golfnut123 Posted January 27, 2017 ID:1096562 Share Posted January 27, 2017 I suggested to a good friend to buy the pro version of malwarebytes. He did as I told him and even went as far as bringing it to me to help him do this. I have installed malwarebytes on hundreds of computers over the years and never once had any problem until the last two I installed it on. Both were running windows 10 upgraded from windows 7. On this one this morning after many tries I was finally able to get back to the desktop and don't have a clue how. I rebooted it again and same thing. Again I tried at least 10 times before I could get back to his desktop. I then went into malwarebytes and all that was quarantined ( 776 mostly PUP's I restored back to where they were before I ran malwarebytes. It now will boot find. I tried it 10 times and each time I would sign in and back to the desktop. I know there has to be a fix for this. This computer is still infected but I am not running anything until I find out what caused this to happen today. Last week almost the same thing happened after I removed AVG with the uninstall utility and when it asked to reboot I got to a desktop telling me a temp profile had be created. I rebooted it several times and finally got back to where it was. I told them to just leave the computer on until I found a fix. Both of these computers I ran malwarebytes on. This morning I know for a fact that removing the things that malwarebytes found and then removing them and rebooting caused this annoying problem. Thanks for any help on this. Link to post Share on other sites More sharing options...
kevinf80 Posted January 28, 2017 ID:1096760 Share Posted January 28, 2017 Hello golfnut123 and welcome to Malwarebytes, As the PC owner has a Premium version it would be better placed to seek help/advice at consumer support. Go to the following link, scroll to the bottom of the page and select "Contact us now" tab. Create a support ticket, from there you will receive professional support...https://support.malwarebytes.com/?b_id=6400 Please reply and let me know the outcome, if you want to continue here instead post back and let me know.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
golfnut123 Posted January 28, 2017 Author ID:1096811 Share Posted January 28, 2017 I think I would just like to continue to post here instead. I do recommend the free version of malwarebytes and have for years. I have worked with computers since 1996 so I know my way around pretty good. I have also been in several jams over the years and most of the time I could always get myself out. This puzzle just has me scared to ever tell anyone to download malwarebytes again on a windows 10 computer. What are the odds on this happening two times in a row as many times as I have used this great program? I tell people that malwarebytes is more important than antivirus which I do believe to be the case. I do know for a fact on the computer I was helping with yesterday that malwarebytes did cause this problem. I removed the 700 + things that malwarebytes had quarantined and put them back on the hard drive and the problem went away. Most of the bad things were PUP's but there were so many I didn't take the time to research all of them. I know it took some time to remove them when I first ran malwarebytes and after it rebooted I knew things were not going to be good. The man that owned this computer was sitting right with me when I ran the program and I did warn him what might happen but really didn't think it would. I was prompted to sign in with his password but it would never go to the desktop. A message came up saying something about the profile but I was a little mad at this happening I didn't take the time to read the exact message. After many restarts I was finally able to get back to his desktop. Whew Surely someone else has had this annoying problem. I am glad I was able to get his things back but his computer is still infected with those 700 + bad things so which router do I go now. Safe mode is not like windows 7 so I could not get there from the sign in menu or hitting any keys when booting. I am lost. Link to post Share on other sites More sharing options...
kevinf80 Posted January 28, 2017 ID:1096814 Share Posted January 28, 2017 Ok run the following and post the produced logs... Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs... Thank you, Kevin.. Link to post Share on other sites More sharing options...
