Cal M

Member
  • Content Count

    24
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Cal M

  • Rank
    Member

Profile Information

  • Gender
    Not Telling
  1. What I would describe as normal. But it was running just as well b4 I started this process. Posting started after Time Warner directed me to a site and requested confirmation of notification that a botnet was operating from my computer. Internet service would not connect until I made this acknowledgement of notification. All has been normal since that acknowledgement.
  2. see attached. I removed taskmgr manually and created new shortcut to taskmgr.exe pointing at System32 folder Fixlog.txt JRT.txt
  3. Still don't understand what this has to do with botnet? I created the shortcuts that puts taskmgr in startup. Are you saying I should do it differently. This has been running this way for many years.
  4. Why are we changing anything to do with taskmgr? I deliberately created the links and put taskmgr in the startup list.
  5. Files attached JRT.txt Fixlog.txt AdwCleanerS0.txt
  6. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015 Ran by Cal Mowrer at 2015-01-20 23:02:57 Running from C:\Documents and Settings\Cal Mowrer\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Disabled - Up to date) {0F8591BB-342B-4493-91C3-4E948ED21255} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1965-72 Ford Car Master Parts and Accessory Catalog (v12.0.3) (HKLM\...\{74DDDC95-771A-4D42-A016-B5A74FD74D06}) (Version: 12.0.3.10001 - Forel Publishing Company, LLC) ACDSee (HKLM\...\ACDSee) (Version: - ) Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe PageMaker 6.5 (HKLM\...\Adobe PageMaker 6.5) (Version: - ) Adobe Photoshop 5.5 (HKLM\...\Adobe Photoshop 5.5) (Version: 5.5 - Adobe Systems, Inc.) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Amazon Cloud Player (HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC) AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies) AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AppName=Secure Delete 1.2 (HKLM\...\Secure Delete_is1) (Version: 1.2 - Alex T.) Arclab Dir2HTML 1.02 Freeware (HKLM\...\Arclab Dir2HTML_is1) (Version: - Arclab Software GbR) Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation) Caere Scan Manager 5.0 (HKLM\...\{81D62C32-0984-11D3-86CD-00105AD33021}) (Version: 5.0 - Caere Corporation) CalendarPal (HKLM\...\CalendarPal) (Version: - Cloudeight Internet LLC) Captain Optimizer (HKLM\...\{2ED7F5E2-922D-4284-90C8-0928B99F2B19}_is1) (Version: 1.1.0.9472 - Softarama) CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - ) Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation) CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell System Detect Bootstrapper (HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell) DeLorme Street Atlas USA 2006 (HKLM\...\{2809AFFB-F3CD-4879-B3B7-A3414C9EA142}) (Version: 1.00.000 - DeLorme Publishing, Inc.) DiskMax 4.56 (HKLM\...\DiskMax) (Version: 4.56 - KoshyJohn.com) DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.22 - Runtime Software) Dropbox (HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH) Epson CreativeZone (HKLM\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - ) Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION) EPSON WorkForce 1100 Series Printer Uninstall (HKLM\...\EPSON WorkForce 1100 Series) (Version: - SEIKO EPSON Corporation) File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION FileLocator Lite 2010 (HKLM\...\FileLocator Lite_is1) (Version: - ) FileOpen Client (HKLM\...\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}) (Version: 3.0.16.879 - FileOpen Systems, Inc.) FileOpenPatcher (HKLM\...\FileOpenPatcher) (Version: - ) Flash File Recovery v5.1 (HKLM\...\Flash File Recovery_is1) (Version: - ) Folder Size for Windows (HKLM\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.4 - Brio) Font Xplorer 1.2.2 (HKLM\...\Font Xplorer) (Version: - ) Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: - ) Foxit Reader (HKLM\...\Foxit Reader) (Version: - ) Free All-In-One Media Player (HKLM\...\Free Media Player_is1) (Version: - Free Software Group) Genius PDF (HKLM\...\{CF360EF6-65B1-47B3-AF23-5F8626108585}_is1) (Version: 2.0 - LiquidPsi Software) Genius PDF Converter (HKLM\...\Genius PDF Converter) (Version: 1.0.0.0 - LiquidPsi Software) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) HP DeskJet 1220C Printer (HKLM\...\HP DeskJet 1220C Printer) (Version: - ) HP DeskJet 1220C Toolbox (HKLM\...\HPW8 Toolbox) (Version: - ) HP PhotoSmart Scanning Software (HKLM\...\HP PhotoSmart Scanning Software) (Version: - ) HP PhotoSmart Photo Printing Software (HKLM\...\HP PhotoSmart Photo Printing Software) (Version: - ) HP PrecisionScan Pro and Utilities (HKLM\...\HP Scanning Software) (Version: - ) Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) LastPass (uninstall only) (HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\...