Inactive PC Issues

Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Susan (2015-11-22 18:29:31)
Running from C:\Users\Susan\Desktop\Farbar Scan Step 1
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-26 23:44:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-986319536-3418617622-2416975438-500 - Administrator - Disabled)
Guest (S-1-5-21-986319536-3418617622-2416975438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-986319536-3418617622-2416975438-1002 - Limited - Enabled)
Susan (S-1-5-21-986319536-3418617622-2416975438-1000 - Administrator - Enabled) => C:\Users\Susan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.09 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
aiofw (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
aioprnt (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Canon Camera WIA Driver (x32 Version: 5.3 - Canon) Hidden
Canon Camera WIA Driver (x32 Version: 5.4 - Canon) Hidden
Canon Camera WIA Driver (x32 Version: 5.5 - Canon) Hidden
Canon EOS 20D WIA Driver (HKLM-x32\...\InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}) (Version: 5.4 - Canon)
Canon EOS-1D Mark II WIA Driver (HKLM-x32\...\InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}) (Version: 5.3 - Canon)
Canon EOS-1Ds Mark II WIA Driver (HKLM-x32\...\InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}) (Version: 5.5 - Canon)
Canon Utilities EOS Capture 1.2 (HKLM-x32\...\InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}) (Version: 1.2 - Canon)
Canon Utilities EOS Viewer Utility 1.2 (HKLM-x32\...\InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}) (Version: 1.2.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
center (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Coupon Printer (HKLM-x32\...\{2095A496-250E-4A1F-90AD-691246819A9A}) (Version: 3.17.0.0 - Hopster, Inc. an Inmar company)
Dropbox (HKU\S-1-5-21-986319536-3418617622-2416975438-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EOS Capture 1.2 (x32 Version: 1.2 - Canon) Hidden
EOS Viewer Utility 1.2.1 (x32 Version: 1.2.1 - Canon) Hidden
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - )
Farm Frenzy 3 - Ice Age (x32 Version: 2.2.0.94 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{4207BD5E-6F51-4C57-BC86-A0EBE9088A30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PhotoStitch (x32 Version: 3.1.14 - Canon) Hidden
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.18 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Unity Web Player (HKU\S-1-5-21-986319536-3418617622-2416975438-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.20 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-986319536-3418617622-2416975438-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-10-2015 08:31:09 Windows Update
27-10-2015 05:59:21 Windows Update
30-10-2015 06:29:34 Windows Update
03-11-2015 07:40:29 Windows Update
09-11-2015 06:43:19 Windows Update
11-11-2015 17:58:55 Windows Update
12-11-2015 12:32:51 Windows Update
17-11-2015 06:51:10 Windows Update
19-11-2015 07:14:19 Removed CouponPrinterPlugin
19-11-2015 07:16:22 Removed RevTraxPrintMyCoupon
20-11-2015 07:09:52 Windows Update
20-11-2015 11:21:57 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-20 21:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2FED7F15-C196-45F8-A2A5-938DCF7BF80A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-986319536-3418617622-2416975438-1000Core => C:\Users\Susan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {3C0BF3D6-C267-444B-95F5-EAEF49578885} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {564427F0-5FDC-4E3F-B9C3-1940625AEC0E} - System32\Tasks\HPCeeScheduleForSusan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {786033FE-8AA7-460F-A2E9-308E99329736} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-986319536-3418617622-2416975438-1000UA => C:\Users\Susan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {87313765-8ADE-4811-A7C5-DE18BCC00917} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe
Task: {8DC9226F-4566-410A-855E-19D9948A6DA8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe
Task: {9BC6E551-2DDE-4B75-A30D-B60BA5135C60} - System32\Tasks\{8997E18E-5FD5-4770-851D-468C04B73C31} => pcalua.exe -a "C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QKW1VT0\PandoSetupNCI[1].exe" -d C:\Users\Susan\Desktop
Task: {A0D97AC8-B34C-4F3B-8267-D1540120079E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-17] (Adobe Systems Incorporated)
Task: {ACD01842-6209-4294-8D33-88F574E10C0E} - System32\Tasks\AdobeAAMUpdater-1.0-Susan-PC-Susan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {B47C3152-7E3C-4E8B-8BA3-13017EF932AA} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {BE985880-0804-4894-9B1E-F2626782E22C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DBC69593-B4B6-426E-9727-799370178B59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F7FA1A07-F5A1-4C33-BBE0-0EBB08C066DF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {FA2615C5-A91F-4253-89CC-7008CFCF01DC} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-986319536-3418617622-2416975438-1000Core.job => C:\Users\Susan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-986319536-3418617622-2416975438-1000UA.job => C:\Users\Susan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSusan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Susan\Desktop\Desktop\Misc\eBay.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cnnb&locale=en_us&bd=all&c=94 <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2010-11-06 10:37 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-06 13:40 - 2007-02-27 05:20 - 00125952 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdjdrpp.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR250 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)
 
