[southernbelle1]

Here are my scans

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015

Ran by Lisa Manis (administrator) on LISAMANIS-PC (19-01-2016 12:30:11)

Running from C:\Users\Lisa Manis\Downloads

Loaded Profiles: Lisa Manis (Available Profiles: Lisa Manis)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Lisa Manis\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP564238410\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-311360127-3291622852-1042216310-1000\...\MountPoints2: {1654bfa4-a987-11e5-ad45-78e3b55c506f} - G:\VZW_Software_upgrade_assistant.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2015-12-18]

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226

Tcpip\..\Interfaces\{4848D22D-C616-40E1-8546-0C6E309B0C0F}: [DhcpNameServer] 67.142.166.10 67.142.166.11

Tcpip\..\Interfaces\{CD1D6664-1187-4454-B092-6AA4538C1F2E}: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com

HKU\S-1-5-21-311360127-3291622852-1042216310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]

CHR Extension: (YouTube) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]

CHR Extension: (Google Search) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]

CHR Extension: (Gmail) - C:\Users\Lisa Manis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-15 10:45 - 2016-01-15 10:45 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2016-01-15 10:45 - 2016-01-15 10:45 - 00001945 _____ C:\Windows\epplauncher.mif

2016-01-15 10:45 - 2016-01-15 10:45 - 00000000 ____D C:\Program Files\Microsoft Security Client

2016-01-15 10:45 - 2016-01-15 10:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2016-01-15 10:41 - 2016-01-15 10:42 - 14243008 _____ (Microsoft Corporation) C:\Users\Lisa Manis\Downloads\mseinstall.exe

2016-01-04 18:51 - 2016-01-04 18:55 - 00183570 _____ C:\Windows\ntbtlog.txt

2016-01-03 22:34 - 2016-01-03 22:34 - 02370560 _____ (Farbar) C:\Users\Lisa Manis\Downloads\FRST64 (2).exe

2016-01-03 22:18 - 2016-01-03 22:43 - 00000257 _____ C:\Users\Lisa Manis\Downloads\Search.txt

2016-01-03 22:16 - 2016-01-03 22:17 - 02370560 _____ (Farbar) C:\Users\Lisa Manis\Downloads\FRST64 (1).exe

2015-12-30 11:12 - 2015-12-30 11:12 - 05080352 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online (2).exe

2015-12-30 10:51 - 2016-01-19 12:30 - 00008695 _____ C:\Users\Lisa Manis\Downloads\FRST.txt

2015-12-30 10:51 - 2015-12-30 10:52 - 00021188 _____ C:\Users\Lisa Manis\Downloads\Addition.txt

2015-12-30 10:49 - 2016-01-19 12:30 - 00000000 ____D C:\FRST

2015-12-30 10:49 - 2015-12-30 10:49 - 02370560 _____ (Farbar) C:\Users\Lisa Manis\Downloads\FRST64.exe

2015-12-23 16:23 - 2015-12-23 16:23 - 00004420 _____ C:\Users\Lisa Manis\Downloads\ChristmasWedding.odm

2015-12-23 16:16 - 2015-12-23 16:16 - 00005365 _____ C:\Users\Lisa Manis\Downloads\CowboyforChristmas.odm

2015-12-23 16:12 - 2015-12-23 16:12 - 00005231 _____ C:\Users\Lisa Manis\Downloads\HisChristmasPleasure.odm

2015-12-23 13:53 - 2015-12-23 13:53 - 05066104 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online_cnet2.exe

2015-12-23 13:05 - 2015-12-23 13:05 - 00000000 ____D C:\Users\Public\Documents\Verizon2.0_Log

2015-12-23 13:05 - 2015-12-23 13:05 - 00000000 ____D C:\Users\Lisa Manis\AppData\Roaming\VERIZON

2015-12-23 13:01 - 2015-12-23 13:01 - 00000000 ____D C:\Users\Lisa Manis\Desktop\New folder (2)