Domina Posted January 28, 2017 ID:1096819 Share Posted January 28, 2017 I think the startup folder is infected so mbam can't uninfect and deletes some files from it ask customer support. Link to post Share on other sites More sharing options...
golfnut123 Posted January 28, 2017 Author ID:1096821 Share Posted January 28, 2017 Here is the log from the 1st computer that I had this problem with. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017 Ran by maryclyne (administrator) on MARYCLYNE-PC (19-01-2017 18:14:36) Running from C:\Users\maryclyne\Desktop Loaded Profiles: maryclyne & (Available Profiles: maryclyne & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe () C:\Program Files (x86)\Scan PC\ScPCS64.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [CXMon] => C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [45056 2001-09-19] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-09-07] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [AvgUpdater0215tb] => C:\ProgramData\Avg_Update_0215tb\0215tb_{0DEA67E6-A2B7-4B78-BEF5-50950E19908C}.exe [2794520 2015-02-25] () HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-08] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3f0c7b0a-9f43-4879-bb7f-6a2435db6b4b}: [DhcpNameServer] 192.54.112.29 Tcpip\..\Interfaces\{d3aecf30-0f20-4eed-8980-9f66bbf05645}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131293409641340428&GUID=2A27879B-698C-4A25-BE53-7CEDD32345F3 SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={9BFD4479-CF0E-43F7-8254-A062EDC7F20B}&mid=5dcea6de5f9f47d0aaadf123cca0969a-1d089d566809ac21f2aa52c872850781330c4233&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 18:17:50&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms} BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-23] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-11-01] (Yahoo! Inc) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.) Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-23] (Google Inc.) Toolbar: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-09-07] (AVG Secure Search) FireFox: ======== FF DefaultProfile: e6rx6nnj.default FF ProfilePath: C:\Users\maryclyne\AppData\Roaming\Mozilla\Firefox\Profiles\e6rx6nnj.default [2017-01-19] FF Homepage: Mozilla\Firefox\Profiles\e6rx6nnj.default -> google.com FF Extension: (uBlock Origin) - C:\Users\maryclyne\AppData\Roaming\Mozilla\Firefox\Profiles\e6rx6nnj.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-19] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 FF Extension: (AVG SafeGuard toolbar) - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-05] [not signed] FF HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File] FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3319612&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPD5904585-3625-4287-98D7-0D9E3F54FEB6&SSPV= CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/" CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD5904585-3625-4287-98D7-0D9E3F54FEB6&q={searchTerms}&SSPV= CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultSuggestURL: Default -> hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll => No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Profile: C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default [2016-01-26] CHR Extension: (Ask Toolbar) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-05-05] CHR Extension: (Google Docs) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31] CHR Extension: (YouTube) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04] CHR Extension: (Google Search) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-31] CHR Extension: (Google Docs Offline) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-31] CHR Extension: (Installl Converter A) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepklnbloplpapghhenhamaomkechegb [2015-02-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30] CHR Extension: (Gmail) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-05] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 Scan2PC; C:\Program Files (x86)\Scan PC\ScPCS64.exe [93184 2010-06-17] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) R2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-09-07] (AVG Secure