Jump to content

golfnut123

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Everything posted by golfnut123

  1. I have several YI security cameras at both my shop and home. For some odd reason on just one malwarebytes pops up when I log into this one. malwarebytes.txt
  2. Looks like someone got it going. Mine is now working.
  3. All of a sudden I can't update. Error said something went wrong. One or more items in the current update did not complete
  4. I set Firefox as the default and made sure Edge and Chrome both had the extension which they did. It now works though and said great job is staying safe and secure. THANKS so much.
  5. I use Firefox 95 % of the time and it shows the browser guard in top of screen. When I open Malwarebytes it shows I need to tidy up my security. It said browser guard is not installed yet it is.
  6. Seems to be gone after the manual updates . Thanks 😁
  7. Let me see if I can get that to work. Thanks
  8. I have the pro version of malwarebytes. It is up to date. I find nothing when I scan but yesterday I guess I clicked on a bad website now I keep getting a warning that I will include in this post .My computer didn't want to shut down yesterday and today it booted to a black screen. I was finally able to get it back but this ipv4.login.msa.akadns6.net keeps showing its face.
  9. !!This being said, if you cannot remove Malwarebytes because of F-Secure and it's DeepGuard, I suggest you to disable it temporarily while you uninstall it !! I did just that and it still would not remove. I would like to suggest to who ever owns Malwarebytes is to write a fix for this problem. My son works with a programmer and things like this are done all the time. Malwarebytes is stuck on this computer and just will not come off. I give up and just removed F-Secure. She said she would just leave it like it is being she has already bought this program for two years. Over the years that I have worked on computers I have had issues with removing programs. Most of the time I just reformatted the computer to solve the problem. In her case it would take way to long to put her things back. Maybe Malwarebytes can write an uninstall tool like AVG does and other companies do. I am sure I am not the only person that has had this problem. Thanks.
  10. How do we go about getting a refund ? Also I cannot remove Malwarebytes so what now ? I still get the error . I think Malwarebytes should tell me a way to remove their program when it will not work from the add-remove part of windows. Like I said I am a little annoyed at all this because the person that owns this computer listened to me as I helped her buy this program. Sort of bad on a brand new computer for this to happen.
  11. It was my idea to tell her to purchase the Pro version of malwarebytes which was a mistake. I worked on this problem remote for a few hours and finally give up and removed F-secure which I didn't want to do. There is no way to contact malwarebytes by phone as I could find so you can bet I will never recommend it to anyone again. I have been working on computers for 18 years This is one of the few times I could not even remove a program I installed from the Add-Remove in windows yet F-Secure uninstalled fine. Almost like a Trojan itself. I did shut off the DeepGuard as suggested but the problem was still there after I rebooted. I did everything that was suggested here and nothing worked except me having to remove F-Secure which annoyed me. If she had not paid for Malwarebytes I would just have removed it and let things go as F-secure was working fine. Maybe the problem would not have showed up if I had installed Malwarebytes first but that I will never know. I do know things worked fine after removing F-Secure so I am leaving it to her now. Just hate that she has no way of showing bad websites which F-Secure had. WOT is what I did recommend in the past but I see they have had problems so I hope Malwarebytes blocks bad site if she goes to one by mistake.
  12. That is why I installed F-Secure but it would not work with this version of malwarebytes. When I removed F-Secure all was well. I didn't want to start changing setting as I never had to in the past. Maybe the programmers will write a patch to fix this problem because I see I was not the only person having this problem. For now I got the Windows Defender that comes in Windows 10 for antivirus with Malwarebytes so that should be good enough. THANKS
  13. File C:\Program files\malwarebytes\animalware\unins000.dat Error 5: Acess denied. I messed with this thing all afternoon and then did this I removed F-Secure antivirus and it worked. She can live with malwarebytes pro and windows defender even though I have both on my computer but I am running the older version lifetime version of malwarebytes which I bought years ago. I did like F-Secure because it would show me if a website was safe and that is what I put it on her computer. Charter supplies it free to their customers so no big deal as it did not cost anything. Malwarebytes was working fine yesterday after I installed it and I rebooted her computer several times. Today is when the problem started. I don't like a program I cannot remove and I tried every trick suggested here to get malwarebytes off the computer so I could install it again but it just would not remove. Whats up with that ? anyway it is ok for now. Is the new version of Malwarebytes 3.0.6 good without installing any antivirus ?
  14. Did not work. Still could not remove. I noticed on my computer I have a service right about Mbam service that says Mbam scheduler. Should this be on this new HP laptop because it is missing. I just cannot remove the program even after I deactivated it and then tried to remove it. This is annoying to say to least.
  15. I bought the 3.0 version yesterday, two years of updates. Paid with credit card. It worked fine yesterday but today it will not start. I get this message unable to connect the service I cannot even remove it and reinstall it as I get an error when trying to do this. I didn't write the exact error down but to say the least I am a little bit annoyed. This is a new HP Laptop and was only trying to help stop things from getting on here. Any tips on how I can get malwarebytes to work again ???