\LastPass) (Version: - LastPass) LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - ) Lizardtech DjVu Control (HKLM\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - ) LizardTech ExpressView Browser Plug-in (HKLM\...\{67CEE8A8-9E1A-440A-9D99-F997EB4FB7AE}) (Version: 6.5 - LizardTech) Macrium Reflect Standard Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Standard Edition (Version: 5.2.6444 - Paramount Software (UK) Ltd.) Hidden MDI Viewer for Microsoft Office 2.0 (HKLM\...\MDI Viewer for Microsoft Office) (Version: - ) MDI2PDF 2.6 (HKLM\...\MDI2PDF Converter_is1) (Version: 2.6 - ) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla) MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version: - ) MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - ) Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden Nokia Software Updater (HKLM\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) NVIDIA Graphics Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation) NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.1.0.0 - NVIDIA Corporation) OmniPage Pro 10.0 (HKLM\...\{1C0094B0-E0A0-11D2-8E60-000086188D94}) (Version: 10.0.0.0 - Caere Corporation) PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PDF OwnerGuard User Edition (HKLM\...\PDFUser) (Version: 12.0.3 - Armjisoft Digital Rights Management Systems) Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - ) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 4.1.0.11 - Nitro PDF Software) PTDD Super Fdisk 1.0 (HKLM\...\{F665C0D9-D110-4E21-A073-952057C7ADB1}) (Version: 1.00.0000 - PTDD Group) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) QuickTime Alternative 2.7.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.7.0 - ) Real Alternative 1.8.2 (HKLM\...\RealAlt_is1) (Version: 1.8.2 - ) Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform) Registry Commander (HKLM\...\Registry Commander_is1) (Version: 3.1 - Softarama) ReImageCompanion (HKLM\...\ReImageCompanion) (Version: - ) ResizeMyPhotos (HKLM\...\{3017C288-2300-4FFE-9CD8-EC59ACABBD45}) (Version: 1.0.1 - SHProd.) RoadRunner (HKLM\...\{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}) (Version: 9 - SupportSoft) ShowBiz (HKLM\...\{07295ABF-1245-415A-BE06-863271753443}) (Version: - ) Sound Blaster X-Fi (HKLM\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - ) Street Atlas USA 2006 (Version: 1.00.000 - DeLorme) Hidden System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC) TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) TreeSize 1.74 (HKLM\...\TreeSize_is1) (Version: 1.74 - JAM Software) TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - ) VERITAS DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 3.60 - VERITAS Software Corporation) VERITAS RecordNow DX (HKLM\...\{8855FF30-19CE-4CB1-A654-87B38369CCE1}) (Version: 4.60 - VERITAS Software Corporation) VERITAS RecordNow DX Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.711 - VERITAS Software) VERITAS Simple Backup (HKLM\...\{60E971B7-51A0-48CA-8687-C6B8F094A409}) (Version: 4.85 - VERITAS Software Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Driver Package - Nokia Modem (02/15/2007 3.1) (HKLM\...\0C5EDC3653FED5B121F464339EAC12534D253B25) (Version: 02/15/2007 3.1 - Nokia) Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 25.0.2012.5 - BillP Studios) Wipe 2013.53 (HKLM\...\Wipe 2013) (Version: - ) XQDC X-Setup Pro 9.2.100 (HKLM\...\xqdcXSP_is1) (Version: 9.2.100 - XQDC Ltd.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCT2.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCT2.OCX (Microsoft Corporation) ==================== Restore Points ========================= 23-10-2014 15:30:41 System Checkpoint 25-10-2014 00:44:37 System Checkpoint 26-10-2014 01:32:19 System Checkpoint 27-10-2014 02:32:13 System Checkpoint 28-10-2014 03:32:15 System Checkpoint 29-10-2014 06:21:29 System Checkpoint 30-10-2014 22:57:02 System Checkpoint 31-10-2014 23:15:00 System Checkpoint 01-11-2014 20:29:22 Printer Driver CutePDF Writer Installed 01-11-2014 20:38:26 Printer Driver CutePDF Writer Installed 01-11-2014 20:51:39 Printer Driver CutePDF Writer Installed 03-11-2014 00:04:26 System Checkpoint 04-11-2014 03:57:39 System Checkpoint 05-11-2014 07:04:46 System Checkpoint 06-11-2014 07:38:16 System Checkpoint 07-11-2014 08:13:44 System Checkpoint 08-11-2014 08:38:16 System Checkpoint 09-11-2014 09:35:14 System Checkpoint 10-11-2014 11:58:34 System Checkpoint 11-11-2014 12:29:03 System Checkpoint 12-11-2014 15:31:44 System Checkpoint 12-11-2014 17:01:30 Revo Uninstaller's restore point - SUPERAntiSpyware Professional 12-11-2014 17:01:41 Removed SUPERAntiSpyware Professional 12-11-2014 17:04:00 Revo Uninstaller's restore point - Super Ad Blocker 12-11-2014 17:05:18 Removed Super Ad Blocker 12-11-2014 17:09:04 Revo Uninstaller's restore point - Yahoo! Music Jukebox 12-11-2014 17:09:21 Removed Yahoo! Music Jukebox. 