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-986319536-3418617622-2416975438-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: KodakSvc => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: lxdj_device => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: wampapache => 3
MSCONFIG\Services: wampmysqld => 3
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDSmartWareBackgroundService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupreg: Adobe => rundll32.exe "C:\Users\Susan\AppData\Local\Apple Computer\Adobe\wsvwuei.dll",VC1ConfigGetAPIExtW
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A2B30728-1C38-4C89-A681-9A63886C27AE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B3C577DC-1CBE-4C60-8B52-1FDA3AA9F8B6}] => (Allow) svchost.exe
FirewallRules: [{157A38E3-FB68-4A1C-8910-C762C902838D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{5FCBA788-F14A-40D5-A6E2-37BB47BA3AF4}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{38D2AD49-FD80-4B20-8EDF-932EA5A06390}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{A0512E42-FA82-47C6-89FF-6A4BCE5298BF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3772B238-3E5B-4106-97FC-DD5692B7AD5F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{461928AB-E845-4E7D-A90A-5210B17C2422}] => (Allow) LPort=2869
FirewallRules: [{65BFD6B5-5BAB-4BE1-9003-11653FE0E36B}] => (Allow) LPort=1900
FirewallRules: [{1A1EDCFB-223C-4768-A6A1-A364FCB1B9BE}] => (Allow) LPort=9322
FirewallRules: [{CBB72327-0C9D-41AD-812E-5A6FE6DD9DF2}] => (Allow) LPort=9322
FirewallRules: [{4306C2D3-DB97-4E9C-9F64-B84903C1A013}] => (Allow) LPort=9323
FirewallRules: [{67059A40-7CE9-4D67-BF88-064177ADCAC2}] => (Allow) LPort=9323
FirewallRules: [{5254ED00-04B0-4653-9F68-5D64B745E6F7}] => (Allow) C:\Windows\SysWOW64\lxdjcoms.exe
FirewallRules: [{E7A6EA41-66FB-4BB1-B1FF-5BA67861B7B0}] => (Allow) C:\Windows\SysWOW64\lxdjcoms.exe
FirewallRules: [{52B3E0E4-6C2F-488B-ACDC-E4E9E5074EA3}] => (Allow) C:\Windows\System32\lxdjcoms.exe
FirewallRules: [{FC66649D-A155-43FB-BB5C-EF15A14B94E0}] => (Allow) C:\Windows\System32\lxdjcoms.exe
FirewallRules: [{FC9A4F90-E7D8-4AF7-A3EB-197CD994D47B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdjtime.exe
FirewallRules: [{E92D4F09-F9F0-446B-ABDE-54E9AD97D91B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdjtime.exe
FirewallRules: [{238F1CA1-E76E-40EC-BF7C-840F07EF0597}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdjpswx.exe
FirewallRules: [{5FFE0AD0-8325-4DA8-964C-10491077C7B2}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdjpswx.exe
FirewallRules: [{4BAAEBBF-5D2A-43A7-A46E-AFDFD878F07C}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zSCE27.tmp\SymNRT.exe
FirewallRules: [{EF93F5DD-6C93-4919-8926-CB9405CA8E0D}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zSCE27.tmp\SymNRT.exe
FirewallRules: [{79541918-7FFE-4A5B-BABC-4BEBA6736FFE}] => (Allow) C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FA6FAA3E-E1AA-4888-AE72-419469ABDD6D}] => (Allow) C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{27930852-0199-4EED-9169-F9D4B421C866}C:\users\susan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\susan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6FB8A91E-5D39-4C2F-BDFD-7F82481F107D}C:\users\susan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\susan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{A6456CB7-CF47-40A7-9E17-C856AC7474DC}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{8C3F071E-4696-44FD-A206-A461364691B9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{1050491A-F453-4832-BC73-1EEE40C25DE4}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS3F44\HPDiagnosticCoreUI.exe
FirewallRules: [{F6AF7FF9-68DB-4218-A1F0-AE62A34AE0EE}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS3F44\HPDiagnosticCoreUI.exe
FirewallRules: [{C15BEA78-167C-4ACD-AADF-04FB5DEBE656}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS30F4\HPDiagnosticCoreUI.exe
FirewallRules: [{DEC38707-9111-411A-8D79-C15C8FFC2A77}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS30F4\HPDiagnosticCoreUI.exe
FirewallRules: [{4B8AB56F-DCA7-4A14-99D2-8591E1A73370}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS1731\HPDiagnosticCoreUI.exe
FirewallRules: [{14243B8E-8766-43F0-9134-00CD663D3FF6}] => (Allow) C:\Users\Susan\AppData\Local\Temp\7zS1731\HPDiagnosticCoreUI.exe
FirewallRules: [{070A65EA-A858-403C-869D-E72DB1927BDC}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{42FFA74E-BD8C-4989-A0D5-34CC29896836}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{6591F6CE-D718-4D60-84C3-F9155DB60159}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{BB623B3E-AD5B-4010-8CF7-39DEE81C9497}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{5485D5F5-F9E8-4A4A-AB79-25C345B8E83C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6F18ABF3-8E7A-48BE-8E9B-952DA2AE3E48}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C360DB29-6FC6-48E8-AE6C-9F98DA0E7B68}] => (Allow) LPort=15600
FirewallRules: [{ED2172EF-6DCC-465B-9AB1-E36B44385070}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20489CED-57C1-481F-AADD-3FE44B7EBB59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECE23F35-4945-4C37-BF96-C006FAEDEA40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2015 04:23:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d0