2015-12-23 12:59 - 2015-12-23 12:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-12-23 10:01 - 2015-12-23 10:01 - 05066096 _____ (AVAST Software) C:\Users\Lisa Manis\Downloads\avast_free_antivirus_setup_online (1).exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-19 12:12 - 2009-07-13 23:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-19 12:12 - 2009-07-13 23:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-19 12:11 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-19 12:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf

2016-01-19 12:04 - 2015-11-10 11:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-19 12:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-15 10:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows

2016-01-13 12:25 - 2015-12-07 19:07 - 00000000 ____D C:\Users\Lisa Manis\AppData\Local\ElevatedDiagnostics

2016-01-12 13:42 - 2015-11-10 20:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-01-12 13:41 - 2015-11-10 20:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-01-04 18:30 - 2015-11-24 14:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-01-04 01:12 - 2015-12-18 13:51 - 00000000 ____D C:\Users\Lisa Manis\Desktop\New folder

2015-12-23 21:41 - 2015-11-30 12:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

 

==================== Files in the root of some directories =======

 

2015-12-03 17:11 - 2015-12-03 17:11 - 0001610 _____ () C:\Users\Lisa Manis\AppData\Local\recently-used.xbel

 

Some files in TEMP:

====================

C:\Users\Lisa Manis\AppData\Local\Temp\AudibleDM_iTunesSetup.exe

C:\Users\Lisa Manis\AppData\Local\Temp\NetFramework45.exe

C:\Users\Lisa Manis\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-01-13 09:04

 

==================== End of FRST.txt ============================

[Advertisements]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015

Ran by Lisa Manis (2016-01-19 12:30:50)

Running from C:\Users\Lisa Manis\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2015-11-09 16:12:47)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-311360127-3291622852-1042216310-500 - Administrator - Disabled)

Guest (S-1-5-21-311360127-3291622852-1042216310-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-311360127-3291622852-1042216310-1002 - Limited - Enabled)

Lisa Manis (S-1-5-21-311360127-3291622852-1042216310-1000 - Administrator - Enabled) => C:\Users\Lisa Manis

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{70F55D70-7E5F-6291-4924-2F7640F19BFE}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

calibre (HKLM-x32\...\{00A9870A-DA5A-4825-BEC9-F93FD41DE157}) (Version: 2.43.0 - Kovid Goyal)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)

OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {22CA225A-4F66-4F61-BB57-60A6824376DB} - System32\Tasks\{6C4D28B8-EAFE-4AC6-B845-5092130BEC7F} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp54841.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {32DBF440-8528-443F-B74A-A7E8D7DED3BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {33FA78B8-8916-4019-B613-24FA9F57B90E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {348C170B-6BB3-413D-9AB3-C7E45656D9A5} - System32\Tasks\{C37A8689-BDB7-4A81-8CB2-C16858E675D3} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp53261.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {37C5B331-745C-4F0F-9746-03781872C421} - System32\Tasks\{B9AE15D4-2B53-4677-AFFF-48781E5C1F5B} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp54900.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {41E0EBFD-8181-437C-82B6-14F1A4053043} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {6FEA60E9-0FE1-4DCA-A735-68A09C8DF989} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)

Task: {869650A8-FB90-4975-B647-BD90F400DC85} - System32\Tasks\{E8D0CF7A-AD0C-42DF-811B-E0AF5C764989} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp53838.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {884C9BBD-DF59-40DE-B6E2-9A0DDE2A0579} - System32\Tasks\{4D53AE11-1033-4BA5-BFB6-6D25ECE6A08A} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp51605.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {8CAAD46F-F50F-4FDA-B373-A409DDB7E753} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {9F73D8F8-3952-4D8A-8563-93E4DFEB0AD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)

Task: {C7C1C690-2D9C-4E97-9D65-8901D2C7894B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {C87DB4B2-15CC-4CC7-AECE-0DB807CC3F2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: {CA976BF8-C095-4B9C-A70B-00F632241E43} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {EB2BDF4D-4668-45C9-A0E3-C3D8542431E0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {ED9844EA-DBDC-4C80-B5BE-620B6B587CEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)