12-11-2014 17:24:31 Revo Uninstaller's restore point - System Requirements Lab for Intel 13-11-2014 23:10:28 System Checkpoint 15-11-2014 00:53:52 System Checkpoint 16-11-2014 01:18:21 System Checkpoint 17-11-2014 01:55:50 System Checkpoint 17-11-2014 07:41:09 Removed Java 8 Update 25 18-11-2014 12:31:59 System Checkpoint 19-11-2014 20:29:58 System Checkpoint 20-11-2014 23:23:32 System Checkpoint 21-11-2014 23:55:49 System Checkpoint 23-11-2014 00:05:16 System Checkpoint 02-12-2014 23:28:22 System Checkpoint 03-12-2014 23:54:48 System Checkpoint 04-12-2014 08:28:02 Registry Commander Thu, Dec 04, 14 08:27 04-12-2014 09:12:14 Registry Commander Thu, Dec 04, 14 09:12 05-12-2014 09:40:13 System Checkpoint 06-12-2014 14:40:39 System Checkpoint 07-12-2014 22:40:12 System Checkpoint 09-12-2014 00:02:08 System Checkpoint 10-12-2014 00:04:09 System Checkpoint 11-12-2014 01:04:12 System Checkpoint 12-12-2014 01:24:40 System Checkpoint 13-12-2014 02:04:15 System Checkpoint 14-12-2014 04:50:19 System Checkpoint 15-12-2014 05:49:19 System Checkpoint 16-12-2014 06:50:25 System Checkpoint 17-12-2014 06:57:50 System Checkpoint 18-12-2014 07:58:56 System Checkpoint 19-12-2014 08:57:10 System Checkpoint 20-12-2014 09:15:20 System Checkpoint 21-12-2014 10:13:33 System Checkpoint 22-12-2014 11:29:17 System Checkpoint 23-12-2014 13:13:19 System Checkpoint 24-12-2014 16:14:35 System Checkpoint 25-12-2014 16:44:49 System Checkpoint 26-12-2014 22:50:22 System Checkpoint 27-12-2014 23:31:49 System Checkpoint 29-12-2014 00:25:59 System Checkpoint 30-12-2014 01:25:59 System Checkpoint 30-12-2014 02:58:03 Registry Commander Tue, Dec 30, 14 02:57 31-12-2014 03:25:42 System Checkpoint 01-01-2015 04:25:40 System Checkpoint 02-01-2015 05:25:40 System Checkpoint 03-01-2015 12:50:13 System Checkpoint 04-01-2015 12:55:57 System Checkpoint 05-01-2015 17:40:33 System Checkpoint 06-01-2015 21:43:30 System Checkpoint 08-01-2015 00:08:23 System Checkpoint 09-01-2015 00:27:31 System Checkpoint 10-01-2015 01:27:31 System Checkpoint 11-01-2015 02:27:31 System Checkpoint 12-01-2015 03:27:31 System Checkpoint 13-01-2015 04:27:31 System Checkpoint 14-01-2015 05:27:24 System Checkpoint 15-01-2015 06:27:24 System Checkpoint 16-01-2015 07:27:24 System Checkpoint 17-01-2015 08:19:47 System Checkpoint 18-01-2015 08:27:24 System Checkpoint 19-01-2015 09:28:29 System Checkpoint 20-01-2015 10:13:04 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-11 16:00 - 2012-03-02 03:34 - 00000027 ___AC C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Backup Apr 30 2009.job => C:\WINDOWS\system32\ntbackup.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Registry Commander.job => C:\Program Files\Softarama\Registry Commander\RegistryCommander.exe Task: C:\WINDOWS\Tasks\SACO-SACOOneClickCare.job => C:\Program Files\Softarama\Captain Optimizer\SACO.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-16 18:09 - 2012-05-09 02:48 - 00094208 _____ () C:\WINDOWS\system32\GeniusPDF_redmonnt.dll 2009-06-24 21:59 - 2009-04-23 20:55 - 00176235 _____ () C:\WINDOWS\system32\Primomonnt.dll 2013-06-14 13:25 - 2013-06-14 13:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll 2012-06-19 19:12 - 2011-10-26 16:41 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll 2012-07-26 17:43 - 2012-06-20 15:23 - 00599419 ____C () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll 2015-01-13 22:07 - 2015-01-13 22:07 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2006-07-12 13:19 - 2006-07-12 13:19 - 00466944 ____C () C:\WINDOWS\system32\nvshell.dll 2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 ____C () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll 2012-12-18 13:08 - 2012-12-18 13:08 - 14588632 ____C () C:\Program Files\Adobe\Reader 11.0\Reader\NPSWF32.dll 2006-05-28 21:16 - 2006-05-28 21:17 - 06034432 ____C () C:\Program Files\Adobe\Photoshop 5.5\Photoshp.exe 2006-05-28 21:16 - 1999-06-30 20:17 - 00678400 ____C () C:\Program Files\Adobe\Photoshop 5.5\photos01.dll 2006-05-28 21:16 - 1999-06-30 20:17 - 02896896 ____C () C:\Program Files\Adobe\Photoshop 5.5\photos02.dll 2012-12-14 16:36 - 1999-06-30 21:50 - 00056320 _____ () C:\Program Files\Adobe\Photoshop 5(2).5\Plug-Ins\Adobe Photoshop Only\Extensions(2)\FastCore.8BX 2012-12-14 16:36 - 1999-06-30 21:24 - 00179200 _____ () C:\Program Files\Adobe\Photoshop 5(2).5\Plug-Ins\Adobe Photoshop Only\Extensions(2)\MMXCore.8BX 2014-01-30 18:15 - 1999-06-29 20:10 - 00116224 _____ () C:\Program Files\Adobe\Photoshop 5(2).5\Plug-Ins\Adobe Photoshop Only\Automate\ColorWizard.8li ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk => C:\WINDOWS\pss\ymetray.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^Cal Mowrer^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Cal Mowrer^Start Menu^Programs^Startup^FileOpenAPI.exe.lnk => C:\WINDOWS\pss\FileOpenAPI.exe.