Start Time: 01d123d72c1953f7

Termination Time: 161

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/20/2015 03:00:13 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/18/2015 11:01:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18098, time stamp: 0x5633e44a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73e0cb49
Faulting process id: 0xe74
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/18/2015 08:47:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18098, time stamp: 0x5633e44a
Faulting module name: MSHTML.dll, version: 11.0.9600.18098, time stamp: 0x5633f43b
Exception code: 0xc0000005
Fault offset: 0x0012d9a0
Faulting process id: 0x1038
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/18/2015 06:01:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f4

Start Time: 01d121f021353f89

Termination Time: 46

Application Path: C:\Windows\Explorer.EXE

Report Id: 9f7f04bb-8de3-11e5-a413-001f16e48a8b

Error: (11/17/2015 03:47:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5fc

Start Time: 01d121705a3579a9

Termination Time: 131

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/17/2015 01:59:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6c4

Start Time: 01d1216914f2eb08

Termination Time: 1340

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/16/2015 00:29:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d34

Start Time: 01d120630f4ade6a

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (11/16/2015 09:45:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18098, time stamp: 0x5633e44a
Faulting module name: COUPON~1.OCX_unloaded, version: 0.0.0.0, time stamp: 0x555a2d23
Exception code: 0xc0000005
Fault offset: 0x27f26883
Faulting process id: 0x474
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/16/2015 09:35:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 36f0

Start Time: 01d1206e34c7ee80

Termination Time: 769

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (11/22/2015 06:08:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/22/2015 08:37:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/21/2015 01:19:54 PM) (Source: DCOM) (EventID: 10016) (User: Susan-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Susan-PCSusanS-1-5-21-986319536-3418617622-2416975438-1000LocalHost (Using LRPC)

Error: (11/21/2015 06:44:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/20/2015 09:30:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/20/2015 09:30:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/20/2015 09:26:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/20/2015 08:58:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/20/2015 01:51:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/20/2015 11:13:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


CodeIntegrity:
===================================
Date: 2015-11-20 21:30:02.335
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-20 21:30:02.272
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 3003.2 MB
Available physical RAM: 1743.58 MB
Total Virtual: 7505.4 MB
Available Virtual: 6287.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.79 GB) (Free:72.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.9 GB) (Free:1.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: BE691504)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.7 KB · Views: 3
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-986319536-3418617622-2416975438-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2011-06-06 11:30 - 2011-06-06 11:30 - 0001854 _____ () C:\Users\Susan\AppData\Roaming\GhostObjGAFix.xml
2010-11-03 18:30 - 2010-11-03 18:30 - 0000000 _____ () C:\Users\Susan\AppData\Roaming\wklnhst.dat
2009-12-26 18:53 - 2009-12-26 18:53 - 0000000 _____ () C:\Users\Susan\AppData\Local\AtStart.txt
2009-12-26 18:53 - 2009-12-26 18:53 - 0000000 _____ () C:\Users\Susan\AppData\Local\DSwitch.txt
2011-03-06 08:55 - 2014-03-06 12:59 - 0167584 _____ () C:\Users\Susan\AppData\Local\installer.log
2011-03-06 09:07 - 2011-03-06 09:07 - 0000183 _____ () C:\Users\Susan\AppData\Local\LaunchHomeCenter.log
2009-12-26 18:53 - 2009-12-26 18:53 - 0000000 _____ () C:\Users\Susan\AppData\Local\QSwitch.txt
2013-05-28 13:17 - 2013-07-06 13:33 - 0007625 _____ () C:\Users\Susan\AppData\Local\Resmon.ResmonCfg
2015-01-27 15:40 - 2015-01-27 15:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-08-22 20:09 - 2013-04-19 08:05 - 0000290 _____ () C:\ProgramData\hpqp.ini
2015-10-19 06:25 - 2015-10-19 06:25 - 0000021 _____ () C:\ProgramData\hpqp.txt
2009-12-26 18:53 - 2014-03-05 08:31 - 0000511 _____ () C:\ProgramData\HPWALog.txt
2009-08-22 20:11 - 2009-08-22 20:11 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-17 15:26 - 2009-08-17 15:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-22 20:10 - 2009-08-22 20:10 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-17 15:20 - 2009-08-17 15:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-22 20:10 - 2009-08-22 20:10 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-22 20:11 - 2009-08-22 20:11 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-17 15:20 - 2009-08-17 15:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-17 15:22 - 2009-08-17 15:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-22 20:11 - 2009-08-22 20:11 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\Users\Susan\couponprinter.exe
 
No. You just posted content of my "fixlist" file.
Please re-read my instructions.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Susan (2015-11-24 07:11:20) Run:1
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan (Available Profiles: Susan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-986319536-3418617622-2416975438-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; no ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2011-06-06 11:30 - 2011-06-06 11:30 - 0001854 _____ () C:\Users\Susan\AppData\Roaming\GhostObjGAFix.xml
2010-11-03 18:30 - 2010-11-03 18:30 - 0000000 _____ () C:\Users\Susan\AppData\Roaming\wklnhst.dat
2009-12-26 18:53 - 2009-12-26 18:53 - 0000000 _____ () C:\Users\Susan\AppData\Local\AtStart.txt
2009-12-26 18:53 - 2009-12-26 18:53 - 0000000 _____ () C:\Users\Susan\AppData\Local\DSwitch.txt
2011-03-06 08:55 - 2014-03-06 12:59 - 0167584 _____ () C:\Users\Susan\AppData\Local\installer.log
2011-03-06 09:07 - 2011-03-06 09:07 - 0000183 _____ () C:\Users\Susan\AppData\Local\LaunchHomeCenter.log
2009-12-26 18:53 - 2009-12-26 18:53 - 0000000 _____ () C:\Users\Susan\AppData\Local\QSwitch.txt
2013-05-28 13:17 - 2013-07-06 13:33 - 0007625 _____ () C:\Users\Susan\AppData\Local\Resmon.ResmonCfg
2015-01-27 15:40 - 2015-01-27 15:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-08-22 20:09 - 2013-04-19 08:05 - 0000290 _____ () C:\ProgramData\hpqp.ini
2015-10-19 06:25 - 2015-10-19 06:25 - 0000021 _____ () C:\ProgramData\hpqp.txt
2009-12-26 18:53 - 2014-03-05 08:31 - 0000511 _____ () C:\ProgramData\HPWALog.txt
2009-08-22 20:11 - 2009-08-22 20:11 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-17 15:26 - 2009-08-17 15:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-22 20:10 - 2009-08-22 20:10 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-17 15:20 - 2009-08-17 15:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-22 20:10 - 2009-08-22 20:10 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-22 20:11 - 2009-08-22 20:11 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-17 15:20 - 2009-08-17 15:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-17 15:22 - 2009-08-17 15:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-22 20:11 - 2009-08-22 20:11 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\Users\Susan\couponprinter.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-986319536-3418617622-2416975438-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
catchme => service removed successfully
eabfiltr => service removed successfully
RtsUIR => service removed successfully
USBCCID => service removed successfully
C:\Users\Susan\AppData\Roaming\GhostObjGAFix.xml => moved successfully
C:\Users\Susan\AppData\Roaming\wklnhst.dat => moved successfully
C:\Users\Susan\AppData\Local\AtStart.txt => moved successfully
C:\Users\Susan\AppData\Local\DSwitch.txt => moved successfully
C:\Users\Susan\AppData\Local\installer.log => moved successfully
C:\Users\Susan\AppData\Local\LaunchHomeCenter.log => moved successfully
C:\Users\Susan\AppData\Local\QSwitch.txt => moved successfully
C:\Users\Susan\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\hpqp.ini => moved successfully
C:\ProgramData\hpqp.txt => moved successfully
C:\ProgramData\HPWALog.txt => moved successfully
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log => moved successfully
C:\Users\Susan\couponprinter.exe => moved successfully

==== End of Fixlog 07:11:22 ====
 
Good :)

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Eusing Free Registry Cleaner
Java 8 Update 65
Java version 32-bit out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (40.0.3)
Google Chrome (46.0.2490.80)
Google Chrome (46.0.2490.86)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 10-06-2014
Ran by Susan (administrator) on 25-11-2015 at 09:58:50
Running from "C:\Users\Susan\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Ok I have a problem. Did step 3, no problem. Then downloaded step 4 Sophos to desktop. The program didn't launch after I clicked finish. I waited for about 10 min...still nothing. I did notice that it made a shortcut on my desktop though so I clicked that, but nothing happened. Then 10 minutes later the next step happened. It was very strange. Then, it started scanning...but for almost an hour no progress was made at all and I noticed that the files it said it was scanning were just repeating themselves over and over.....something in "volume". So, I thought something was wrong. I cancelled the scan. I thought maybe it didn't download correctly, so I removed the program from my pc, then reloaded it, and followed the steps all over again. I am now up to the click finish part, and again, it's not launching. It's been 1/2 an hour and no launch. I don't want to do anything else on my own. Can you tell me what to do now?
 
Run this instead...

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
1 1/2 hours in....almost 1/2 done, and I get a prompt that "internet explorer has stopped working. Something has caused the program to close and reopen the tab" but program doesn't pick up again....turned off....page has expired. Will have to get back to this sometime over the weekend....hopefully.....as family will be in from out of town for the holiday. Happy Thanksgiving Bruno, and thank you so much for all of your help so far!
 
redtarget.gif
Update Firefox to the current version.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Hi Broni,

I just did the first 3 updates on your latest post before I saw the "your pc is now clean" part. I stopped there. Unfortunately, nothing has changed on my PC. I still have 100% CPU running almost all the time caused by iexplore.exe and explore.exe both listed in processes several times. I also still can't play video most of the time, and just get the exclamation point. What does this mean for me? This was not a virus? Do you have any idea what's wrong then, or what I should do now? Appreciate any direction you can point me in.