Search) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] () R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-19] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-19] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-19] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-19] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-19] (Malwarebytes) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-14] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-19] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-19 18:14 - 2017-01-19 18:20 - 00026362 _____ C:\Users\maryclyne\Desktop\FRST.txt 2017-01-19 18:13 - 2017-01-19 18:14 - 00000000 ____D C:\FRST 2017-01-19 18:11 - 2017-01-19 18:13 - 02419712 _____ (Farbar) C:\Users\maryclyne\Desktop\FRST64.exe 2017-01-19 17:09 - 2017-01-19 18:03 - 00001295 _____ C:\Users\maryclyne\Desktop\Google Chrome.lnk 2017-01-19 16:27 - 2017-01-19 16:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-01-19 16:26 - 2017-01-19 16:26 - 00000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\ProgramData\RogueKiller 2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\Program Files\RogueKiller 2017-01-19 16:24 - 2017-01-19 16:25 - 34741672 _____ (Adlice Software ) C:\Users\maryclyne\Desktop\setup.exe 2017-01-19 15:37 - 2017-01-19 15:37 - 00000000 ____D C:\Users\maryclyne\AppData\Local\TeamViewer 2017-01-19 13:35 - 2017-01-19 16:08 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-19 13:35 - 2017-01-19 16:08 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-01-19 13:35 - 2017-01-19 16:08 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-01-19 13:35 - 2017-01-19 16:08 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-01-19 13:35 - 2017-01-19 13:35 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-01-19 13:34 - 2017-01-19 13:34 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-01-19 13:34 - 2017-01-19 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-19 13:34 - 2017-01-19 13:34 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-19 13:34 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-19 13:33 - 2017-01-19 13:33 - 54199488 _____ (Malwarebytes ) C:\Users\maryclyne\Desktop\mb3-setup-consumer-3.0.5.1299.exe 2017-01-19 13:29 - 2017-01-19 16:16 - 00000000 ____D C:\Users\maryclyne\AppData\LocalLow\Mozilla 2017-01-19 13:26 - 2017-01-19 13:26 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-01-19 13:26 - 2017-01-19 13:26 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-01-19 13:25 - 2017-01-19 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-19 13:18 - 2017-01-19 16:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-01-19 13:18 - 2017-01-19 13:18 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-01-19 13:18 - 2017-01-19 13:18 - 00001108 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-01-19 13:18 - 2017-01-19 13:18 - 00000000 ____D C:\Users\maryclyne\AppData\Roaming\TeamViewer 2017-01-11 12:41 - 2017-01-11 12:41 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-12-28 08:37 - 2017-01-19 09:00 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2016-12-27 20:48 - 2016-12-27 20:48 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2016-12-27 20:48 - 2016-12-27 20:48 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-12-23 09:05 - 2017-01-18 20:04 - 00003292 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-19 18:04 - 2015-10-30 01:11 - 00000000 ____D C:\Windows\CbsTemp 2017-01-19 17:50 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\AppReadiness 2017-01-19 17:41 - 2012-04-04 17:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-19 17:18 - 2015-12-27 15:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-19 17:18 - 2014-12-26 15:56 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-01-19 16:12 - 2014-12-26 16:56 - 00000000 ___RD C:\Users\maryclyne\iCloudDrive 2017-01-19 16:09 - 2004-08-28 18:12 - 00000000 ____D C:\TEMP 2017-01-19 16:07 - 2015-12-26 20:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-19 16:07 - 2015-12-26 19:19 - 00308432 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-19 16:05 - 2015-10-30 00:28 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-01-19 16:04 - 2015-12-26 19:30 - 00000000 ____D C:\Users\maryclyne 2017-01-19 15:45 - 2014-10-14 15:52 - 00000000 ____D C:\Users\maryclyne\AppData\Local\SlimWare Utilities Inc 2017-01-19 15:45 - 2013-11-17 16:31 - 00000000 ____D C:\Users\maryclyne\AppData\Local\NativeMessaging 2017-01-19 15:41 - 2015-12-27 10:03 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2017-01-19 15:05 - 2013-01-22 16:40 - 00000000 ____D C:\ProgramData\APN 2017-01-19 13:35 - 2012-11-19 11:09 - 00000000 ____D C:\Users\maryclyne\AppData\Local\Mozilla 2017-01-19 13:34 - 2012-01-22 