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Cal Mowrer^Start Menu^Programs^Startup^HP S20 Scanner.lnk => C:\WINDOWS\pss\HP S20 Scanner.lnkStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" MSCONFIG\startupreg: Amazon Cloud Player => "C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe" MSCONFIG\startupreg: CalendarPal => C:\Program Files\CalendarPal\CalendarPal.exe -min MSCONFIG\startupreg: CTDVDDET => "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" MSCONFIG\startupreg: CTHelper => CTHELPER.EXE MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k MSCONFIG\startupreg: MMTray => C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe MSCONFIG\startupreg: NSU_agent => "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit MSCONFIG\startupreg: nwiz => nwiz.exe /install MSCONFIG\startupreg: OmniPage => C:\Program Files\Caere\OmniPagePro10.0\opware32.exe MSCONFIG\startupreg: OM_Monitor => C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: RoboForm => "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" MSCONFIG\startupreg: StorageGuard => "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r MSCONFIG\startupreg: VolPanel => "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r MSCONFIG\startupreg: ymetray => "C:\Program Files\Yahoo\Yahoo! Music Engine\YahooMusicEngine.exe" -preload ========================= Accounts: ========================== Administrator (S-1-5-21-3212094199-3916112403-2054011320-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-3212094199-3916112403-2054011320-1006 - Limited - Enabled) Cal Mowrer (S-1-5-21-3212094199-3916112403-2054011320-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Cal Mowrer Guest (S-1-5-21-3212094199-3916112403-2054011320-501 - Limited - Enabled) HelpAssistant (S-1-5-21-3212094199-3916112403-2054011320-1004 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-3212094199-3916112403-2054011320-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Name: Nokia 6126 Description: Nokia 6126 Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Manufacturer: Nokia Service: WUDFRd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/20/2015 10:11:42 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (01/20/2015 10:11:42 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (01/20/2015 05:11:28 PM) (Source: crypt32) (EventID: (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This operation returned because the timeout period expired. Error: (01/17/2015 10:08:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application photoshp.exe, version 5.0.128.0, faulting module photoshp.exe, version 5.0.128.0, fault address 0x00431116. Processing media-specific event for [photoshp.exe!ws!] Error: (01/17/2015 07:54:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application photoshp.exe, version 5.0.128.0, faulting module photoshp.exe, version 5.0.128.0, fault address 0x00431116. Processing media-specific event for [photoshp.exe!ws!] Error: (01/13/2015 07:30:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application photoshp.exe, version 5.0.128.0, faulting module photoshp.exe, version 5.0.128.0, fault address 0x00431116. Processing media-specific event for [photoshp.exe!ws!] Error: (01/12/2015 06:15:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application photoshp.exe, version 5.0.128.0, faulting module photoshp.exe, version 5.0.128.0, fault address 0x00431116. Processing media-specific event for [photoshp.exe!ws!] Error: (01/10/2015 10:22:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application photoshp.exe, version 5.0.128.0, faulting module photoshp.exe, version 5.0.128.0, fault address 0x00431116. Processing media-specific event for [photoshp.exe!ws!] Error: (01/10/2015 08:53:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689. Processing media-specific event for [explorer.exe!ws!] Error: (01/04/2015 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application photoshp.exe, version 5.0.128.0, faulting module photoshp.exe, version 5.0.128.0, fault address 0x00431116. Processing media-specific event for [photoshp.exe!ws!] System errors: ============= Error: (01/20/2015 10:37:01 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 05:37:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 04:37:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 03:37:28 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 02:37:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 01:37:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 00:38:01 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 11:37:31 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 10:37:12 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (01/20/2015 09:37:56 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate1c9fbe1711bb768 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Microsoft Office Sessions: ========================= Error: (01/20/2015 10:11:42 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (01/20/2015 10:11:42 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (01/20/2015 05:11:28 PM) (Source: crypt32) (EventID: (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThisoperation returned because the timeout period expired. Error: (01/17/2015 10:08:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: photoshp.exe5.0.128.0photoshp.exe5.0.128.000431116 Error: (01/17/2015 07:54:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: photoshp.exe5.0.128.0photoshp.exe5.0.128.000431116 Error: (01/13/2015 07:30:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: photoshp.exe5.0.128.0photoshp.exe5.0.128.000431116 Error: (01/12/2015 06:15:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: photoshp.exe5.0.128.0photoshp.exe5.0.128.000431116 Error: (01/10/2015 10:22:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: photoshp.exe5.0.128.0photoshp.exe5.0.128.000431116 Error: (01/10/2015 08:53:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.605500011689 Error: (01/04/2015 08:58:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: photoshp.exe5.0.128.0photoshp.exe5.0.128.000431116 ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 3.00GHz Percentage of memory in use: 34% Total physical RAM: 3582.08 MB Available physical RAM: 2347.6 MB Total Pagefile: 15417.45 MB Available Pagefile: 13866.59 MB Total Virtual: 2047.88 MB Available Virtual: 1926.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.98 GB) (Free:1563.07 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive e: (Local Disk) (Fixed) (Total:698.64 GB) (Free:302.71 GB) NTFS Drive g: () (Fixed) (Total:1863.01 GB) (Free:1151.13 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or (Size: 1863 GB) (Disk ID: 012552E1) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 698.6 GB) (Disk ID: 02F8617F) Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 7A6D57B1) Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015 Ran by Cal Mowrer (administrator) on CALS2-4GBS on 20-01-2015 23:01:55 Running from C:\Documents and Settings\Cal Mowrer\My Documents\Downloads Loaded Profiles: Cal Mowrer (Available profiles: Cal Mowrer & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Microsoft Corporation) C:\i386\taskmgr.exe (SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\dmadmin.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 5.0\Acrobat\acrobat.exe (Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\Web\AOM.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Fred's Software Company) C:\Program Files\Printkey.exe () C:\Program Files\Adobe\Photoshop 5.5\Photoshp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [384232 2012-07-12] (BillP Studios) HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\...\Run: [EPSON WorkForce 1100 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFEA.EXE [199680 2009-01-06] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\...\Run: => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH) HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\...\Policies\Explorer: [NoSaveSettings] 0 Startup: C:\Documents and Settings\Cal Mowrer\Start Menu\programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Cal Mowrer\Start Menu\programs\Startup\Shortcut to taskmgr.exe.lnk ShortcutTarget: Shortcut to taskmgr.exe.lnk -> C:\i386\taskmgr.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3212094199-3916112403-2054011320-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File SearchScopes: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005 -> DefaultScope {6E1382A1-2532-4895-8248-09476E8DB7A6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} SearchScopes: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005 -> {6E1382A1-2532-4895-8248-09476E8DB7A6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: LastPass Browser Helper Object -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Documents and Settings\Cal Mowrer\Application Data\LastPass\LPBar.dll (LastPass) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Documents and Settings\Cal Mowrer\Application Data\LastPass\LPBar.dll (LastPass) Toolbar: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005 -> No Name - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File Toolbar: HKU\S-1-5-21-3212094199-3916112403-2054011320-1005 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab Handler: base64 - No CLSID Value - Handler: chrome - No CLSID Value - Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll (LizardTech) Handler: prox - No CLSID Value - Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll (LizardTech) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\yv6pgd8v.default-1418869676936 FF DefaultSearchEngine: Google FF Homepage: https://www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\irznxnvt.default\searchplugins\yahoo_ff.xml FF Extension: Browser Companion Helper - C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\irznxnvt.default\Extensions\[email protected] [2012-04-18] FF Extension: No Name - C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\irznxnvt.default\Extensions\[email protected] [2010-02-02] FF Extension: No Name - C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\irznxnvt.default\Extensions\[email protected] [2012-03-04] FF Extension: No Name - C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\irznxnvt.