Susan
 
Also just did the removal, and read through the rest. Not downloading all of these things at this time...I think I don't have much memory left on this laptop. Maybe that's the problem in the first place? I don't know. Again...any direction would be great, unless it's just time to buy another PC... :(
 
You have plenty of disk space so I don't think this is the issue:
Drive c: () (Fixed) (Total:220.79 GB) (Free:72.71 GB)

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
NOTE. Windows Vista, 7 and 8 users right click on procexp.exe, click "Run As Administrator".
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content into your next reply.
 
Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process 0 K 24 K 0
System 0.33 132 K 904 K 4
Interrupts 2.27 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 368 K 936 K 276 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 1,880 K 4,060 K 380 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe 1,280 K 3,736 K 432 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 5,272 K 8,460 K 524 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 3,800 K 7,916 K 664 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
dllhost.exe 2,088 K 6,668 K 2776 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
FlashUtil64_19_0_0_245_ActiveX.exe 4,292 K 9,988 K 3228 Adobe® Flash® Player Installer/Uninstaller 19.0 r0 Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashUtil64_19_0_0_245_ActiveX.exe -Embedding
WmiPrvSE.exe 2,304 K 6,028 K 4228 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
svchost.exe 3,912 K 7,384 K 748 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
MsMpEng.exe 0.14 103,616 K 72,812 K 784 Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
svchost.exe < 0.01 20,872 K 20,640 K 932 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 15,948 K 16,300 K 5028 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x43c
svchost.exe 0.65 107,720 K 113,356 K 980 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 1.83 53,036 K 32,492 K 1160 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 0.01 12,756 K 18,612 K 1004 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 32,192 K 45,904 K 292 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 1,696 K 5,868 K 3188 Task Scheduler Engine Microsoft Corporation taskeng.exe {9D34D026-6791-408A-BF84-EF6BD54AD0B4}
svchost.exe 0.03 15,068 K 15,948 K 1048 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe < 0.01 9,688 K 14,836 K 1632 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
taskhost.exe 0.01 11,604 K 14,756 K 1680 Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
svchost.exe 15,792 K 11,908 K 1704 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
AGSService.exe 1,276 K 3,924 K 1948 AGS Service Adobe Systems, Incorporated "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
svchost.exe 4,348 K 8,212 K 1992 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k utcsvc
HPSupportSolutionsFrameworkService.exe 13,032 K 7,676 K 600 SolutionsFrameworkService Hewlett-Packard Company "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"
svchost.exe 1,116 K 2,868 K 2036 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k HsfXAudioService
svchost.exe 4,396 K 6,928 K 2112 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
WLIDSVC.EXE 0.01 6,308 K 10,460 K 2192 Microsoft® Windows Live ID Service Microsoft Corp. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 988 K 2,596 K 2288 Microsoft® Windows Live ID Service Monitor Microsoft Corp. WLIDSvcM.exe 2192
NisSrv.exe 12,648 K 7,456 K 2712 Microsoft Network Realtime Inspection Service Microsoft Corporation "c:\Program Files\Microsoft Security Client\NisSrv.exe"
SearchIndexer.exe < 0.01 61,088 K 29,908 K 2836 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
svchost.exe 2,104 K 4,496 K 2932 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
wmpnetwk.exe < 0.01 12,188 K 12,636 K 1480 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
svchost.exe 0.03 6,652 K 13,024 K 3212 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
CouponPrinterService.exe < 0.01 3,132 K 9,508 K 3816 Coupon Printer Service Coupons.com Inc. "C:\Program Files (x86)\Coupons\CouponPrinterService.exe"
svchost.exe < 0.01 12,952 K 16,852 K 1112 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
TrustedInstaller.exe 4,292 K 9,528 K 3340 Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
svchost.exe 1,336 K 4,052 K 2092 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k SDRSVC
msiexec.exe 3,748 K 12,076 K 4336 Windows® installer Microsoft Corporation C:\Windows\system32\msiexec.exe /V
armsvc.exe 1,112 K 3,916 K 4512 Adobe Acrobat Update Service Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
lsass.exe 6,916 K 13,364 K 532 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 2,224 K 3,688 K 540 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 1.03 1,912 K 13,444 K 440 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 2,484 K 5,656 K 496 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 0.04 31,908 K 50,852 K 1172 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
msseces.exe 5,612 K 9,732 K 1344 Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
igfxpers.exe 1,700 K 5,352 K 1352 persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
ipoint.exe 5,560 K 10,676 K 1360 IPoint.exe Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
cAudioFilterAgent64.exe 1,812 K 4,972 K 1376 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
calc.exe 6,036 K 10,964 K 2228 Windows Calculator Microsoft Corporation "C:\Windows\system32\calc.exe"
iexplore.exe 0.02 27,388 K 50,632 K 3656 Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
iexplore.exe 19.02 581,880 K 567,188 K 3692 Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3656 CREDAT:267521 /prefetch:2
iexplore.exe 71.65 355,600 K 359,308 K 2628 Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3656 CREDAT:857451 /prefetch:2
procexp.exe 2,112 K 7,344 K 4344 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Susan\Desktop\ProcessExplorer\procexp.exe"
procexp64.exe 2.92 19,792 K 38,308 K 4996 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Susan\Desktop\ProcessExplorer\procexp.exe"
hpwuschd2.exe 856 K 3,292 K 1468 hpwuSchd Application Hewlett-Packard "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
jusched.exe 4,760 K 12,308 K 1516 Java Update Scheduler Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
GWX.exe 3,436 K 1,072 K 1868 GWX Microsoft Corporation "C:\Windows\system32\GWX\GWX.exe"
AdobeARM.exe 2,872 K 11,192 K 3244 Adobe Reader and Acrobat Manager Adobe Systems Incorporated /Skip /BackFromArmUpdate
 