  16. I don't have this computer in front of me now. It is a friends so it may be a few days before I get him to bring it over. THANKS and I will get back.
  17. 2nd log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017 Ran by maryclyne (19-01-2017 18:24:20) Running from C:\Users\maryclyne\Desktop Windows 10 Home Version 1511 (X64) (2015-12-27 02:50:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3304695931-2058254051-2897350217-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3304695931-2058254051-2897350217-503 - Limited - Disabled) Guest (S-1-5-21-3304695931-2058254051-2897350217-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3304695931-2058254051-2897350217-1002 - Limited - Enabled) maryclyne (S-1-5-21-3304695931-2058254051-2897350217-1000 - Administrator - Enabled) => C:\Users\maryclyne ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden 3100_3200_3300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 3100_3200_3300trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 3200 (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1424 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1424 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1124.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.) AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies) AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG Technologies) AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden ccc-core-static (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.) Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Glance 2.9 (HKLM-x32\...\Glance_is1) (Version: - Glance Networks, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photo Imaging Software (HKLM-x32\...\HP Photo Imaging Software) (Version: - ) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.) LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - ) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC) Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.) OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Photo Explosion (HKLM-x32\...\{822944D4-BC5D-44AE-9315-16C174D318B0}) (Version: 4.0.0.12 - Nova Development) Picture Window 4.0 (HKLM-x32\...\{4F8D3FF1-1A21-4425-8518-4FC135FE8A92}) (Version: 4.0.1.12 - Digital Light & Color) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.) RogueKiller version 12.9.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.4.0 - Adlice Software) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Scan PC software for KODAK Personal Photo Scanner (HKLM-x32\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.3.0 - Q) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SoundTrax (x32 Version: 4.0.18.0 - Nero AG) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company) Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated) Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> no filepath ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0943B3D0-C70E-4375-A073-CD5ABE17C78F} - System32\Tasks\{90B00CC0-3CC0-4D37-A7F3-E2AE07C02FA3} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {0D63C88F-1823-43D4-8DAF-F4FB7D136340} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {0D7F051F-EF10-4343-9A5B-E726A1D9E9F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0F2FA3A3-13B6-4786-B584-4B58670FED3C} - System32\Tasks\{0DEC06D1-BA89-4197-8393-389B1FEC454F} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {129957BE-D085-460A-B247-3D5668FFD063} - System32\Tasks\{221D4751-FAA3-46C7-B9E9-B9D15E02C829} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll Task: {1356A73A-2B66-4C80-8D18-8D27EA89DE2F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated) Task: {17089F56-BCE4-4805-B2FF-20B589C41A24} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {178B0944-DE02-4A0F-BD40-8130C8E208F4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {1E0DF903-4635-4638-8513-8E2F410A701A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {1F077F7A-5C13-4056-A4A1-BFBD18CD6445} - System32\Tasks\{243E4A77-5CA0-4C66-A9B6-E9F4826C03B6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE [2007-04-09] (Microsoft Corporation) Task: {1F7E5989-7B35-446A-8B7D-EF195F07AF3C} - System32\Tasks\{DBC67EE3-ED2C-4FF5-B4CD-0AC4343AB2A6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {2072669E-3884-4C4D-B81A-8A75FBC27D3D} - System32\Tasks\{628CB38B-7452-4B85-9A17-5AA912C544D5} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {224EFD0C-B680-4ABD-A853-DAA8CC9BFBAC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {24D00D6E-CBBD-423F-89A3-4C10EA6B3358} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {298A95B1-9368-4EEB-9B4F-DC5E60A3969B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.) Task: {2C4E8127-BB81-443C-8029-93C369BAF703} - System32\Tasks\{14C17245-F2A9-4625-91AB-22A0A9109288} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {2D78E680-A02F-4C9E-A4A2-5541A60FB575} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {3418839B-88B9-4D1F-A0A7-85EE22212624} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {342274A7-62D2-47A6-B356-0C83120E3A29} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {349ADF61-3452-409B-8639-A18A6A977722} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3AF4E02B-1970-4850-A507-69697305082E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {3B98C873-B4F0-496E-A2CB-DED757E12C3A} - System32\Tasks\{0C9460EF-948D-4868-B394-A3F0DC760C90} => pcalua.exe -a "C:\Program Files (x86)\Install Converter\Install_Converter.exe" -d "C:\Program Files (x86)\Install Converter" Task: {4087C71B-B5BB-44CE-A305-E245061D480E} - System32\Tasks\{934D162F-3150-419A-937E-8116DF2005A6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {4704D7FD-7CE1-4D7F-8A1A-7C0594AF9CF1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {51B3E3AE-8C9D-427D-9562-80F7995B52B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {57DCDE58-2CD0-46B9-AF96-DCBE76A594CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {57EC3B17-B7F0-4DCF-B355-AC70A5843B63} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {57FC202B-950B-43C3-B900-C933B181A834} - System32\Tasks\{A29B6463-DE62-4E34-A89D-A5429355ADCF} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {5A3F6449-4BC0-4AD9-A58E-2E30FFE8D946} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {616DCBAE-3912-4E1F-BB44-3C06BAFA3AC2} - System32\Tasks\{490B122F-3E83-493B-B1DE-802A5F8003CA} => C:\FreeOCR\FreeOCR.exe Task: {6CBA18DC-F61B-456C-B4CD-888F24B73AD9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {6D79435F-A7DE-4918-821D-716747492380} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {79F5D90E-B25D-4C51-95CE-E03BF4383CAF} - System32\Tasks\{2030E40D-4742-401C-8FA2-C71E8B78BF8A} => C:\FreeOCR\FreeOCR.exe Task: {84E2B2AE-6E81-4B10-A762-6BA938A726B9} - System32\Tasks\{E42EDBFF-FE16-45E4-92FB-BB326C12CE1D} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {87250C94-033C-4766-9634-49B7A0840E35} - System32\Tasks\{5E16BE52-FB5C-4216-B8A2-780CD89685C9} => C:\FreeOCR\FreeOCR.exe Task: {88876E95-5453-47BE-A7ED-33789F01C83B} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {88E80309-28DD-4FD5-ADEE-9EA63B4646CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {8B2F49DB-3CF0-44EF-B2D8-FBB7318211AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {900DC5FA-7746-4E90-A830-15BC849B67FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated) Task: {92CD9D2E-5451-4D43-9001-6FC244214B57} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {9518038E-C134-4D75-BF88-7B386347B507} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {96FC994D-F54E-4B90-94C3-A01DE458C12F} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {97069FF1-2079-4D52-97AF-75DD71A06373} - System32\Tasks\{0F6DEA0C-3876-4916-9E1A-3DC5A3C20851} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {98D92E22-78FC-4952-865C-8D1001959B85} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {993A2BE9-A6A6-4C50-9D6F-9A5A5A3F34DA} - System32\Tasks\{50389D1F-D20E-4183-B515-8BC23F385151} => E:\My Files\My Downloads\install_flash_player_ax.exe Task: {9ACA9F84-3090-4DAC-9EA8-F4522FE1C626} - System32\Tasks\{58DE4CDA-16D7-4C31-94E6-D59A85D6167B} => C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe [2012-01-26] (Barnes & Noble, Inc.) Task: {9DFE7699-6E67-401C-82B9-49C1D1B21BB2} - System32\Tasks\{03785062-BCB7-4763-A279-E8B0EB608670} => C:\FreeOCR\FreeOCR.exe Task: {9F584F07-8D0A-459B-8134-E039681FC534} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {AB6019DB-F6D4-4E98-B541-8ACD71BB5702} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {AB769E0B-B037-4B6E-A470-A0B3C4781D06} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {AD638837-326A-45F5-A531-D00CF517851B} - System32\Tasks\NeroLiveEpgUpdate-maryclyne-PC_maryclyne => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18] (Nero AG) Task: {AF275449-D427-49E1-8042-BCBF71905D6F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {B3BAFC73-C666-4389-AC4D-C974E2F85205} - System32\Tasks\{4DC94D3A-44DC-405C-B8A6-5D9214891642} => pcalua.exe -a D:\setup.exe -d D:\ Task: {B5976454-738A-4BDD-9600-9F352487DF84} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {B645446F-9BA2-420D-9ECC-E9F6497531C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B6CF8611-EC4E-4061-BC4F-E65CA93EFC7E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B7061A47-91B2-47FC-A1A1-BA26C2244EAC} - System32\Tasks\{3C9EFABC-BC97-484D-BA36-722397D33F19} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {BBC73CA3-9E55-4B89-BE38-143DA61B73AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {BC25C43B-77A3-4865-9F24-34B6EAC75154} - System32\Tasks\{84164796-CE53-4D82-8CB9-28CFEDAED3DE} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {BE95567A-868F-4DBD-B0AA-34AD0D6176EE} - System32\Tasks\{68C0DBDF-354D-4070-BBD9-DEE7AD503B28} => C:\FreeOCR\FreeOCR.exe Task: {C26EF1EA-D903-4100-A576-3787E852F4CC} - System32\Tasks\{6935A943-51B5-46DE-B342-9FA05F45965E} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {C29704AA-ACAC-4A6C-8A68-04907570D84F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {C5444FAF-D423-49CD-B2B9-54756990C1B9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {CA842EDE-F67C-4DC6-AD8F-284307555278} - System32\Tasks\{11AADC47-A2B3-469A-AACF-504F57353C20} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {CE73AD1E-DBB5-481D-B6F6-9DD7450B5883} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {D5C3929C-0194-423F-9CB0-5473548812D8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {D75B3F78-3B2E-4283-A357-B5497DDBF617} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {DACA3D52-8725-49AB-92C0-E987DEC70BEA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {E90C961F-CDEB-4A1E-84B4-F3E589913720} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] () Task: {E97AB03C-51DA-4652-B4F3-944F35974EB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {F19F389A-2653-437F-9282-62404A92C88C} - System32\Tasks\{70215D4F-7167-4986-9D2D-673C43C3B98F} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {F1E7431C-4357-466C-941B-8C5B4305AF2D} - System32\Tasks\{36587F7D-BB5B-4589-8610-7CCB9DA74577} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {F44FE212-5936-42BE-B0F2-7A725B915EA8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {F5470E9B-173B-4DA0-BCFC-138A4F7E22E9} - System32\Tasks\{A289A9F9-8EF0-46DD-A2F5-4574092FB457} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {F75BE5E2-788C-4CA0-ABAD-AFC5F9899368} - System32\Tasks\{8A725581-5E97-4BF7-8C31-E0E8571B438C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {FA06DEF5-D2CB-4754-9B8C-0C8F44F91C7B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {FA1417D2-F88A-459C-8572-3AB3E6E3007D} - System32\Tasks\{973BCBA2-C895-4DBC-9547-8C0ADC4AE56E} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FA90E967-B7BE-48B0-BD48-1060173239C9} - System32\Tasks\{10ADD658-9A2C-43F9-994C-2346F26F87D7} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FB0040A5-3EC3-474F-89A2-DC2F32E3C8EF} - System32\Tasks\{A43A1EA8-5F1E-40A5-85CD-147076C063B6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FF56291F-811E-42E4-9F8D-ED01A8C1B4F3} - System32\Tasks\{73DF72D6-BFC0-4F01-B2D8-60C03CF438E8} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FF9E4A1D-37FD-4513-B63D-81073DC3761D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\NeroLiveEpgUpdate-maryclyne-PC_maryclyne.job => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2017-01-19 13:34 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-19 13:34 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-01-19 13:34 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2012-03-27 15:54 - 2010-06-17 08:46 - 00093184 _____ () C:\Program Files (x86)\Scan PC\ScPCS64.exe 2016-07-30 09:53 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-07-30 09:53 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll 2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2015-12-26 21:10 - 2015-12-26 21:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-30 09:58 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-30 09:53 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-30 09:53 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-30 09:53 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-30 09:53 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-09 18:44 - 2016-09-07 14:07 - 01707080 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe 2016-01-25 12:39 - 2016-01-25 12:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll 2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll 2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll 2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll 2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll 2010-06-28 16:20 - 2010-06-28 16:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 16:12 - 2010-06-28 16:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2013-10-31 09:05 - 2013-10-31 09:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-12-28 08:37 - 2016-12-28 08:37 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2011-06-23 20:21 - 2009-05-20 16:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2016-01-25 12:39 - 2016-01-25 12:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-25 12:39 - 2016-01-25 12:39 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302] AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302] AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302] AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.reg: Regedit.Document => <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\100sexlinks.com -> 100sexlinks.com There are 4792 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: Norton PC Checkup Application Launcher => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scan PC.lnk => C:\Windows\pss\Scan PC.lnk.CommonStartup MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: BringMeSports AppIntegrator 32-bit => C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator.exe MSCONFIG\startupreg: BringMeSports AppIntegrator 64-bit => C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator64.exe MSCONFIG\startupreg: BringMeSports EPM Support => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S MSCONFIG\startupreg: BringMeSports Search Scope Monitor => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [{969973B0-7598-457E-AE8D-E111B4FD047F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{11B9EC44-0AFC-4390-B704-E867596DAD8F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{9591AFA7-D3A1-4FA2-AA26-8F4F3C3FBAA5}] => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{ACB7B527-9692-45CA-BB7E-8299F7AC196B}] => LPort=5357 FirewallRules: [{3012DE9D-8B36-4A2F-BE95-9D134B6648D6}] => C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe FirewallRules: [{2C357B8A-9154-40B4-A654-B62B96B7D534}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{ABF38FA3-0A19-44A2-9D1C-BD068D740DF7}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{D7FCE6A6-41AC-48E8-8B9A-458A89E31569}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{88F4A63D-EF03-4DDE-8F70-B56CD7C18E43}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{DCCC0719-3048-4DFE-921F-ADC1A08ABA7D}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{1FCF2860-0B3B-45AA-BE2C-1940B61F0DB0}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{A324C362-EED1-40B2-B6DB-1A6D80114093}] => C:\Users\maryclyne\AppData\Local\Temp\7zS4793\HPDiagnosticCoreUI.exe FirewallRules: [{56FF070A-D463-4D7A-9A3A-A8B9177466B4}] => C:\Users\maryclyne\AppData\Local\Temp\7zS4793\HPDiagnosticCoreUI.exe FirewallRules: [{FC2EEC4E-7F1B-4EAC-93C3-C0C91E7593D3}] => C:\Users\maryclyne\AppData\Local\Temp\7zS3524\HPDiagnosticCoreUI.exe FirewallRules: [{07B5AB8F-D63A-4EC0-A134-64F22B8C6772}] => C:\Users\maryclyne\AppData\Local\Temp\7zS3524\HPDiagnosticCoreUI.exe FirewallRules: [{70F6CFA1-03B9-4302-86CD-AC10EB65A144}] => C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe FirewallRules: [{2C57E084-F5C4-42BB-B0CE-388DF41B681B}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe FirewallRules: [{36434DFA-ADE8-425A-872B-F56645046042}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe FirewallRules: [{112FD457-3D7E-4DD0-BB22-9BC2B07658D8}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe FirewallRules: [{2FB0B83A-8C4E-442E-AB5A-EFD2559EE6F0}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe FirewallRules: [{699607B1-9093-4AF3-9174-A6C09545A18B}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{B6AB620D-E81B-476C-9430-4109BDF82D1E}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{44B64FEF-5374-4088-8080-F93AD09FCD84}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{BF5BB368-04B6-42AC-82DA-4D5397A8C71B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{48A32EB9-541B-4396-97AA-94D175F4042E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{B6509D9D-885C-4CF9-A4FC-32E2730FCA35}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{B149F16F-7486-4B81-8B00-E8D000347CB2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{E78C71FC-3B14-4DE1-B629-D5A24E28F1AA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{B139A31E-B2D2-496A-BFE2-9C8B1EC76FFA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{CA6B04E8-854E-43A7-96A9-3240E41282C1}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{8B5FE821-282B-4F51-8512-F453C066B03A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{35BA3B84-3E96-480A-AF8A-35C31F91E07C}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{B49F7ECC-8D15-4BD4-8655-4706016DC2DB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{32EBC63B-D3FE-426A-9F00-A864790A1CD5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{E92C5369-118F-49ED-890F-D4534396594B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{E782DCC5-9BF1-43A5-829C-4C3DB17CA5D2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{B15BE39F-B37E-4D13-B5E1-DB62D3F408EA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{7843CFD2-48CC-499E-B8E1-7F5425456441}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{3D9E3D50-AF26-4A3B-90E4-B57D352BAC14}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{488773EB-DD12-4718-9E0C-684EAA5CF507}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{955FC20D-684C-452B-BDF9-5282A24D1B3B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{2E3B6824-4FC4-4F44-822E-F7D91D87BAA1}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{B438B11D-E5DE-4BB4-AE41-74722BC70F6F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{0976330B-3E2E-4E7D-B607-39A0819D4491}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{1405C72D-985A-4C39-8CBE-4F19C5B5E478}] => LPort=7000 FirewallRules: [{7EF58C20-E1AA-4186-8EF8-44C0CA09709E}] => LPort=7000 FirewallRules: [{E5539E5C-4FEB-4A63-9304-54E6B46BC7EC}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{5B02E6D2-5606-4A26-904F-A66368F685BB}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{5B4B6ED9-AA0E-4F83-B2E0-6B23FE8BD902}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{EF0B3B96-11D1-4B34-9C84-494ABB1431E9}] => c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{C8B28F75-D0F7-4441-B6E0-F422D5B4B137}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{99F745CA-7426-4B1A-B994-26B5B4D65B84}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{1CE3775E-B7F1-498E-B72E-0CD4E1E0BBAF}] => LPort=1900 FirewallRules: [{EBAB509F-E5A3-4F5C-8100-E40DC0935DE8}] => LPort=2869 FirewallRules: [{64C2E9DE-5D53-492D-B92A-B37608C3B569}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{96492B46-7074-4D87-9701-5B27CA7751D8}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{451F92F1-8D52-4978-BDB8-E5AD3354CE7D}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{89DB5EE8-41A1-4927-9AAF-67B8E370B436}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{F1A14C6F-6B28-4706-9B7E-6C7324D7B734}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{7F33DE16-2219-4337-A7A9-448310803418}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{4916451C-E384-4469-A9AB-E3D4912FAA16}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{83052505-3951-402D-B9FB-C10ED296554B}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{760D945D-70E1-40A5-BD8C-2B7D23F90CE5}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51C1DDDC-F2FF-4E94-A555-99F678C91904}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{81BEA391-A982-4955-BC29-57CF11A06641}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2E9B4F0A-F586-401D-9D40-5227AFBF41C1}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [{0EBD2EAF-9625-4C8E-B1CB-CC3321433717}] => C:\Users\maryclyne\AppData\Local\Temp\7zS7BB0\HPDiagnosticCoreUI.exe FirewallRules: [{2759FF56-2DC6-46DC-9056-6420C102E291}] => C:\Users\maryclyne\AppData\Local\Temp\7zS7BB0\HPDiagnosticCoreUI.exe FirewallRules: [{3BF722B8-1C2C-447C-8A3B-A755B11F66D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{56D9A094-2B5E-4C0A-89EB-35D6B088F63E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{5C0CA0E4-E679-4DF9-8977-D762E16F6129}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C856E4EC-C671-4A5B-BC9F-9510D8FFF381}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{49691F78-A11B-4D79-B78F-658037419625}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B89B709D-5334-4FFD-B97F-DD8CFEF0856F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AE28D09D-754B-4A5F-8017-B61498E074DA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/19/2017 04:57:10 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\ScratchBox\ScratchBox.ocx.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:57:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\SoundBox\SoundBox.ocx.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:57:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\MultiChannelDll\MultiChannel.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:57:02 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\WEDll\waveedit.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:53:40 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnap.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest. Error: (01/19/2017 04:33:36 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\MultiChannelDll\MultiChannel.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:33:36 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\WEDll\waveedit.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:29:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest. Error: (01/19/2017 04:29:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest. Error: (01/19/2017 04:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARYCLYNE-PC) Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (01/19/2017 06:03:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/19/2017 05:09:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/19/2017 04:13:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The File History Service service hung on starting. Error: (01/19/2017 04:11:20 PM) (Source: DCOM) (EventID: 10001) (User: MARYCLYNE-PC) Description: Unable to start a DCOM Server: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca as Unavailable/Unavailable. The error: "15616" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer Error: (01/19/2017 04:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetMsmqActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/19/2017 04:08:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect. Error: (01/19/2017 04:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetPipeActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/19/2017 04:07:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect. Error: (01/19/2017 04:07:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/19/2017 04:07:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. CodeIntegrity: =================================== Date: 2017-01-19 15:55:09.771 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 15:55:09.702 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 15:55:08.133 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 13:29:08.526 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 13:29:08.472 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 13:29:08.320 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 11:54:24.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-19 11:52:01.504 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 11:52:01.246 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 11:21:28.212 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD Phenom(tm) II N970 Quad-Core Processor Percentage of memory in use: 80% Total physical RAM: 3838.17 MB Available physical RAM: 743.55 MB Total Virtual: 7678.17 MB Available Virtual: 4033.4 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:452.04 GB) (Free:244.75 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 38CCD7A3) Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=449 MB) - (Type=27) ==================== End of Addition.txt ============================
  18. Here is the log from the 1st computer that I had this problem with. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017 Ran by maryclyne (administrator) on MARYCLYNE-PC (19-01-2017 18:14:36) Running from C:\Users\maryclyne\Desktop Loaded Profiles: maryclyne & (Available Profiles: maryclyne & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe () C:\Program Files (x86)\Scan PC\ScPCS64.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [CXMon] => C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [45056 2001-09-19] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-09-07] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [AvgUpdater0215tb] => C:\ProgramData\Avg_Update_0215tb\0215tb_{0DEA67E6-A2B7-4B78-BEF5-50950E19908C}.exe [2794520 2015-02-25] () HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-08] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3f0c7b0a-9f43-4879-bb7f-6a2435db6b4b}: [DhcpNameServer] 192.54.112.29 Tcpip\..\Interfaces\{d3aecf30-0f20-4eed-8980-9f66bbf05645}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131293409641340428&GUID=2A27879B-698C-4A25-BE53-7CEDD32345F3 SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={9BFD4479-CF0E-43F7-8254-A062EDC7F20B}&mid=5dcea6de5f9f47d0aaadf123cca0969a-1d089d566809ac21f2aa52c872850781330c4233&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 18:17:50&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms} BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-23] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-11-01] (Yahoo! Inc) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.) Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-23] (Google Inc.) Toolbar: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-09-07] (AVG Secure Search) FireFox: ======== FF DefaultProfile: e6rx6nnj.default FF ProfilePath: C:\Users\maryclyne\AppData\Roaming\Mozilla\Firefox\Profiles\e6rx6nnj.default [2017-01-19] FF Homepage: Mozilla\Firefox\Profiles\e6rx6nnj.default -> google.com FF Extension: (uBlock Origin) - C:\Users\maryclyne\AppData\Roaming\Mozilla\Firefox\Profiles\e6rx6nnj.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-19] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 FF Extension: (AVG SafeGuard toolbar) - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-05] [not signed] FF HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File] FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3319612&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPD5904585-3625-4287-98D7-0D9E3F54FEB6&SSPV= CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/" CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD5904585-3625-4287-98D7-0D9E3F54FEB6&q={searchTerms}&SSPV= CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultSuggestURL: Default -> hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll => No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Profile: C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default [2016-01-26] CHR Extension: (Ask Toolbar) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-05-05] CHR Extension: (Google Docs) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31] CHR Extension: (YouTube) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04] CHR Extension: (Google Search) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-31] CHR Extension: (Google Docs Offline) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-31] CHR Extension: (Installl Converter A) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepklnbloplpapghhenhamaomkechegb [2015-02-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30] CHR Extension: (Gmail) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-05] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 Scan2PC; C:\Program Files (x86)\Scan PC\ScPCS64.exe [93184 2010-06-17] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) R2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-09-07] (AVG Secure Search) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] () R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-19] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-19] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-19] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-19] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-19] (Malwarebytes) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-14] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-19] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-19 18:14 - 2017-01-19 18:20 - 00026362 _____ C:\Users\maryclyne\Desktop\FRST.txt 2017-01-19 18:13 - 2017-01-19 18:14 - 00000000 ____D C:\FRST 2017-01-19 18:11 - 2017-01-19 18:13 - 02419712 _____ (Farbar) C:\Users\maryclyne\Desktop\FRST64.exe 2017-01-19 17:09 - 2017-01-19 18:03 - 00001295 _____ C:\Users\maryclyne\Desktop\Google Chrome.lnk 2017-01-19 16:27 - 2017-01-19 16:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-01-19 16:26 - 2017-01-19 16:26 - 00000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\ProgramData\RogueKiller 2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\Program Files\RogueKiller 2017-01-19 16:24 - 2017-01-19 16:25 - 34741672 _____ (Adlice Software ) C:\Users\maryclyne\Desktop\setup.exe 2017-01-19 15:37 - 2017-01-19 15:37 - 00000000 ____D C:\Users\maryclyne\AppData\Local\TeamViewer 2017-01-19 13:35 - 2017-01-19 16:08 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-19 13:35 - 2017-01-19 16:08 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-01-19 13:35 - 2017-01-19 16:08 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-01-19 13:35 - 2017-01-19 16:08 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-01-19 13:35 - 2017-01-19 13:35 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-01-19 13:34 - 2017-01-19 13:34 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-01-19 13:34 - 2017-01-19 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-19 13:34 - 2017-01-19 13:34 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-19 13:34 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-19 13:33 - 2017-01-19 13:33 - 54199488 _____ (Malwarebytes ) C:\Users\maryclyne\Desktop\mb3-setup-consumer-3.0.5.1299.exe 2017-01-19 13:29 - 2017-01-19 16:16 - 00000000 ____D C:\Users\maryclyne\AppData\LocalLow\Mozilla 2017-01-19 13:26 - 2017-01-19 13:26 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-01-19 13:26 - 2017-01-19 13:26 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-01-19 13:25 - 2017-01-19 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-19 13:18 - 2017-01-19 16:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-01-19 13:18 - 2017-01-19 13:18 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-01-19 13:18 - 2017-01-19 13:18 - 00001108 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-01-19 13:18 - 2017-01-19 13:18 - 00000000 ____D C:\Users\maryclyne\AppData\Roaming\TeamViewer 2017-01-11 12:41 - 2017-01-11 12:41 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-12-28 08:37 - 2017-01-19 09:00 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2016-12-27 20:48 - 2016-12-27 20:48 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2016-12-27 20:48 - 2016-12-27 20:48 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-12-23 09:05 - 2017-01-18 20:04 - 00003292 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-19 18:04 - 2015-10-30 01:11 - 00000000 ____D C:\Windows\CbsTemp 2017-01-19 17:50 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\AppReadiness 2017-01-19 17:41 - 2012-04-04 17:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-19 17:18 - 2015-12-27 15:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-19 17:18 - 2014-12-26 15:56 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-01-19 16:12 - 2014-12-26 16:56 - 00000000 ___RD C:\Users\maryclyne\iCloudDrive 2017-01-19 16:09 - 2004-08-28 18:12 - 00000000 ____D C:\TEMP 2017-01-19 16:07 - 2015-12-26 20:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-19 16:07 - 2015-12-26 19:19 - 00308432 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-19 16:05 - 2015-10-30 00:28 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-01-19 16:04 - 2015-12-26 19:30 - 00000000 ____D C:\Users\maryclyne 2017-01-19 15:45 - 2014-10-14 15:52 - 00000000 ____D C:\Users\maryclyne\AppData\Local\SlimWare Utilities Inc 2017-01-19 15:45 - 2013-11-17 16:31 - 00000000 ____D C:\Users\maryclyne\AppData\Local\NativeMessaging 2017-01-19 15:41 - 2015-12-27 10:03 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2017-01-19 15:05 - 2013-01-22 16:40 - 00000000 ____D C:\ProgramData\APN 2017-01-19 13:35 - 2012-11-19 11:09 - 00000000 ____D C:\Users\maryclyne\AppData\Local\Mozilla 2017-01-19 13:34 - 2012-01-22 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-19 13:29 - 2016-01-25 11:43 - 00000000 ____D C:\Users\maryclyne\AppData\Roaming\Mozilla 2017-01-19 13:26 - 2012-11-08 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-19 13:24 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 13:19 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-19 13:09 - 2016-01-25 15:58 - 00000496 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2017-01-19 12:42 - 2015-12-26 19:28 - 01009692 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-19 12:42 - 2015-10-30 01:21 - 00000000 ____D C:\Windows\INF 2017-01-19 11:15 - 2011-10-22 12:16 - 00000000 ____D C:\Users\maryclyne\AppData\Local\ElevatedDiagnostics 2017-01-18 20:37 - 2016-01-25 11:51 - 00000600 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Genealogy, Family