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}(2) [2007-10-31] FF Extension: No Name - C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\irznxnvt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2007-07-31] FF Extension: No Name - C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\irznxnvt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3) [2007-11-11] FF Extension: NoScript - C:\Documents and Settings\Cal Mowrer\Application Data\Mozilla\Firefox\Profiles\yv6pgd8v.default-1418869676936\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-16] Chrome: ======= CHR HomePage: Default -> https://www.google.com/ CHR StartupUrls: Default -> "https://www.google.com/","chrome-search://local-ntp/local-ntp.html" CHR Profile: C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-05] CHR Extension: (Google Drive) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29] CHR Extension: (YouTube) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-05] CHR Extension: (Google Search) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-05] CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2013-10-31] CHR Extension: (Email This Page) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfkjckpdlhaiifglhkakloaghafbhdo [2014-06-20] CHR Extension: (Chromebleed) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-17] CHR Extension: (ReImage Browser Helper) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem [2013-05-05] CHR Extension: (Google Wallet) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20] CHR Extension: (Gmail) - C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-05] CHR HKLM\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files\ReImageCompanion\blabbers-ch.crx [2012-02-10] CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [Not Found] CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [Not Found] CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH) S4 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 EPSON_EB_RPCV4_01; C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_01; C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION) R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [131072 2007-11-14] (Brio) [File not signed] S4 gupdate1c9fbe1711bb768; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-15] (Google Inc.) R2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86142 2005-04-25] (Intel Corporation) [File not signed] S4 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [5241448 2009-12-08] () S3 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd) S4 SACODiskOptimizer; C:\Program Files\Softarama\Captain Optimizer\SACODefragSrv.exe [239936 2011-04-25] (Softarama, (www.Softarama.com)) S4 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X] S4 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [X] S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated) R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation) [File not signed] R3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-01-21] (Emsisoft GmbH) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] () S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd) R0 drvmcdb; C:\WINDOWS\System32\DRIVERS\drvmcdb.sys [83360 2003-02-03] (Sonic Solutions) [File not signed] R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40416 2003-02-05] (Sonic Solutions) [File not signed] R3 hpusbfd; C:\WINDOWS\System32\DRIVERS\hpusbfd.sys [7552 2002-05-22] (Hewlett-Packard Co.) [File not signed] S3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28276 2006-06-03] (MusicMatch, Inc.) [File not signed] R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed] S3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-03-21] (Padus, Inc.) [File not signed] R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software) R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed] R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5589 2003-02-05] (Sonic Solutions) [File not signed] R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23059 2003-02-05] (Sonic Solutions) [File not signed] S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.) R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [23957 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34773 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4053 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2169 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [55540 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14133 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6293 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [96596 2003-03-12] (Sonic Solutions) [File not signed] R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [99029 2003-03-12] (Sonic Solutions) [File not signed] S2 ASPI32; No ImagePath S3 catchme; \??\C:\DOCUME~1\CALMOW~1\LOCALS~1\Temp\catchme.sys [X] S3 cpuz134; \??\C:\DOCUME~1\CALMOW~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X] S3 esihdrv; \??