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-19 13:29 - 2016-01-25 11:43 - 00000000 ____D C:\Users\maryclyne\AppData\Roaming\Mozilla 2017-01-19 13:26 - 2012-11-08 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-19 13:24 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 13:19 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-19 13:09 - 2016-01-25 15:58 - 00000496 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website 2017-01-19 12:42 - 2015-12-26 19:28 - 01009692 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-19 12:42 - 2015-10-30 01:21 - 00000000 ____D C:\Windows\INF 2017-01-19 11:15 - 2011-10-22 12:16 - 00000000 ____D C:\Users\maryclyne\AppData\Local\ElevatedDiagnostics 2017-01-18 20:37 - 2016-01-25 11:51 - 00000600 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Genealogy, Family Trees and Family History Records online - Ancestry.com.website 2017-01-18 20:23 - 2013-09-27 19:15 - 00000000 ____D C:\Users\maryclyne\Documents\Family Tree Maker 2017-01-18 20:04 - 2015-12-26 21:00 - 00002425 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-18 20:04 - 2015-12-26 21:00 - 00000000 ___RD C:\Users\maryclyne\OneDrive 2017-01-18 19:58 - 2015-02-20 09:34 - 00000000 ____D C:\Users\maryclyne\Desktop\Wayne's droid 2017-01-18 19:50 - 2013-07-02 16:49 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-11 12:41 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-11 12:41 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-28 08:41 - 2016-07-07 14:23 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk 2016-12-28 08:41 - 2015-08-17 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-12-27 20:56 - 2010-11-20 21:47 - 00547216 _____ C:\Windows\PFRO.log 2016-12-27 20:55 - 2015-12-26 19:28 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000002.regtrans-ms 2016-12-27 20:48 - 2013-01-22 19:26 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-12-27 19:29 - 2014-12-26 16:55 - 00003506 _____ C:\Windows\System32\Tasks\Apple Diagnostics 2016-12-23 09:25 - 2013-07-02 16:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-23 09:25 - 2013-07-02 16:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2012-07-28 11:53 - 2014-12-16 13:49 - 0000156 _____ () C:\Users\maryclyne\AppData\Roaming\default.rss 2013-01-23 18:51 - 2013-01-23 18:51 - 0000091 _____ () C:\Users\maryclyne\AppData\Roaming\mbam.context.scan 2014-11-05 15:09 - 2014-11-10 12:09 - 0000132 _____ () C:\Users\maryclyne\AppData\Roaming\WB.CFG 2012-07-01 13:41 - 2016-02-08 21:29 - 0004608 _____ () C:\Users\maryclyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-09 17:09 - 2014-11-09 17:09 - 0000001 _____ () C:\Users\maryclyne\AppData\Local\DSI.DAT 2012-11-05 14:34 - 2012-11-05 14:34 - 0000017 _____ () C:\Users\maryclyne\AppData\Local\resmon.resmoncfg 2014-12-29 15:03 - 2014-12-29 15:03 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-07-08 13:48 - 2012-11-06 18:36 - 0003044 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\Users\maryclyne\DMOrganizer.dat Some files in TEMP: ==================== C:\Users\maryclyne\AppData\Local\Temp\7E20.exe C:\Users\maryclyne\AppData\Local\Temp\avguirn_081421086240.exe C:\Users\maryclyne\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-19 10:38 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
golfnut123 Posted January 28, 2017 Author ID:1096826 Share Posted January 28, 2017 2nd log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017 Ran by maryclyne (19-01-2017 18:24:20) Running from C:\Users\maryclyne\Desktop Windows 10 Home Version 1511 (X64) (2015-12-27 02:50:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3304695931-2058254051-2897350217-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3304695931-2058254051-2897350217-503 - Limited - Disabled) Guest (S-1-5-21-3304695931-2058254051-2897350217-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3304695931-2058254051-2897350217-1002 - Limited - Enabled) maryclyne (S-1-5-21-3304695931-2058254051-2897350217-1000 - Administrator - Enabled) => C:\Users\maryclyne ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden 3100_3200_3300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 3100_3200_3300trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 3200 (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1424 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1424 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1124.