I'm sorry....I'm confused. Am I resetting IE first...then downloading fixit, or is that part of the resetting process? Also.....what does post a fresh PE log mean?
 
Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process 2.00 0 K 24 K 0
System 0.46 264 K 6,856 K 4
Interrupts 3.30 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 372 K 424 K 276 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 0.01 1,872 K 2,252 K 376 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe 1,276 K 1,104 K 428 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 5,708 K 6,428 K 532 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 4,148 K 5,176 K 660 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
dllhost.exe 2,096 K 1,992 K 2708 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
FlashUtil64_19_0_0_245_ActiveX.exe 5,796 K 5,904 K 2652 Adobe® Flash® Player Installer/Uninstaller 19.0 r0 Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashUtil64_19_0_0_245_ActiveX.exe -Embedding
MsSpellCheckingFacility.exe 2,980 K 8,184 K 5680 Microsoft Spell Checking Facility Microsoft Corporation "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
WmiPrvSE.exe 2,244 K 5,884 K 6716 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
svchost.exe 4,852 K 6,092 K 728 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
MsMpEng.exe 0.22 108,240 K 68,356 K 776 Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
svchost.exe 0.02 21,032 K 15,560 K 912 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 16,196 K 16,408 K 6200 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x7c4
svchost.exe 0.01 117,340 K 112,604 K 960 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 3.33 60,076 K 29,820 K 1220 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 0.02 13,988 K 17,540 K 1000 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 0.24 33,264 K 32,156 K 296 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 0.01 31,296 K 30,536 K 1040 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe < 0.01 10,008 K 7,768 K 1272 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 0.01 17,292 K 15,352 K 1304 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskhost.exe 2.40 37,088 K 26,776 K 1336 Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
armsvc.exe 1,104 K 1,072 K 1476 Adobe Acrobat Update Service Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
AGSService.exe 1,276 K 1,172 K 1700 AGS Service Adobe Systems, Incorporated "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
svchost.exe 4,908 K 7,196 K 1728 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k utcsvc
svchost.exe 1,112 K 956 K 2540 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k HsfXAudioService
svchost.exe 4,388 K 3,080 K 2788 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
WLIDSVC.EXE 0.01 6,296 K 4,564 K 2836 Microsoft® Windows Live ID Service Microsoft Corp. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 992 K 856 K 2896 Microsoft® Windows Live ID Service Monitor Microsoft Corp. WLIDSvcM.exe 2836
NisSrv.exe 13,100 K 5,948 K 956 Microsoft Network Realtime Inspection Service Microsoft Corporation "c:\Program Files\Microsoft Security Client\NisSrv.exe"
SearchIndexer.exe < 0.01 75,640 K 45,108 K 2040 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
svchost.exe 2,436 K 3,400 K 2536 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