\C:\DOCUME~1\CALMOW~1\LOCALS~1\Temp\esihdrv.sys [X] S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X] S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X] S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [X] S3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [X] S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 23:01 - 2015-01-20 23:01 - 00000000 ____D () C:\FRST 2015-01-20 22:12 - 2015-01-20 22:14 - 00000000 ____D () C:\EEK 2015-01-20 22:12 - 2015-01-20 22:12 - 00000637 _____ () C:\Documents and Settings\Cal Mowrer\Desktop\Start Emsisoft Emergency Kit.lnk 2015-01-14 20:50 - 2015-01-14 20:50 - 07292928 _____ () C:\Documents and Settings\Cal Mowrer\Desktop\Peru - El Condor Pasa.ppt 2015-01-14 10:34 - 2015-01-14 14:46 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-01-13 22:07 - 2015-01-13 22:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-30 20:51 - 2014-12-30 20:52 - 00000000 _____ () C:\Documents and Settings\Cal Mowrer\My ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 23:02 - 2012-03-02 03:36 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\Local Settings\temp 2015-01-20 22:57 - 2012-02-26 11:31 - 00000829 ____C () C:\WINDOWS\wiadebug.log 2015-01-20 22:53 - 2012-10-11 18:56 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-20 22:37 - 2009-07-03 07:36 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-20 22:10 - 2014-01-06 21:58 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2015-01-20 17:12 - 2012-07-14 11:19 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\Cars 7-14-12 2015-01-20 10:53 - 2012-02-26 11:30 - 00032632 _____ () C:\WINDOWS\SchedLgU.Txt 2015-01-20 02:57 - 2011-07-29 16:53 - 00000306 ____C () C:\WINDOWS\Tasks\Registry Commander.job 2015-01-19 23:58 - 2012-02-26 11:31 - 00000049 ____C () C:\WINDOWS\wiaservc.log 2015-01-19 23:37 - 2009-07-03 07:36 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-19 22:11 - 2012-06-21 14:23 - 00000000 ___RD () C:\Dropbox 2015-01-19 22:10 - 2012-06-21 14:12 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\Application Data\Dropbox 2015-01-19 22:09 - 2012-04-26 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-19 22:09 - 2009-12-17 17:03 - 00064175 ____C () C:\WINDOWS\system32\NvwsApps.xml 2015-01-19 22:09 - 2004-08-11 16:20 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT 2015-01-19 22:09 - 2004-08-11 16:00 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl 2015-01-19 22:08 - 2012-02-26 11:31 - 01333332 ____C () C:\WINDOWS\WindowsUpdate.log 2015-01-19 22:08 - 2008-12-02 23:23 - 00001080 ____C () C:\WINDOWS\system32\settingsbkup.sfm 2015-01-19 22:08 - 2008-12-02 23:23 - 00001080 ____C () C:\WINDOWS\system32\settings.sfm 2015-01-19 22:08 - 2006-05-27 09:40 - 00000178 __SHC () C:\Documents and Settings\Cal Mowrer\ntuser.ini 2015-01-19 22:08 - 2006-05-27 09:40 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer 2015-01-18 23:47 - 2007-02-25 15:56 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\Calendar 2015-01-18 20:00 - 2009-02-14 21:58 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\E-bay 2015-01-18 15:22 - 2006-05-29 15:00 - 00001480 ____C () C:\WINDOWS\AUTOLNCH.REG 2015-01-18 11:40 - 2006-06-25 09:38 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\Application Data\Smart Recorder 2015-01-18 11:09 - 2006-12-17 19:26 - 00000072 ____C () C:\WINDOWS\sbwin.ini 2015-01-16 20:39 - 2006-11-17 05:49 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\Paypal 2015-01-16 08:39 - 2006-12-17 20:09 - 00000147 ____C () C:\WINDOWS\CTWave32.ini 2015-01-14 14:46 - 2014-12-02 19:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird.bak 2015-01-14 03:34 - 2012-08-10 02:34 - 00000426 ____C () C:\WINDOWS\Tasks\SACO-SACOOneClickCare.job 2015-01-13 22:38 - 2013-05-05 19:06 - 00001813 ____C () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-01-12 10:21 - 2006-05-29 07:49 - 00000000 ___RD () C:\Documents and Settings\Cal Mowrer\My Documents\ 2015-01-10 12:22 - 2013-08-01 07:40 - 00026268 ____C () C:\WINDOWS\wmsetup.log 2015-01-10 12:20 - 2006-05-29 07:33 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\funnies 2015-01-09 18:03 - 2006-07-02 07:57 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\Health 2015-01-08 14:23 - 2014-01-18 18:25 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\Application Data\vlc 2015-01-07 13:33 - 2009-12-27 14:16 - 00000000 ____C () C:\WINDOWS\system32\FOXIT_PDF 2015-01-03 13:37 - 2007-06-12 18:24 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\Phone Stuff 2015-01-02 15:48 - 2012-06-21 14:23 - 00001037 _____ () C:\Documents and Settings\Cal Mowrer\Desktop\Dropbox.lnk 2015-01-02 15:48 - 2012-06-21 14:12 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\Start Menu\Programs\Dropbox 2014-12-29 19:53 - 2006-10-12 07:16 - 00000000 ____D () C:\Documents and Settings\Cal Mowrer\My Documents\Travel 2014-12-27 19:28 - 2013-09-17 19:32 - 00162454 ____C () C:\WINDOWS\setupapi.log 2014-12-22 11:00 - 2006-05-28 20:32 - 00002439 ____C () C:\Documents and Settings\All Users\Start menu\Open Office Document.lnk ==================== Files in the root of some directories ======= 2011-07-28 12:15 - 2011-07-28 12:15 - 1873239 ____C () C:\Program Files\dixmlsetup.exe 