Task: {F40367CC-A17B-4463-8EBA-AB60B51CABCA} - System32\Tasks\{A1AEA180-878C-413C-AFE8-F2E5FCE5563E} => pcalua.exe -a C:\Windows\system32\RT7LitePIlaunch.exe -d C:\Windows\system32

Task: {F79CF7BE-6C6F-4350-9F3F-0C3EA9977650} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-13 08:45 - 2015-10-13 08:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 08:45 - 2015-10-13 08:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-01-08 00:57 - 2011-01-08 00:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-11-10 20:35 - 2015-11-10 20:35 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll

2015-11-10 11:45 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2016-01-15 10:40 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll

2016-01-15 10:40 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-311360127-3291622852-1042216310-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa Manis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1 - 205.171.203.226

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{363C7FFF-2B1F-400C-8F58-C97192404CBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{574A23E8-6A97-4A32-B1CE-5C3A73FDB8EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D225EB41-EC95-4876-836E-032CC2CA01BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{773E8002-AF39-4177-9BE2-605929D11924}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1733A50B-1F09-4C19-87EA-920CAA64C313}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{EA140052-D47E-407F-8386-8BE4FB5C4703}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

24-11-2015 14:49:27 Scheduled Checkpoint

16-12-2015 13:04:48 Installed OverDrive for Windows

13-01-2016 09:11:09 Scheduled Checkpoint

15-01-2016 11:03:43 Windows Update

19-01-2016 12:06:11 Windows Update

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/19/2016 12:05:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x3a8

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/19/2016 12:04:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/15/2016 12:53:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x15e0

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 12:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x1534

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 12:02:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x12ec

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 11:45:49 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0xd30

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 10:38:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/13/2016 01:24:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x42c

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/13/2016 10:26:26 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/13/2016 08:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (01/04/2016 06:52:16 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz

Percentage of memory in use: 26%

Total physical RAM: 8139.86 MB

Available physical RAM: 5973.96 MB

Total Virtual: 16277.93 MB

Available Virtual: 13927.36 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:447.28 GB) (Free:123.61 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Recovery) (Fixed) (Total:14.32 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

Drive h: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0AFF17D5)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=447.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

 

==================== End of Addition.txt ============================

[southernbelle1]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015

Ran by Lisa Manis (2016-01-19 12:30:50)

Running from C:\Users\Lisa Manis\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2015-11-09 16:12:47)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-311360127-3291622852-1042216310-500 - Administrator - Disabled)

Guest (S-1-5-21-311360127-3291622852-1042216310-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-311360127-3291622852-1042216310-1002 - Limited - Enabled)

Lisa Manis (S-1-5-21-311360127-3291622852-1042216310-1000 - Administrator - Enabled) => C:\Users\Lisa Manis

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{70F55D70-7E5F-6291-4924-2F7640F19BFE}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

calibre (HKLM-x32\...\{00A9870A-DA5A-4825-BEC9-F93FD41DE157}) (Version: 2.43.0 - Kovid Goyal)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)

OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {22CA225A-4F66-4F61-BB57-60A6824376DB} - System32\Tasks\{6C4D28B8-EAFE-4AC6-B845-5092130BEC7F} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp54841.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {32DBF440-8528-443F-B74A-A7E8D7DED3BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {33FA78B8-8916-4019-B613-24FA9F57B90E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {348C170B-6BB3-413D-9AB3-C7E45656D9A5} - System32\Tasks\{C37A8689-BDB7-4A81-8CB2-C16858E675D3} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp53261.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {37C5B331-745C-4F0F-9746-03781872C421} - System32\Tasks\{B9AE15D4-2B53-4677-AFFF-48781E5C1F5B} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp54900.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {41E0EBFD-8181-437C-82B6-14F1A4053043} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {6FEA60E9-0FE1-4DCA-A735-68A09C8DF989} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)

Task: {869650A8-FB90-4975-B647-BD90F400DC85} - System32\Tasks\{E8D0CF7A-AD0C-42DF-811B-E0AF5C764989} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp53838.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {884C9BBD-DF59-40DE-B6E2-9A0DDE2A0579} - System32\Tasks\{4D53AE11-1033-4BA5-BFB6-6D25ECE6A08A} => pcalua.exe -a "C:\Users\Lisa Manis\Desktop\HP Drivers\sp51605.exe" -d "C:\Users\Lisa Manis\Desktop\HP Drivers"

