECAE44-1CEF-4A80-8006-D9577488B07D} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {7F0D4B07-0B84-43A0-BF5F-F9E50E97B6F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {9FCC8045-C22B-4FE6-821A-288D9506EA40} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-01] (CyberLink Corp.)
Task: {A0979124-53A7-4920-A741-D69D7D8CB1EF} - \Component System\Component -> No File <==== ATTENTION
Task: {CF718104-2FF0-405B-8A7B-1AA635E66AE8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {E01C6E24-1D99-484B-866E-A42536A855B5} - \GeniusBox -> No File <==== ATTENTION
Task: {E10977DA-F4B7-4672-8F84-88BFDD03D8C8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {E2FEB3BA-88A2-4BE2-A5E7-60344281E82B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2357461914-1037170958-1439947839-1002 => C:\Users\natco_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-11] (Microsoft Corporation)
Task: {EE403D0D-9C10-464E-B863-3E0CE3054230} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFornatco_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-22 11:00 - 2015-11-01 04:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "HPUsageTrackingLEDM"
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2357461914-1037170958-1439947839-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EA8A3D7F-D6AA-478E-9962-2A484BA0B3DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AEA519D-B55D-47BA-9CE1-E3465883B203}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C4CE30B-647B-4996-A5CB-DBAE964452B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D84904F2-AFFF-4A70-9B81-784133B025E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{139C4D0F-B973-4849-9341-4884A9A0A45F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FAF5D5B0-893C-4DA8-AE8E-7E5F26D04CF9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{516BA319-F04A-46E1-8408-F1FB9EACCF55}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E4596FE7-AE06-4F0E-B7DE-90F62471A332}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{63A95857-BBD3-4EC0-9B49-99EC61B18B35}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1B85587C-5BCC-403A-A235-30FAA6DF814E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{66026778-8470-4916-8EA7-2A75AC1F7911}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{AB58FA95-A2D5-4B0F-8301-6DC8C119ECA7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe
FirewallRules: [{0B115080-C2F1-4471-8CD1-65ED7A66A2E0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe
FirewallRules: [{F220B61B-8046-440C-A1AD-9577A9B42747}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe
FirewallRules: [{EE898807-7BB8-4C98-B584-7A768DE19B2C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe
FirewallRules: [{85288E01-8C53-42E6-88A7-2847C3CB0307}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe
FirewallRules: [{417D5E62-F2D3-4D54-B532-2DAAB5859399}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe
FirewallRules: [{9D05CE66-57B0-42CD-A586-B0E2C07A050A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe
FirewallRules: [{BB0CF856-5604-4739-A587-517DD543B502}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe
FirewallRules: [{D7691471-D727-49F2-B9E4-9B365AD0470D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{6E06AAB9-909D-4B41-B7B8-914899D591A7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{3442FE21-503E-4317-95C3-2DB1C060BCF9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{FDD1749A-EC7E-42D5-8517-67A82DE25C8A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{5AB69CF8-F76E-4246-8292-31E5223FF4A8}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{74C5D044-2B64-4625-8236-7113F9F4AB4B}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{579F135B-EB04-46DB-8D55-E4AB1246C067}] => (Allow) LPort=9100
FirewallRules: [{CB5463B4-50B6-4816-A39F-10396C7F4472}] => (Allow) LPort=427
FirewallRules: [{3D50E59A-E374-4119-B5CA-D8A56C73594A}] => (Allow) LPort=161
FirewallRules: [{B1F47688-EA46-4997-A679-FF363C1F0CE0}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{7EF24140-CB24-437E-AE4F-C4F277402469}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{401F9B97-90EE-4C21-97D3-B7F39AE26708}] => (Allow) LPort=9100
FirewallRules: [{88B1E8AD-2B96-4EAC-BEB6-0967221D14C7}] => (Allow) LPort=427
FirewallRules: [{AEE56EA6-926E-4F50-80FA-64616BDEAAB0}] => (Allow) LPort=161
FirewallRules: [{036B0B4A-FF7D-4035-9B69-EE2195964911}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{187E9EAE-30AE-4C41-BB4D-FEF24EE66F5F}] => (Allow) C:\Users\natco_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4EEAE5F3-A679-40AA-92F7-D10ECD8BAF88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2015 06:07:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/12/2015 11:28:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STUART)
Description: Activation of app Microsoft.WindowsCalculator_8wekyb3d8bbwe!App failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:24:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STUART)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:24:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STUART)
Description: Activation of app FileManager_cw5n1h2txyewy!Microsoft.Windows.FileManager failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2015 12:03:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000142
Fault offset: 0x00000000000ec540
Faulting process id: 0x790
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (12/11/2015 12:03:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/10/2015 10:45:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CorelDrw.exe, version: 15.2.0.686, time stamp: 0x4d9be3e1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000001d
Fault offset: 0x00610077
Faulting process id: 0x%9
Faulting application start time: 0xCorelDrw.exe0
Faulting application path: CorelDrw.exe1
Faulting module path: CorelDrw.exe2
Report Id: CorelDrw.exe3
Faulting package full name: CorelDrw.exe4
Faulting package-relative application ID: CorelDrw.exe5

Error: (12/10/2015 10:33:38 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition":Error creating connection 2 in DBConnPool::GetConnection().

Error: (12/10/2015 10:33:38 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition":CON=QBConn\192.168.100.104\25\0\4\7\285-248\1170-0650-8488-082\5\0\0\55363\192.168.100.103;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Natco Manufacturers and Distributors Ltd..QBW;CommLinks="tcpip(IP=192.168.100.103;DOBROADCAST=NONE;port=55363)";ServerName=QB_SERVER_25;DBN=dd59b054f3d94b71b8af25d33a990185;CharSet=none

Error: (12/10/2015 10:33:38 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition":Connection Error:Database server not found


System errors:
=============
Error: (12/12/2015 06:15:22 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 06:15:22 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 06:15:15 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 06:15:15 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 06:14:02 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 06:14:02 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2015 06:13:46 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 06:13:37 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 06:13:31 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2015 06:13:24 PM) (Source: DCOM) (EventID: 10005) (User: STUART)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


==================== Memory info =========================== 

Processor: AMD A10-4655M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 16%
Total physical RAM: 7364.7 MB
Available physical RAM: 6159.82 MB
Total Virtual: 8516.7 MB
Available Virtual: 7396.21 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:906.1 GB) (Free:853.7 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.39 GB) (Free:2.73 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5404D12C)

Partition: GPT.

==================== End of Addition.txt ============================