2009-04-14 17:36 - 2007-02-04 22:03 - 0372736 ____C (LizardTech) C:\Program Files\djvu0409.dll 2009-04-14 17:36 - 2007-02-04 22:03 - 0651264 ____C (LizardTech) C:\Program Files\DjVuCntl.dll 2009-04-14 17:36 - 2007-02-04 22:03 - 0208896 ____C () C:\Program Files\DjVuViewer.exe 2011-07-27 20:29 - 2011-07-27 20:29 - 1528184 ____C (Microsoft Corporation) C:\Program Files\GenuineCheck.exe 2009-04-14 17:36 - 2005-11-22 08:47 - 0035299 ____C () C:\Program Files\license.txt 2011-07-27 20:40 - 2011-07-27 20:40 - 0589528 ____C (Microsoft Corporation) C:\Program Files\mssstool32.exe 2009-04-14 17:36 - 2007-02-04 22:02 - 1642496 ____C (LizardTech) C:\Program Files\npdjvu.dll 2006-06-18 18:03 - 2000-05-12 21:21 - 0589824 ____C (Fred's Software Company) C:\Program Files\Printkey.exe 2009-04-14 17:36 - 2007-01-12 11:23 - 0007866 ____C () C:\Program Files\readme.txt 2011-07-28 11:50 - 2011-07-28 11:50 - 0261368 ____C (Reimage®) C:\Program Files\ReimageRepair.exe 2009-08-15 10:04 - 2009-08-15 10:04 - 4928376 ____C (Microsoft Corporation) C:\Program Files\Silverlight.exe 2013-08-08 11:31 - 2013-08-08 11:31 - 0889416 ____C (Microsoft Corporation) C:\Documents and Settings\Cal Mowrer\Application Data\dotNetFx40_Full_setup.exe 2012-08-08 12:41 - 2014-05-31 13:52 - 0006850 ____C () C:\Documents and Settings\Cal Mowrer\Application Data\PrimoPDFSet.xml 2006-07-12 01:44 - 2014-11-16 15:11 - 0227328 ____C () C:\Documents and Settings\Cal Mowrer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Documents and Settings\Cal Mowrer\dotnetfx.exe Some content of TEMP: ==================== C:\Documents and Settings\Cal Mowrer\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfx6dwt.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  7. When clicking on a trusted email link, Time Warner Cable sent me to a site explaining I was part of a botnet. This has happened previously 1-3 yrs agp with no conclusive results. I ran a complete scan and quarentined one object before following instructions about EEK and Farbar. Cannot attach logs. Tried Firefox and Chrome. Basic and advanced uploader. Rebooted in midst of vaeious attempts. Application hangs every time.
  8. Update. Bootup was much better. Still got same hang ups some times. I put a 90 sec delay on a2guard and 5 min 30 sec on a2service. Running this way for over amonth. No instances of hanging at boot up. Many reboots performed since the delay was implemented.
  9. I did reformat the new Drive (was F and now is C) again for about 3rd time. Long frustrating experience. Also reconfigured the drive configuration. Uninstalled EAM about 8 hrs ago. Reason one-just slows down boot process too much. Especially when troubleshooting and multiple boots are necessary. Reason two - The hangup issue came back after disk copy. Just like original issue. I think I have a config that is workable for me. I then reinstalled EAM about 2 hours ago on Drive C only. Have not rebooted. Second bootable drive (G) has no EAM, no Windows update, and no System Restore functionality. I'll try to remember to post results about any future hang ups on boot up. Any chance there is an EAM policy about future Win XP support, beyond Apr 2014?. Will you continue to support it? Queston is from a malware and antivirus standpoint.
  10. I was/am reluctant to re-install on C. Maybe it will re-instate whatever problem was causing the original hanging of Windows boot up? Stated differently, I'm unsure of exactly what was causing original hanging issue. I assume it was something in the EAM that was on the cloned F drive that made it think it was still on C? Not sure.
  11. Do I need to re-install EAM on drive C before running OTL? Since doing deep un-install on C and F, then re-installed to F: Booting on F is OK with no hang up and no external delay required. Good shutdown requires that Windows update be turned off in control Panel and Services. Only observed the hang up on shutdown once after temporarily re-enabling Windows Update. Performed no further investigations on that issue. I have been spending all my time trying to correct a problem with System Restore. Exists on all 3 cloned drives (E, F, and G). That in conjunction with Windows Updates problem (all 3 cloned drives) AND another issue with operating system losing tract of sound card (recovers on re-boot). All this has me strongly considering starting over with a Formatted F and copy from C to F using Macrium as opposed to Drive Image. Also being booted on C for copy as opposed to G. Have not decided. At this point EAM installed only on drive F. Was never on E and G. They were copied before EAM installed on my computer.
  12. Additional Note. I re-enabled Windows update for drive F. a2service memory usage remained >200M. Turned Automatic updates off and re-booted. System hung up on shutown. First time this happened. After an AC power off shutdown and reboot, the drive F re-boot performed OK. That is; an initial high memory usage by a2service for approximately 5 min(?), then memory usage dropped way down to <2M.