Trees and Family History Records online - Ancestry.com.website 2017-01-18 20:23 - 2013-09-27 19:15 - 00000000 ____D C:\Users\maryclyne\Documents\Family Tree Maker 2017-01-18 20:04 - 2015-12-26 21:00 - 00002425 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-18 20:04 - 2015-12-26 21:00 - 00000000 ___RD C:\Users\maryclyne\OneDrive 2017-01-18 19:58 - 2015-02-20 09:34 - 00000000 ____D C:\Users\maryclyne\Desktop\Wayne's droid 2017-01-18 19:50 - 2013-07-02 16:49 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-11 12:41 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-11 12:41 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-28 08:41 - 2016-07-07 14:23 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk 2016-12-28 08:41 - 2015-08-17 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-12-27 20:56 - 2010-11-20 21:47 - 00547216 _____ C:\Windows\PFRO.log 2016-12-27 20:55 - 2015-12-26 19:28 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000002.regtrans-ms 2016-12-27 20:48 - 2013-01-22 19:26 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-12-27 19:29 - 2014-12-26 16:55 - 00003506 _____ C:\Windows\System32\Tasks\Apple Diagnostics 2016-12-23 09:25 - 2013-07-02 16:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-23 09:25 - 2013-07-02 16:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2012-07-28 11:53 - 2014-12-16 13:49 - 0000156 _____ () C:\Users\maryclyne\AppData\Roaming\default.rss 2013-01-23 18:51 - 2013-01-23 18:51 - 0000091 _____ () C:\Users\maryclyne\AppData\Roaming\mbam.context.scan 2014-11-05 15:09 - 2014-11-10 12:09 - 0000132 _____ () C:\Users\maryclyne\AppData\Roaming\WB.CFG 2012-07-01 13:41 - 2016-02-08 21:29 - 0004608 _____ () C:\Users\maryclyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-09 17:09 - 2014-11-09 17:09 - 0000001 _____ () C:\Users\maryclyne\AppData\Local\DSI.DAT 2012-11-05 14:34 - 2012-11-05 14:34 - 0000017 _____ () C:\Users\maryclyne\AppData\Local\resmon.resmoncfg 2014-12-29 15:03 - 2014-12-29 15:03 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-07-08 13:48 - 2012-11-06 18:36 - 0003044 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\Users\maryclyne\DMOrganizer.dat Some files in TEMP: ==================== C:\Users\maryclyne\AppData\Local\Temp\7E20.exe C:\Users\maryclyne\AppData\Local\Temp\avguirn_081421086240.exe C:\Users\maryclyne\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-19 10:38 ==================== End of FRST.txt ============================
  19. I think I would just like to continue to post here instead. I do recommend the free version of malwarebytes and have for years. I have worked with computers since 1996 so I know my way around pretty good. I have also been in several jams over the years and most of the time I could always get myself out. This puzzle just has me scared to ever tell anyone to download malwarebytes again on a windows 10 computer. What are the odds on this happening two times in a row as many times as I have used this great program? I tell people that malwarebytes is more important than antivirus which I do believe to be the case. I do know for a fact on the computer I was helping with yesterday that malwarebytes did cause this problem. I removed the 700 + things that malwarebytes had quarantined and put them back on the hard drive and the problem went away. Most of the bad things were PUP's but there were so many I didn't take the time to research all of them. I know it took some time to remove them when I first ran malwarebytes and after it rebooted I knew things were not going to be good. The man that owned this computer was sitting right with me when I ran the program and I did warn him what might happen but really didn't think it would. I was prompted to sign in with his password but it would never go to the desktop. A message came up saying something about the profile but I was a little mad at this happening I didn't take the time to read the exact message. After many restarts I was finally able to get back to his desktop. Whew Surely someone else has had this annoying problem. I am glad I was able to get his things back but his computer is still infected with those 700 + bad things so which router do I go now. Safe mode is not like windows 7 so I could not get there from the sign in menu or hitting any keys when booting. I am lost.
  20. I suggested to a good friend to buy the pro version of malwarebytes. He did as I told him and even went as far as bringing it to me to help him do this. I have installed malwarebytes on hundreds of computers over the years and never once had any problem until the last two I installed it on. Both were running windows 10 upgraded from windows 7. On this one this morning after many tries I was finally able to get back to the desktop and don't have a clue how. I rebooted it again and same thing. Again I tried at least 10 times before I could get back to his desktop. I then went into malwarebytes and all that was quarantined ( 776 mostly PUP's I restored back to where they were before I ran malwarebytes. It now will boot find. I tried it 10 times and each time I would sign in and back to the desktop. I know there has to be a fix for this. This computer is still infected but I am not running anything until I find out what caused this to happen today. Last week almost the same thing happened after I removed AVG with the uninstall utility and when it asked to reboot I got to a desktop telling me a temp profile had be created. I rebooted it several times and finally got back to where it was. I told them to just leave the computer on until I found a fix. Both of these computers I ran malwarebytes on. This morning I know for a fact that removing the things that malwarebytes found and then removing them and rebooting caused this annoying problem. Thanks for any help on this.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.