Task: {8CAAD46F-F50F-4FDA-B373-A409DDB7E753} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {9F73D8F8-3952-4D8A-8563-93E4DFEB0AD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)

Task: {C7C1C690-2D9C-4E97-9D65-8901D2C7894B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {C87DB4B2-15CC-4CC7-AECE-0DB807CC3F2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: {CA976BF8-C095-4B9C-A70B-00F632241E43} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {EB2BDF4D-4668-45C9-A0E3-C3D8542431E0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {ED9844EA-DBDC-4C80-B5BE-620B6B587CEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)

Task: {F40367CC-A17B-4463-8EBA-AB60B51CABCA} - System32\Tasks\{A1AEA180-878C-413C-AFE8-F2E5FCE5563E} => pcalua.exe -a C:\Windows\system32\RT7LitePIlaunch.exe -d C:\Windows\system32

Task: {F79CF7BE-6C6F-4350-9F3F-0C3EA9977650} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-13 08:45 - 2015-10-13 08:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 08:45 - 2015-10-13 08:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-01-08 00:57 - 2011-01-08 00:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-11-10 20:35 - 2015-11-10 20:35 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll

2015-11-10 11:45 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2016-01-15 10:40 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll

2016-01-15 10:40 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-311360127-3291622852-1042216310-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa Manis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1 - 205.171.203.226

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{363C7FFF-2B1F-400C-8F58-C97192404CBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{574A23E8-6A97-4A32-B1CE-5C3A73FDB8EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D225EB41-EC95-4876-836E-032CC2CA01BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{773E8002-AF39-4177-9BE2-605929D11924}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1733A50B-1F09-4C19-87EA-920CAA64C313}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{EA140052-D47E-407F-8386-8BE4FB5C4703}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

24-11-2015 14:49:27 Scheduled Checkpoint

16-12-2015 13:04:48 Installed OverDrive for Windows

13-01-2016 09:11:09 Scheduled Checkpoint

15-01-2016 11:03:43 Windows Update

19-01-2016 12:06:11 Windows Update

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/19/2016 12:05:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x3a8

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/19/2016 12:04:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/15/2016 12:53:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x15e0

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 12:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x1534

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 12:02:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x12ec

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 11:45:49 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0xd30

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/15/2016 10:38:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/13/2016 01:24:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x42c

Faulting application start time: 0xGWXUX.exe0

Faulting application path: GWXUX.exe1

Faulting module path: GWXUX.exe2

Report Id: GWXUX.exe3

 

Error: (01/13/2016 10:26:26 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/13/2016 08:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (01/04/2016 06:52:16 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (01/04/2016 06:52:16 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz

Percentage of memory in use: 26%

Total physical RAM: 8139.86 MB

Available physical RAM: 5973.96 MB

Total Virtual: 16277.93 MB

Available Virtual: 13927.36 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:447.28 GB) (Free:123.61 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Recovery) (Fixed) (Total:14.32 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

Drive h: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0AFF17D5)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=447.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

 

==================== End of Addition.txt ============================

[zep516]

Hello,

Logs look ok, how is the computer ?

Thanks
Joe

[southernbelle1]

The computer is working good .

[zep516]

OK !

You may delete any log files on the desktop and delete Frst and we will close the topic.

[southernbelle1]

Joe, 

I don't see FRST in my programs, so how do you uninstall it?  I see you really like Firefox browser.  Whats is it about Firefox you like vs. Chrome?

Lisa

[zep516]

Hello,

Actually I don't use Firefox and have never used Chrome. I use a browser called Palemoon.

FRST does not install to a folder that's why you do not see it. On your machine it's located here=> C:\Users\Lisa Manis\Downloads. Your downloads folder

Thanks
Joe

[southernbelle1]

 FRST is deleted.  Thank you so much for all your help .

Lisa

[zep516]

southernbelle1 its been my pleasure. Topic is closing now !

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe