michiganmike
-
Posts
60 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by michiganmike
-
-
I'm curious about what this is.....after Windows 10 update today, this popped up. Any comments would be appreciated. A scan showed no threats detected.
-
I wonder what I'm doing right ? ? ?
No problems on this end.
-
Everything is good again this morning.....the Irritating Pop Up hasn't shown in fifteen minutes.
Thanks Vlad. .
-
This appears to be the same thing that was reported in March of 2017. AlexSmith, Administrator, pushed an Update to fix it them.
-
FYI.....IT'S STILL POPPING UP AND DISAPPEARING AND POPPING UP AGAIN.
-
Thanks, Vlad......will I see the replies here ?
-
Whew . . . it's been a few years since I've had to do this kind of thing, it takes me longer every time . What else do you need ? mb-check-results.zip
-
after downloading FRST and double clicking I received this Pop Up.
-
It has been popping up without being logged into Facebook.. . it has popped up when I'm using xfinity email , Google Chrome and various Tabs. I have rebooted it, but it continues.
-
I have Malwarebytes Premium 3.3.1.2183
I've been getting this "Website Blocked" popup off and on since yesterday. It seems to occur most on Facebook.
Any thoughts on handling it ?
-
Thanks pondus and hayc59.
-
Curious Question.....the last two laptops I purchased from Best Buy came with WEBROOT available to install free for 6 months. My newest is a Surface Pro. I have Malwarebytes on my PC and HP Laptop. I am happy with Malwarebytes (I think) . . .but was looking for anyone's opinion of WEBROOT....which appears to be just "another" Internet Security/Antivirus software.
This is what it says
which appears to be for a period of 6 months.
-
Thank you for your Help, Samuel............I have just submitted a support ticket.
-
I currently have Premium 3.2.2 on my Desktop. I have recently purchased a Laptop for use also. Can I also use my Malwarebytes Premium 3.2.2. somehow on my Laptop or will I need to purchase it separately for the Laptop. ?
Thanks.
-
I did a restart and the Pop Up is gone.
-
I noticed the same problem when logging on to Chrome this morning.
-
Dave....thanks for the reply. I looked up the definition of nginx to try and understand it. Why would this " Web Server" suddenly pop up when I opened this site http://www.sohc4.net/ and selected forums. It is still doing it this evening. and I am unable to get into the Forum . I thought it might be an error within the site and their forum, but everything worked fine using the system at work today.
-
I have a Pop up that says Welcome to nginx!
Welcome to nginx!If you see this page, the nginx web server is successfully installed and working. Further configuration is required.For online documentation and support please refer to nginx.org.Commercial support is available at nginx.com.Thank you for using nginx.
It showed up after I tried to go back into a forum called forums.sohc4.net. and is preventing me from entering that forum.... Before I ask for help, can anyone explain how this happens when I run Malwarebytes Premium. I just ran a scan and nothing malicious was detected. What am I missing, why did this slip by ? in the future, what do I need to purchase to prevent this type of thing ?
-
Results of Security Check Link 1:
Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 [b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] Windows Firewall Enabled! Windows Defender [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] [b][color=green] Java 64-bit 8 Update 31[/b][/color] Adobe Reader XI Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.94) [b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u] Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe [b][u]`````````````````System Health check`````````````````[/b][/u] Total Fragmentation on Drive C: % [b][u]````````````````````End of Log``````````````````````[/b][/u]
-
After running JRT :
Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.2 (02.02.2015:1)OS: Windows 8.1 x64Ran by Michael on Mon 02/09/2015 at 20:20:33.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}~~~ Files~~~ FoldersSuccessfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{017E2EBA-39BB-4925-A618-E0C72A9F1D01}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02B48036-476C-4257-8DB0-30362D0B9F76}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{08ED54E1-FB2A-4D04-BC86-0BC777193517}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{08FCA44A-FAA1-4D75-A098-93AAB6376EAE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D77C887-E1DB-44A1-9A19-A171FE9C2CFE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E83E5B1-C4F3-4293-9D3E-31D8D46EBF4E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{105DECA0-183D-4349-9CE7-8CFBB5E85401}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{13E9E2C2-8603-4643-B521-8245E709E5BE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{157F062A-1693-467B-81FA-EE92D509623D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{15CA1DF9-3AA9-4AB8-90EB-3CBEB1CA2504}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1750DE2B-6627-4D60-A8E3-55A8AE606EB2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1ABFF769-715E-48A0-A300-EE1727B175C0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BAFEB2C-66BC-472A-8387-B11763E73660}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1C70F7B0-D840-4EDB-9CAD-74827E731483}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1DE5DA84-E913-44B8-BA9D-30F6D9352DF5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{20471FBB-4E13-4D79-AD3F-4A82FCEC656F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{224830B8-677C-4A76-95DB-08D88C19336E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{267D9324-314F-4B16-A93E-0823C87395D1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2753D8C4-FD1B-40F6-8DED-DF3E9E9F0AEB}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{285CBD7D-7B10-4055-AD5C-E03A834009D5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{28F1C238-5330-4DD7-82A0-146F96CBFC2F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2BE54DB3-D922-483F-8F79-419B9C06858F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2F3403FB-4FED-4706-9220-9293CEACEECE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2FC7393E-8154-4C41-8EC0-AF0FB9BBB355}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32C3F340-4037-4EA8-AE36-BD52D6FA38A5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34BB9DE9-1084-4103-9B3B-5A88920C8F07}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34CBE7F1-BC5D-44D4-B76B-4832BA6BF3A0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{36D253E2-9592-4D05-AF43-82A6C9BDF15A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{380D7FA6-7CDD-4C80-8806-D92B80D01FEC}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3C090B64-2C15-43F3-A2B4-18D3232CEA58}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40F5C008-7C1F-404A-B8B2-414125106D00}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{42913B0E-39DF-401B-B60D-CC601E87490B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{47885D18-B4ED-4295-91C4-0786B26EE9A5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4889EA3A-01CF-4DD1-9DD4-63C1C1E7C2EB}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4A121254-5412-4230-A580-51C8890600E4}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4C872568-2D59-489B-A519-E985474A498E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E73F6B4-A44D-4A2D-9979-30E3E4E7E00E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E842735-1447-4C1C-A325-4FC60C111425}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4ED3D34E-7E06-4056-AD79-AC0D5FC7A233}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4FC4992F-4EC0-4826-A3BB-177CB557CFDD}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51A9BF10-38C5-40A4-AB00-3283EDC03950}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51C5A768-855E-4C61-B666-F5FB564C49EA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52E76973-7DF0-4BAB-A0E1-74344DBD3EDF}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{546B9CC1-3026-4C61-BD24-BA6347C36507}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5547E4F3-5FC9-4537-9915-260E222DD675}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{556A1895-E6D4-4B51-8483-9BFFADE4A680}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{581207A2-9F89-4854-8AEA-80F7789F5EDA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{58E29379-015A-48F7-9D6F-2A1C83C2EA15}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5AB5D727-B482-40A0-9EFB-9E85D37C3F5A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5BDD77F8-7A3A-4CBB-BDE5-19CA6F0B7DE8}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E844080-1E12-4AA6-BEF0-72DCC5E3CD8F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E993A04-C9B2-4A75-819B-ED4B50A6972E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6446ADBB-5F1C-4B74-A14B-880CFE9B728C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{68D204D7-5283-4BC2-AE1F-B82B0F66416D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6CAA800B-2EE4-46A6-9424-1EFFFF485D8C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6D525321-3A63-4716-9746-5BA30BD8128B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6ED51D36-00EF-4103-A2B9-E9D209EBD982}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{70799F16-D69B-48A9-878E-5134A8EFEE36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7136C708-9B31-470B-B373-3AC57D35DB8A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7260EF0F-8D8D-4CCC-9D9B-314781CF9211}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7397704E-7C2E-4A48-99CA-4B31146066FE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{745E96D3-2CA2-44F6-8B95-174254BCA7B0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{74D3218C-69DD-4034-A463-738A0581DEB2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7A6FB237-EA5A-4E08-BE1B-EE8375B37B9F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B1BC722-CB74-4512-B7E0-A6E3C37D1B31}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7D0FA154-13B5-4EAF-9C0D-2C032CBD3C17}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7F67622B-A369-4FFA-B1AA-9532BBBE016D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7FF66983-9558-4551-A191-B98171FEC0AA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8010AB9D-8C73-4BF0-932A-1484EBF81209}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8377085A-4473-4816-A487-B2CA4AFEA635}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{846D19DA-A18A-4526-ABFC-59A952D9ED79}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{881F8DB9-F1FA-4524-88D9-E9C82B92CDB1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8899C1A2-A230-401F-9B82-4BC37F1F178D}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88B940C9-FDEB-4802-915B-B790D1793032}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8B1002A0-5CB2-4272-8E59-E896D3AF391F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{952ECDC9-7A2F-4662-A0F7-C87551DDAE2E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{95751CD1-E601-4FE8-995E-7ED59BBDD470}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{97B05226-D38A-48A7-966C-B0EF2CF21E05}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98329AF0-CA53-44A8-89AA-1C4AB97FBC54}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A1E0D8B0-AE76-49E6-8622-FAA75B654FB0}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A242FA56-B45B-4498-9BCD-96369C2017BD}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A4D915B9-2E79-4703-BE08-0646103A4336}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A558FEEE-53B8-45B5-A2A4-6AEC8B49D6ED}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A715EB4D-F3CD-4EBA-A710-097F14DC049A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ABCB879A-F9E8-4835-85A7-0E35E4BC631C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ACB6D85C-972D-4A00-B793-E848C9F4FEFE}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE75166A-2DE6-4832-BC75-EED499EFB8EC}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF817248-F850-4556-92D5-1B6E53622E6B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF966E40-85DA-410D-8053-E73B9D803CB8}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B0C134A4-B9BE-4B34-95F3-7F02760A1C87}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B11F084D-7C89-4C92-B4E2-25BB495C7904}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B27ADE1E-4FC5-427A-AC3F-3EB12EDE0E36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5D2C65F-BCF4-4EAD-8922-A8F20C8EB204}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5D80D24-810F-481A-93E7-9182B0B25A36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B6078C70-F063-4896-83DC-B5CF80D47FA3}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B8C03763-80F9-46A3-A81C-6B6A79459E1C}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B94A0442-8385-4DF5-91AA-D31F5B7B2412}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B94BF544-116D-41B7-AC88-0F87B3A0BE28}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9641B87-766E-48AF-B64F-25A699AED398}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BAD8B963-8125-448B-9EF4-9B6347CABA79}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBA8B701-B367-41AA-86C3-91610CEFBAA4}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBCA7504-2585-4AC3-92F8-6595E820D855}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BDE82D73-3A1E-4AA3-9CEA-E6102171BF99}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BEB60A40-C7B7-4724-8D79-BC00780F9A10}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C05B3653-0E50-4D68-8062-B60448826411}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C27F1DEE-B64A-47D7-9CE1-7E397FF85176}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2C77EA4-218F-4602-81DD-815A52FF0CDA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C421E926-2682-435F-860B-BF1ABBA8D395}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C42BB7DB-755F-4FC9-A36C-D53868E6F6FA}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C522C07D-EE82-4664-BE8F-8CB258ED76F9}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C869EACB-BA17-4CDD-8200-F13CCC905DC6}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C8A7A189-FD4F-46DB-A653-A0D75D27D6B5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA960E2A-F900-443C-97A7-CEE1D9916129}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CB33448F-314C-4AE6-85E8-EB13F22BD9C1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CB61CF41-3D01-4A77-AD9F-67A9FC2D75D3}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CDF183C9-EBEA-4CE9-81D2-2337E124805E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEA5020D-B5FE-49F6-B084-B65B0D8DAC71}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEB0C460-970F-4690-857C-52C009B01377}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D02D101D-626A-4B96-B5DA-205EFF2ABA9F}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2E02429-F576-4F62-91C9-DE8EC18D884E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D39569EE-1FEA-46C1-880D-9371BCADB194}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D50631F4-D3E1-4307-BBAF-19B94B1F8272}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D78FE3D7-C140-487F-AD2B-5DFB7F8D5D27}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8329FBF-34ED-4489-A1AC-F777826024D2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAA17945-F0E8-4280-8A50-318CC217EB36}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DB46EE9D-0ED3-4ACE-A1F4-B4769A393F8B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBB50B05-2894-4364-A539-DAFCE0F8B093}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DE39155B-6DFE-47EA-8563-1820025E7AE2}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DFEE0B23-0209-4BD7-BC06-25751F89EAF1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E0257387-ED70-4567-B4A9-B177D413F068}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E3E8D391-B9D0-44E0-82A4-CCEC27C51A81}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA33EEE1-7A0E-45CC-A14F-DBF4EBB60AD5}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EFAE0BF6-27A8-49CC-A14A-8BCBF1FC2659}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EFC44C9C-606E-4320-A9BB-94FA13E636A9}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F03CD2F3-0E03-4361-B956-93A8FA4D671B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F0A6B4CE-1D82-4E37-BC19-DA7EC92C96D6}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F0EEC8FC-B444-49A5-84D2-AADA15E8E334}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F29C7B95-2B7B-4348-84E1-CCE99FA307A1}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F5F0890E-C0C1-4551-BFA9-B6F2CD58B55B}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F8D1D0B2-BBC5-46C9-8786-BCB91B6C293A}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9AD332E-DC47-4012-9230-FEB0E3F6322E}Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FB92CB43-AFEF-435A-ABB9-F0BEB17231AC}~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 02/09/2015 at 20:23:52.62End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
This text after running AdwCleaner:
# AdwCleaner v4.110 - Logfile created 09/02/2015 at 20:13:13# Updated 05/02/2015 by Xplode# Database : 2015-02-09.1 [Server]# Operating system : Windows 8.1 (x64)# Username : Michael - BASEMENTDESKTOP# Running from : C:\Users\Michael\Downloads\adwcleaner_4.110.exe# Option : Cleaning***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\Users\Michael\AppData\Roaming\targusFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorageFile Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage***** [ Scheduled tasks ] *****Task Deleted : BrowserSafeguard Update Task***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05FDF47C-E0BD-434E-8740-4B77961252C6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{103F0905-ECCB-4605-81F0-CCF2A91D94B4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2130307D-A080-4301-884E-C94C34736DBC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{257625CC-AD7D-4C65-AC90-00987B0305E4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BC48320-AF28-4A5A-96E4-0C440D05814D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{405703AA-28EA-4244-B968-482FDD6C56F6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57D9A59D-FC7D-48B9-A1A1-EB9D8F289E83}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6007991A-A5C7-41D4-B403-03A4359AC36A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE04D16-F4A9-41A9-A4C0-B19CA0C8CBDC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B88ED7-39FA-4B89-BB0D-0A2C3A5BC8CD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3B32220-EB4C-4601-B258-E9AE4BED5EDF}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\AdknowledgeKey Deleted : HKLM\SOFTWARE\PIPKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\veoh.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.comData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>***** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17416-\\ Google Chrome v40.0.2214.111*************************AdwCleaner[R0].txt - [2969 bytes] - [09/02/2015 20:06:31]AdwCleaner[S0].txt - [2858 bytes] - [09/02/2015 20:13:13]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2917 bytes] ########## -
After running MBAM , no malicious items were detected. I was unable to Copy To Clipboard the information from the Application Logs.
AFter running ESET two threats were found .
The threats were as follows:
C:\Users\Michael\Downloads\Setup.exe a variant of Win32/InstallCore.UF potentially unwanted application deleted - quarantinedC:\Users\Michael\Downloads\video-converter-ultimate_full975.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
-
After running FRST I have the following on my Desktop >>>
Ran by Michael (administrator) on BASEMENTDESKTOP on 04-02-2015 18:17:44Running from C:\Users\Michael\DesktopLoaded Profiles: Michael (Available profiles: Michael)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Maxtor Corporation) C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE(Rhapsody International Inc.) C:\Program Files (x86)\Rhapsody\rhaphlpr.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\ProgramData\HP Photo Creations\Communicator.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [10613760 2013-11-28] (Broadcom Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exeHKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {F82E0CFA-744D-466E-BCB3-7E1F9C6D75E0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-17]Chrome: =======CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-22]CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (Eclipse.TV) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgclhadgalphbjbailpceklmmhebajln [2014-03-15]CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]CHR Extension: (Logitech SetPoint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-08-22]CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-17]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-10] (Microsoft Corporation)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [6036480 2013-11-28] (Broadcom Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-11-12] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-11-28] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-04 18:17 - 2015-02-04 18:18 - 00023720 _____ () C:\Users\Michael\Desktop\FRST.txt2015-02-04 18:17 - 2015-02-04 18:17 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion2015-02-02 11:58 - 2015-02-02 11:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D8329FBF-34ED-4489-A1AC-F777826024D2}2015-02-01 23:58 - 2015-02-01 23:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B9641B87-766E-48AF-B64F-25A699AED398}2015-02-01 16:42 - 2015-02-01 16:42 - 00211337 _____ () C:\Users\Michael\Downloads\Ballon Tire Model A Ford Cabriolet for snow mail delivery Montana.html2015-02-01 16:42 - 2015-02-01 16:42 - 00000000 ____D () C:\Users\Michael\Downloads\Ballon Tire Model A Ford Cabriolet for snow mail delivery Montana_files2015-02-01 11:58 - 2015-02-01 11:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{BBA8B701-B367-41AA-86C3-91610CEFBAA4}2015-01-28 19:09 - 2015-01-28 19:10 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist (1).txt2015-01-28 19:08 - 2015-01-28 19:08 - 00003630 _____ () C:\Users\Michael\Downloads\fixlist.txt2015-01-26 17:27 - 2015-01-26 17:27 - 00000000 ____D () C:\Users\Michael\Downloads\FRST-OlderVersion2015-01-25 15:55 - 2015-01-25 15:55 - 00000000 ____D () C:\Users\Michael\Backstreet Boys2015-01-23 17:50 - 2015-01-26 17:11 - 00035103 _____ () C:\Users\Michael\Downloads\FRST.txt2015-01-23 17:40 - 2015-02-04 18:17 - 02131968 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe2015-01-19 18:37 - 2015-01-19 18:37 - 00380416 _____ () C:\Users\Michael\Downloads\i3oyvhr8.exe2015-01-19 18:35 - 2015-01-19 18:35 - 00380416 _____ () C:\Users\Michael\Downloads\b4scyfu9.exe2015-01-18 19:16 - 2015-01-18 19:16 - 00003114 _____ () C:\WINDOWS\System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D}2015-01-18 14:56 - 2015-01-18 14:55 - 01110476 _____ () C:\Users\Michael\Downloads\Setup [1].exe2015-01-18 14:55 - 2015-01-18 14:55 - 00729264 _____ ( ) C:\Users\Michael\Downloads\Setup.exe2015-01-18 14:46 - 2014-01-18 00:41 - 4284854147 _____ () C:\Users\Michael\Downloads\00410001.MOV2015-01-18 13:58 - 2015-01-18 13:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B64C6B58-C42D-4F9C-A137-231BB8B4C08B}2015-01-18 04:52 - 2015-01-26 20:43 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat2015-01-14 06:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 06:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 06:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 06:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 06:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 06:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 06:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 06:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 06:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 06:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 06:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 06:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 06:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 06:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 06:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 06:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 06:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-12 20:15 - 2015-01-12 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4E75AF93-58E9-413A-92DC-37DA6E9C3A97}2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E06552DE-1DC6-48B9-97B8-3DE31060E9D8}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-04 18:18 - 2013-01-11 22:05 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-04 18:17 - 2014-06-11 17:19 - 00000000 ____D () C:\FRST2015-02-04 18:05 - 2014-12-27 11:12 - 00000360 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job2015-02-04 18:05 - 2014-11-10 19:06 - 02011199 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-04 18:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-04 17:45 - 2014-06-04 17:24 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMichael2015-02-04 17:45 - 2014-06-04 17:24 - 00000372 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job2015-02-04 17:41 - 2012-12-17 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2015-02-04 17:41 - 2012-12-17 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-02-04 17:39 - 2012-12-17 11:05 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EEA9D32-882F-444D-A469-D56BACDC089C}2015-02-04 17:36 - 2014-11-10 18:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-02-04 17:36 - 2014-06-15 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-02 12:18 - 2013-01-11 22:05 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-30 19:58 - 2012-12-17 11:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3304380047-1144064881-2346535376-10012015-01-30 18:18 - 2013-08-22 16:59 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-28 19:31 - 2014-06-19 21:25 - 00870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2015-01-28 19:31 - 2014-06-19 21:25 - 00000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2015-01-28 17:02 - 2014-11-10 19:16 - 00000000 ____D () C:\Users\Michael\OneDrive2015-01-27 22:15 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-26 20:42 - 2013-08-22 09:46 - 00303545 _____ () C:\WINDOWS\setupact.log2015-01-26 20:42 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-26 20:42 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-01-25 20:29 - 2014-09-24 02:15 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-01-25 15:55 - 2014-11-10 18:42 - 00000000 ____D () C:\Users\Michael2015-01-24 15:20 - 2014-11-15 19:52 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-24 15:20 - 2014-11-15 19:52 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-23 17:46 - 2014-06-11 17:20 - 00035068 _____ () C:\Users\Michael\Downloads\Addition.txt2015-01-21 17:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-18 04:41 - 2014-09-24 02:03 - 00020502 _____ () C:\WINDOWS\PFRO.log2015-01-14 20:38 - 2013-08-14 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 20:33 - 2012-12-21 17:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-14 20:28 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-08 19:59 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP==================== Files in the root of some directories =======2013-02-16 22:27 - 2013-02-16 22:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2014-06-19 21:25 - 2015-01-28 19:31 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\E3883A2014-06-19 21:25 - 2015-01-28 19:31 - 0870128 _____ () C:\Users\Michael\AppData\Roaming\mcs.rma2014-06-02 20:48 - 2014-06-02 20:48 - 0068782 _____ () C:\Users\Michael\AppData\Local\rvxxbgxb2013-04-22 19:12 - 2013-04-22 19:31 - 4126848 _____ () C:\Users\Michael\AppData\Local\rx_audio.Cache2013-04-21 19:10 - 2013-04-22 19:31 - 69447856 _____ () C:\Users\Michael\AppData\Local\rx_image32.Cache2013-08-07 18:34 - 2013-08-21 19:11 - 0003736 _____ () C:\ProgramData\hpzinstall.log2012-12-17 11:04 - 2012-12-17 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2012-07-30 19:51 - 2012-07-30 19:51 - 0002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-29 03:28==================== End Of Log ============================
There is this also ...
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01Ran by Michael at 2015-02-04 18:18:27Running from C:\Users\Michael\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) HiddenAMD Catalyst Install Manager (HKLM\...\{CC6CCF1E-F361-910A-E41D-EB5176F1255C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)AudioLabel (HKLM-x32\...\AudioLabel) (Version: 5.00 (Build 6) - CDCoverSoft)Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.66.1 - Broadcom Corporation)Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6950 - Broadcom Corporation)Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.66.1 - Broadcom Corporation)Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) HiddenCEBS Practice Exam - RPA2 (Course 4) (HKLM-x32\...\CEBSPracticeExamRPA2 (Course 4)) (Version: - )Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCinemaNow Player (HKLM-x32\...\com.bby.cinemanowplayer) (Version: 3.1.2 - Rovi Corporation)CinemaNow Player (x32 Version: 3.1.2 - Rovi Corporation) HiddenClassic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)Corel KPT Collection (x32 Version: 1.00.0000 - Corel Corporation) HiddenCorel KPT Collection for PSPX4 (HKLM-x32\...\_{031338C0-4C21-4DAC-875B-26ACD7ADDF23}) (Version: - Corel Corporation)Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)Corel PaintShop Pro X4 (x32 Version: 14.3.0.3 - Corel Corporation) HiddenCorel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) HiddenCradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenCradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCreator NXT Content (x32 Version: 14.0.024 - Roxio) HiddenCyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDrive Manager (HKLM-x32\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)Drive Manager (x32 Version: 1.00.0012 - Seagate Technology) HiddenEPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenFarm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) HiddenFinal Drive Fury (x32 Version: 2.2.0.95 - WildTangent) HiddenFlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenFormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) HiddenHP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)HP Connected Music (Meridian - player) (HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\HPConnectedMusic) (Version: 1.1 (build 25) hp - Meridian Audio Ltd)HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations Powered by RocketLife)HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)ICA (x32 Version: 14.2.0.1 - Corel Corporation) HiddenIDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) HiddenJewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenLogitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version: - )Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenMystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) HiddenPeggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.98 - WildTangent) HiddenPSPPContent (x32 Version: 14.3.0.2 - Corel Corporation) HiddenPSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) HiddenPSPPro64 (Version: 14.2.0.1 - Corel Corporation) HiddenRBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenRecovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) HiddenRhapsody (HKLM-x32\...\Rhapsody) (Version: - )Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenRoxio Creator NXT (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.29.0 - Seagate)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Setup (x32 Version: 14.2.0.1 - Corel Corporation) HiddenSmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) HiddenSmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) HiddenSureThing CD Labeler Deluxe Trial (HKLM-x32\...\{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1) (Version: 5.2.693.0 - MicroVision Development, Inc.)Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenTriple Scoop Music (x32 Version: 1.0.019 - Roxio) HiddenUltra File Opener (HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\Ultra File Opener) (Version: 5.2.3.105 - CompuClever Systems Inc.)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) HiddenWD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) HiddenWindows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (11/19/2013 12.0.0.9050) (HKLM\...\842F79923C68674AEB21691125DD165B4B2B4ADD) (Version: 11/19/2013 12.0.0.9050 - Broadcom Corporation)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================14-01-2015 20:32:46 Windows Update23-01-2015 06:22:37 Scheduled Checkpoint27-01-2015 22:14:36 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {0FC22A27-6E86-4DBB-93EA-7E7BF3EDC30B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {10B9FE0B-6CF9-4C51-9DAB-3B9A53D82748} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {1EE5664F-97B8-4CE0-901A-03770FD5B7B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exeTask: {2D0F3A23-3D03-4D8E-8B89-4BFF206F652F} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {2DF3D9C7-40A8-4877-B904-8D66D793FDED} - System32\Tasks\{134F4606-39A3-4FEC-9074-CF6F58B7397D} => pcalua.exe -a "C:\Program Files (x86)\Memorex exPressit Label Design Studio\STCD\stcd.exe" -d C:\Users\Michael\DesktopTask: {37E28012-0773-4A31-9961-E10D24E0BA09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {3E991863-80D3-4DD5-8A62-A16F8FB29D27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)Task: {3FD68C6F-4809-4742-816D-ED8DB2906A16} - System32\Tasks\{6EE62CE4-B0D3-4AE7-BACF-A7912F4196FA} => pcalua.exe -a K:\SetupCEBS.exe -d K:\Task: {42D6763E-C170-4C0E-9EE4-DB2916B1FACC} - System32\Tasks\{E3625391-E1C3-4051-868B-C9E92477EA8D} => pcalua.exe -a "C:\Users\Michael\Downloads\RhapsodyReal (2).EXE" -d C:\Users\Michael\DownloadsTask: {4B883E09-F3CB-40B6-99DE-81004D02C346} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {4BE38F49-324B-4CBF-BFA4-7A174E8D4148} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {4F0C30EE-EAC5-40CB-B4E2-B68298560767} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {59BD9D57-8841-4C8B-B91D-5F5BA89A6A16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)Task: {5FE7826E-33AF-4BC3-B8E5-C8BE0EDDA5D9} - System32\Tasks\Michael => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {604F5EA3-E281-4302-9613-FBAFFB73D687} - System32\Tasks\Michael1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {75A6CB7A-9427-42C9-98C0-586D8CE22D67} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)Task: {807C08A2-4FC3-47DC-88C4-CD391802F830} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-12-27] ()Task: {8A4C0555-D56C-4AE9-B90A-4B3CE3DD67B6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {924D5366-139F-4C72-94EE-BE9C7FFF61A2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\WSCStub.exeTask: {95FB0B2C-4F3C-4754-A146-2DBBB6AF94A0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {964747F0-34A0-4C74-9C33-16F452372B04} - System32\Tasks\Michael Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {976959AE-32D6-4BD5-8E34-FB4DE193DB2B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30] (Seagate Technology LLC)Task: {9A638AC0-F266-4475-A5BD-F1427EF5F8D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exeTask: {9BC687D5-37EB-4217-B381-AB67F626A3C7} - System32\Tasks\Michael1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)Task: {9E71A6C5-0199-4C99-98FD-5DB06B600076} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {A2230D63-EDFF-41B9-9774-3B2AD59D4D61} - System32\Tasks\Western Digital\SmartWare\____Volume_85498e1f_114e_404b_8437_5d470f1fbe7a______Volume_79f342d3_c364_11e3_bea6_74e543952f6d__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-12-02] (Western Digital Technologies, Inc.)Task: {A26612F3-6A02-4A92-ADBC-4656488E55D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)Task: {A6B44D2C-6406-4304-B792-B3119BA2C1C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {AB3EDCD2-4931-4223-B931-2B73810DC1A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {BBA801E3-C239-436A-AF40-3816C2522ED7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\SymErr.exeTask: {BE6E812B-B887-4FD4-A438-52BB490C0D60} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)Task: {DA9C8428-C181-4CAE-8C2C-09ACCF867C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11] (Google Inc.)Task: {E0BFD16C-67B4-4EC1-A91E-DF7786693E7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {E374CD52-0AEC-46DF-AC9B-E4212CA11FAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-02-03] (Microsoft)Task: {E513CC8B-5EFB-4BD6-827C-9729C8DD480A} - System32\Tasks\HPCeeScheduleForMichael => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {FECC3F87-24E3-488E-8BBF-FCC1EE7ACBA7} - System32\Tasks\{34C24717-83B7-4CA3-879A-425DBA510E1D} => pcalua.exe -a C:\PROGRA~2\WSE_VO~1\\uninstall.exe -c /uninstallerTask: {FF6DC57D-D6C5-4BB9-BCC9-689CFC0283BE} - System32\Tasks\Michael DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30] (Seagate Technology LLC)Task: {FFD4E82B-807F-497E-B093-D8C6C876B272} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\SymErr.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exeTask: C:\WINDOWS\Tasks\HPCeeScheduleForMichael.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe==================== Loaded Modules (whitelisted) ==============2012-06-20 14:48 - 2012-06-20 14:48 - 00457360 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe2012-07-11 00:04 - 2012-07-11 00:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe2013-05-12 00:10 - 2013-05-12 00:10 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll2012-07-05 18:47 - 2012-07-05 18:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-11-10 19:14 - 2014-11-10 19:14 - 00120224 _____ () C:\Users\Michael\AppData\Local\assembly\dl3\QYXQLPVC.WNV\JLCBHRQG.1V3\086d8dd9\00ef7209_0886cd01\HPItunesModule.DLL2012-11-04 12:42 - 2012-11-04 12:42 - 00071992 _____ () C:\Program Files\Logitech\SetPointP\WinRTProxy.DLL2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll2014-12-27 11:09 - 2014-12-27 11:09 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe2012-07-11 00:04 - 2012-07-11 00:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll2012-07-11 00:04 - 2012-07-11 00:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll2012-07-11 00:04 - 2012-07-11 00:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2012-10-13 14:10 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2015-01-30 18:18 - 2015-01-26 22:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll2015-01-30 18:18 - 2015-01-26 22:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll2015-01-30 18:18 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\WINDOWS\system32\Drivers\iwhfevoo.sys:changelistAlternateDataStreams: C:\Users\Michael\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\Michael\Documents\CineMagic.dmsd:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow0.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow1.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow2.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow3.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow4.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow5.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow6.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow7.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow8.dmsm:Roxio EMC StreamAlternateDataStreams: C:\Users\Michael\Documents\Slideshow9.dmsm:Roxio EMC Stream==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) ===============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== Other Registry Areas =====================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\Control Panel\Desktop\\Wallpaper -> ==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\Run32: => "DBAgent"HKU\S-1-5-21-3304380047-1144064881-2346535376-1001\...\StartupApproved\Run: => "Uploader"==================== Accounts: =============================Administrator (S-1-5-21-3304380047-1144064881-2346535376-500 - Administrator - Disabled)Guest (S-1-5-21-3304380047-1144064881-2346535376-501 - Limited - Disabled)Michael (S-1-5-21-3304380047-1144064881-2346535376-1001 - Administrator - Enabled) => C:\Users\Michael==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/04/2015 05:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.94, time stamp: 0x54c6efe4Faulting module name: delegate_execute.exe, version: 40.0.2214.94, time stamp: 0x54c6efe4Exception code: 0xc0000005Fault offset: 0x0002bdabFaulting process id: 0xcb4Faulting application start time: 0xdelegate_execute.exe0Faulting application path: delegate_execute.exe1Faulting module path: delegate_execute.exe2Report Id: delegate_execute.exe3Faulting package full name: delegate_execute.exe4Faulting package-relative application ID: delegate_execute.exe5Error: (02/01/2015 04:57:21 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program mmamain.exe version 1.5.0.41 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 2034Start Time: 01d03e6a00a79f8dTermination Time: 4294967295Application Path: C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exeReport Id: 4b4cfc09-aa5d-11e4-beda-74e543952f6dFaulting package full name: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdpFaulting package-relative application ID: AppError: (02/01/2015 04:57:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: BASEMENTDESKTOP)Description: App SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+App did not launch within its allotted time.Error: (01/30/2015 06:15:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BASEMENTDESKTOP)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (01/30/2015 06:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.93, time stamp: 0x54c45c3fFaulting module name: delegate_execute.exe, version: 40.0.2214.93, time stamp: 0x54c45c3fException code: 0xc0000005Fault offset: 0x0002bdabFaulting process id: 0x14a4Faulting application start time: 0xdelegate_execute.exe0Faulting application path: delegate_execute.exe1Faulting module path: delegate_execute.exe2Report Id: delegate_execute.exe3Faulting package full name: delegate_execute.exe4Faulting package-relative application ID: delegate_execute.exe5Error: (01/28/2015 09:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: 0x4ec8881eFaulting module name: pdge3260.dll, version: 6.0.12.6238, time stamp: 0x4e7cfe8fException code: 0xc0000005Fault offset: 0x00153e0cFaulting process id: 0x1af0Faulting application start time: 0xrhapsody.exe0Faulting application path: rhapsody.exe1Faulting module path: rhapsody.exe2Report Id: rhapsody.exe3Faulting package full name: rhapsody.exe4Faulting package-relative application ID: rhapsody.exe5Error: (01/26/2015 08:43:07 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4Error: (01/26/2015 08:43:03 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll4Error: (01/25/2015 01:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rhapsody.exe, version: 4.0.6.14, time stamp: 0x4ec8881eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc00000fdFault offset: 0x774e8a5dFaulting process id: 0x17e8Faulting application start time: 0xrhapsody.exe0Faulting application path: rhapsody.exe1Faulting module path: rhapsody.exe2Report Id: rhapsody.exe3Faulting package full name: rhapsody.exe4Faulting package-relative application ID: rhapsody.exe5Error: (01/25/2015 00:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.91, time stamp: 0x54bf0566Faulting module name: delegate_execute.exe, version: 40.0.2214.91, time stamp: 0x54bf0566Exception code: 0xc0000005Fault offset: 0x0002bdabFaulting process id: 0x29d4Faulting application start time: 0xdelegate_execute.exe0Faulting application path: delegate_execute.exe1Faulting module path: delegate_execute.exe2Report Id: delegate_execute.exe3Faulting package full name: delegate_execute.exe4Faulting package-relative application ID: delegate_execute.exe5System errors:=============Error: (02/04/2015 05:36:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/04/2015 05:36:49 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/02/2015 01:42:03 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/02/2015 01:41:55 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 10:39:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 10:39:12 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 03:20:11 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (02/01/2015 03:20:02 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (01/31/2015 05:33:20 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datError: (01/31/2015 05:33:07 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: BASEMENTDESKTOP)Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-3304380047-1144064881-2346535376-1001-0-ntuser.datMicrosoft Office Sessions:=========================Error: (02/04/2015 05:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: delegate_execute.exe40.0.2214.9454c6efe4delegate_execute.exe40.0.2214.9454c6efe4c00000050002bdabcb401d040cb0e512d3cC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe5712e8fc-acbe-11e4-beda-74e543952f6dError: (02/01/2015 04:57:21 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: mmamain.exe1.5.0.41203401d03e6a00a79f8d4294967295C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe4b4cfc09-aa5d-11e4-beda-74e543952f6dSymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdpAppError: (02/01/2015 04:57:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: BASEMENTDESKTOP)Description: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+AppError: (01/30/2015 06:15:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BASEMENTDESKTOP)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174Error: (01/30/2015 06:02:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: delegate_execute.exe40.0.2214.9354c45c3fdelegate_execute.exe40.0.2214.9354c45c3fc00000050002bdab14a401d03ce0c62aab97C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\delegate_execute.exe04b4f21a-a8d4-11e4-beda-74e543952f6dError: (01/28/2015 09:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: rhapsody.exe4.0.6.144ec8881epdge3260.dll6.0.12.62384e7cfe8fc000000500153e0c1af001d03b5af965fff5C:\Program Files (x86)\Rhapsody\rhapsody.exeC:\Program Files (x86)\Rhapsody\Modules\pdge3260.dllb3ec2975-a75a-11e4-beda-74e543952f6dError: (01/26/2015 08:43:07 PM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4Error: (01/26/2015 08:43:03 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll4Error: (01/25/2015 01:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: rhapsody.exe4.0.6.144ec8881eunknown0.0.0.000000000c00000fd774e8a5d17e801d038c949831d0aC:\Program Files (x86)\Rhapsody\rhapsody.exeunknownad06a0e4-a4bc-11e4-bed9-74e543952f6dError: (01/25/2015 00:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: delegate_execute.exe40.0.2214.9154bf0566delegate_execute.exe40.0.2214.9154bf0566c00000050002bdab29d401d038c534abc337C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\delegate_execute.exe72b54ae3-a4b8-11e4-bed9-74e543952f6dCodeIntegrity Errors:=================================== Date: 2015-02-02 22:07:27.123 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 22:07:27.046 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 22:07:26.952 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 22:07:25.591 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 06:22:28.908 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 06:22:28.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 06:22:28.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 06:22:28.613 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 06:22:28.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 06:22:28.438 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info =========================== Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics Percentage of memory in use: 26%Total physical RAM: 7575.51 MBAvailable physical RAM: 5582.12 MBTotal Pagefile: 8791.51 MBAvailable Pagefile: 5134.86 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.82 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:909.91 GB) (Free:570.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive d: (Recovery Image) (Fixed) (Total:19.69 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: C6696C19)Partition: GPT Partition Type.==================== End Of Log ============================ -
fixlist.txt
HKLM-x32\...\Run: [Ogudymy] => C:\Users\Michael\AppData\Roaming\Wyfehe\keolumk.exeAppInit_DLLs-x32: C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll => C:/PROGRA~3/{F30C1~1/171~1.0/cale.dll [649216 2015-01-18] ()ProxyServer: [S-1-5-21-3304380047-1144064881-2346535376-1001] => http=127.0.0.1:49250;https=127.0.0.1:49250SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=SearchScopes: HKU\S-1-5-21-3304380047-1144064881-2346535376-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFCHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir=CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_adkpub_15_03_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0ByCtBzztByBtAyByD0BtN0D0Tzu0StCtCtCtAtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0DyD0BtD0EyEzztG0Azz0EtCtG0D0AyEyCtGtA0E0ByCtGyE0AtBtCyEyD0B0EzzzytAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyE0EtCyD0B0AyDtGtAyDtCzztGyE0C0AyEtGzzyDyCtDtGyD0ByCtBtDtByCtD0AtDzzyD2Q&cr=681135654&ir="C:\Users\Michael\AppData\Roaming\WyfeheC:\PROGRA~3\{F30C1~1\EmptyTemp:
No problems on this end.
which appears to be for a period of 6 months.
Google Chrome Critical Error after update
in Malwarebytes for Windows Support Forum
Posted
Thanks so much for the clear and understandable answer.