wmpnetwk.exe 0.03 12,452 K 8,820 K 3328 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
svchost.exe 0.03 7,060 K 9,244 K 3632 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
OSPPSVC.EXE 3,832 K 3,860 K 1708 Microsoft Office Software Protection Platform Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
svchost.exe 0.02 14,444 K 12,688 K 1836 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
CouponPrinterService.exe < 0.01 3,076 K 3,304 K 876 Coupon Printer Service Coupons.com Inc. "C:\Program Files (x86)\Coupons\CouponPrinterService.exe"
TrustedInstaller.exe 4,008 K 1,828 K 3744 Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
svchost.exe 1,368 K 1,292 K 380 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k SDRSVC
msiexec.exe 9,152 K 20,164 K 4904 Windows® installer Microsoft Corporation C:\Windows\system32\msiexec.exe /V
svchost.exe 1,976 K 5,532 K 4944 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k swprv
lsass.exe 10,720 K 13,064 K 540 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 2,136 K 2,312 K 548 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 2.23 2,128 K 14,180 K 440 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 2,484 K 3,248 K 496 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 0.36 35,332 K 41,828 K 1232 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
msseces.exe 5,544 K 3,236 K 1992 Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
igfxpers.exe 1,696 K 2,128 K 2000 persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
ipoint.exe 5,636 K 5,492 K 2008 IPoint.exe Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
cAudioFilterAgent64.exe 1,868 K 2,484 K 2032 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
calc.exe 6,072 K 3,296 K 3600 Windows Calculator Microsoft Corporation "C:\Windows\system32\calc.exe"
procexp.exe 2,116 K 7,336 K 6284 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Susan\Desktop\ProcessExplorer\procexp.exe"
procexp64.exe 5.89 21,472 K 40,012 K 3808 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Susan\Desktop\ProcessExplorer\procexp.exe"
hpwuschd2.exe 852 K 1,392 K 1760 hpwuSchd Application Hewlett-Packard "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
jusched.exe 4,728 K 6,264 K 1864 Java Update Scheduler Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
DigitalCouponPrinter.exe 19,304 K 3,896 K 1908 Digital Coupon Printer Inmar, Inc. "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
GWX.exe 3,544 K 1,008 K 2296 GWX Microsoft Corporation "C:\Windows\system32\GWX\GWX.exe"
GWX.exe 2,860 K 1,028 K 2308 GWX Microsoft Corporation "C:\Windows\system32\GWX\GWX.exe"
iexplore.exe 0.01 42,744 K 52,400 K 1648 Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" http://dn.ws/wrid:iapp-dn-ios-2_4_3
iexplore.exe 79.38 1,114,400 K 1,026,648 K 5800 Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:2561362 /prefetch:2
 
Oh Broni! I don't know why, but ever since I did the IE reset.....the PC is worse then ever. It's been running at 100% CPU ever since....from iexplore.exe and explore.exe even though I didn't have the internet on! I just put it back on to tell you this. It's running so bad that it just took me 20 minutes to get to this page. OH NO! What happened? I'm going to log off and back on and see if that helps?
 
At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back