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.) AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies) AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG Technologies) AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden ccc-core-static (x32 Version: 2010.0426.2136.36953 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.) Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Glance 2.9 (HKLM-x32\...\Glance_is1) (Version: - Glance Networks, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photo Imaging Software (HKLM-x32\...\HP Photo Imaging Software) (Version: - ) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.) LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - ) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC) Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.) OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Photo Explosion (HKLM-x32\...\{822944D4-BC5D-44AE-9315-16C174D318B0}) (Version: 4.0.0.12 - Nova Development) Picture Window 4.0 (HKLM-x32\...\{4F8D3FF1-1A21-4425-8518-4FC135FE8A92}) (Version: 4.0.1.12 - Digital Light & Color) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.) RogueKiller version 12.9.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.4.0 - Adlice Software) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Scan PC software for KODAK Personal Photo Scanner (HKLM-x32\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.3.0 - Q) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SoundTrax (x32 Version: 4.0.18.0 - Nero AG) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company) Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated) Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> no filepath ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0943B3D0-C70E-4375-A073-CD5ABE17C78F} - System32\Tasks\{90B00CC0-3CC0-4D37-A7F3-E2AE07C02FA3} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {0D63C88F-1823-43D4-8DAF-F4FB7D136340} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {0D7F051F-EF10-4343-9A5B-E726A1D9E9F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0F2FA3A3-13B6-4786-B584-4B58670FED3C} - System32\Tasks\{0DEC06D1-BA89-4197-8393-389B1FEC454F} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {129957BE-D085-460A-B247-3D5668FFD063} - System32\Tasks\{221D4751-FAA3-46C7-B9E9-B9D15E02C829} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll Task: {1356A73A-2B66-4C80-8D18-8D27EA89DE2F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated) Task: {17089F56-BCE4-4805-B2FF-20B589C41A24} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {178B0944-DE02-4A0F-BD40-8130C8E208F4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {1E0DF903-4635-4638-8513-8E2F410A701A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {1F077F7A-5C13-4056-A4A1-BFBD18CD6445} - System32\Tasks\{243E4A77-5CA0-4C66-A9B6-E9F4826C03B6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE [2007-04-09] (Microsoft Corporation) Task: {1F7E5989-7B35-446A-8B7D-EF195F07AF3C} - System32\Tasks\{DBC67EE3-ED2C-4FF5-B4CD-0AC4343AB2A6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {2072669E-3884-4C4D-B81A-8A75FBC27D3D} - System32\Tasks\{628CB38B-7452-4B85-9A17-5AA912C544D5} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {224EFD0C-B680-4ABD-A853-DAA8CC9BFBAC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {24D00D6E-CBBD-423F-89A3-4C10EA6B3358} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {298A95B1-9368-4EEB-9B4F-DC5E60A3969B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.) Task: {2C4E8127-BB81-443C-8029-93C369BAF703} - System32\Tasks\{14C17245-F2A9-4625-91AB-22A0A9109288} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {2D78E680-A02F-4C9E-A4A2-5541A60FB575} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {3418839B-88B9-4D1F-A0A7-85EE22212624} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {342274A7-62D2-47A6-B356-0C83120E3A29} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {349ADF61-3452-409B-8639-A18A6A977722} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3AF4E02B-1970-4850-A507-69697305082E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {3B98C873-B4F0-496E-A2CB-DED757E12C3A} - System32\Tasks\{0C9460EF-948D-4868-B394-A3F0DC760C90} => pcalua.exe -a "C:\Program Files (x86)\Install Converter\Install_Converter.exe" -d "C:\Program Files (x86)\Install Converter" Task: {4087C71B-B5BB-44CE-A305-E245061D480E} - System32\Tasks\{934D162F-3150-419A-937E-8116DF2005A6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {4704D7FD-7CE1-4D7F-8A1A-7C0594AF9CF1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {51B3E3AE-8C9D-427D-9562-80F7995B52B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {57DCDE58-2CD0-46B9-AF96-DCBE76A594CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {57EC3B17-B7F0-4DCF-B355-AC70A5843B63} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {57FC202B-950B-43C3-B900-C933B181A834} - System32\Tasks\{A29B6463-DE62-4E34-A89D-A5429355ADCF} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {5A3F6449-4BC0-4AD9-A58E-2E30FFE8D946} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {616DCBAE-3912-4E1F-BB44-3C06BAFA3AC2} - System32\Tasks\{490B122F-3E83-493B-B1DE-802A5F8003CA} => C:\FreeOCR\FreeOCR.exe Task: {6CBA18DC-F61B-456C-B4CD-888F24B73AD9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {6D79435F-A7DE-4918-821D-716747492380} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.) Task: {79F5D90E-B25D-4C51-95CE-E03BF4383CAF} - System32\Tasks\{2030E40D-4742-401C-8FA2-C71E8B78BF8A} => C:\FreeOCR\FreeOCR.exe Task: {84E2B2AE-6E81-4B10-A762-6BA938A726B9} - System32\Tasks\{E42EDBFF-FE16-45E4-92FB-BB326C12CE1D} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {87250C94-033C-4766-9634-49B7A0840E35} - System32\Tasks\{5E16BE52-FB5C-4216-B8A2-780CD89685C9} => C:\FreeOCR\FreeOCR.exe Task: {88876E95-5453-47BE-A7ED-33789F01C83B} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {88E80309-28DD-4FD5-ADEE-9EA63B4646CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {8B2F49DB-3CF0-44EF-B2D8-FBB7318211AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {900DC5FA-7746-4E90-A830-15BC849B67FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated) Task: {92CD9D2E-5451-4D43-9001-6FC244214B57} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {9518038E-C134-4D75-BF88-7B386347B507} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {96FC994D-F54E-4B90-94C3-A01DE458C12F} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {97069FF1-2079-4D52-97AF-75DD71A06373} - System32\Tasks\{0F6DEA0C-3876-4916-9E1A-3DC5A3C20851} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {98D92E22-78FC-4952-865C-8D1001959B85} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {993A2BE9-A6A6-4C50-9D6F-9A5A5A3F34DA} - System32\Tasks\{50389D1F-D20E-4183-B515-8BC23F385151} => E:\My Files\My Downloads\install_flash_player_ax.exe Task: {9ACA9F84-3090-4DAC-9EA8-F4522FE1C626} - System32\Tasks\{58DE4CDA-16D7-4C31-94E6-D59A85D6167B} => C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe [2012-01-26] (Barnes & Noble, Inc.) Task: {9DFE7699-6E67-401C-82B9-49C1D1B21BB2} - System32\Tasks\{03785062-BCB7-4763-A279-E8B0EB608670} => C:\FreeOCR\FreeOCR.exe Task: {9F584F07-8D0A-459B-8134-E039681FC534} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {AB6019DB-F6D4-4E98-B541-8ACD71BB5702} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {AB769E0B-B037-4B6E-A470-A0B3C4781D06} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {AD638837-326A-45F5-A531-D00CF517851B} - System32\Tasks\NeroLiveEpgUpdate-maryclyne-PC_maryclyne => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18] (Nero AG) Task: {AF275449-D427-49E1-8042-BCBF71905D6F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {B3BAFC73-C666-4389-AC4D-C974E2F85205} - System32\Tasks\{4DC94D3A-44DC-405C-B8A6-5D9214891642} => pcalua.exe -a D:\setup.exe -d D:\ Task: {B5976454-738A-4BDD-9600-9F352487DF84} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {B645446F-9BA2-420D-9ECC-E9F6497531C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B6CF8611-EC4E-4061-BC4F-E65CA93EFC7E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B7061A47-91B2-47FC-A1A1-BA26C2244EAC} - System32\Tasks\{3C9EFABC-BC97-484D-BA36-722397D33F19} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {BBC73CA3-9E55-4B89-BE38-143DA61B73AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {BC25C43B-77A3-4865-9F24-34B6EAC75154} - System32\Tasks\{84164796-CE53-4D82-8CB9-28CFEDAED3DE} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {BE95567A-868F-4DBD-B0AA-34AD0D6176EE} - System32\Tasks\{68C0DBDF-354D-4070-BBD9-DEE7AD503B28} => C:\FreeOCR\FreeOCR.exe Task: {C26EF1EA-D903-4100-A576-3787E852F4CC} - System32\Tasks\{6935A943-51B5-46DE-B342-9FA05F45965E} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com) Task: {C29704AA-ACAC-4A6C-8A68-04907570D84F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {C5444FAF-D423-49CD-B2B9-54756990C1B9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {CA842EDE-F67C-4DC6-AD8F-284307555278} - System32\Tasks\{11AADC47-A2B3-469A-AACF-504F57353C20} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {CE73AD1E-DBB5-481D-B6F6-9DD7450B5883} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {D5C3929C-0194-423F-9CB0-5473548812D8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {D75B3F78-3B2E-4283-A357-B5497DDBF617} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {DACA3D52-8725-49AB-92C0-E987DEC70BEA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {E90C961F-CDEB-4A1E-84B4-F3E589913720} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] () Task: {E97AB03C-51DA-4652-B4F3-944F35974EB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {F19F389A-2653-437F-9282-62404A92C88C} - System32\Tasks\{70215D4F-7167-4986-9D2D-673C43C3B98F} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {F1E7431C-4357-466C-941B-8C5B4305AF2D} - System32\Tasks\{36587F7D-BB5B-4589-8610-7CCB9DA74577} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {F44FE212-5936-42BE-B0F2-7A725B915EA8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {F5470E9B-173B-4DA0-BCFC-138A4F7E22E9} - System32\Tasks\{A289A9F9-8EF0-46DD-A2F5-4574092FB457} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {F75BE5E2-788C-4CA0-ABAD-AFC5F9899368} - System32\Tasks\{8A725581-5E97-4BF7-8C31-E0E8571B438C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {FA06DEF5-D2CB-4754-9B8C-0C8F44F91C7B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {FA1417D2-F88A-459C-8572-3AB3E6E3007D} - System32\Tasks\{973BCBA2-C895-4DBC-9547-8C0ADC4AE56E} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FA90E967-B7BE-48B0-BD48-1060173239C9} - System32\Tasks\{10ADD658-9A2C-43F9-994C-2346F26F87D7} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FB0040A5-3EC3-474F-89A2-DC2F32E3C8EF} - System32\Tasks\{A43A1EA8-5F1E-40A5-85CD-147076C063B6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FF56291F-811E-42E4-9F8D-ED01A8C1B4F3} - System32\Tasks\{73DF72D6-BFC0-4F01-B2D8-60C03CF438E8} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation) Task: {FF9E4A1D-37FD-4513-B63D-81073DC3761D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\NeroLiveEpgUpdate-maryclyne-PC_maryclyne.job => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2017-01-19 13:34 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-19 13:34 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-01-19 13:34 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2012-03-27 15:54 - 2010-06-17 08:46 - 00093184 _____ () C:\Program Files (x86)\Scan PC\ScPCS64.exe 2016-07-30 09:53 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-07-30 09:53 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll 2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2015-12-26 21:10 - 2015-12-26 21:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-30 09:58 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-30 09:53 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-30 09:53 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-30 09:53 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-30 09:53 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-09 18:44 - 2016-09-07 14:07 - 01707080 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe 2016-01-25 12:39 - 2016-01-25 12:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll 2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll 2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll 2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll 2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll 2010-06-28 16:20 - 2010-06-28 16:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 16:12 - 2010-06-28 16:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2013-10-31 09:05 - 2013-10-31 09:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-12-28 08:37 - 2016-12-28 08:37 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2011-06-23 20:21 - 2009-05-20 16:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2016-01-25 12:39 - 2016-01-25 12:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-25 12:39 - 2016-01-25 12:39 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302] AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302] AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302] AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.reg: Regedit.Document => <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\100sexlinks.com -> 100sexlinks.com There are 4792 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: Norton PC Checkup Application Launcher => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scan PC.lnk => C:\Windows\pss\Scan PC.lnk.CommonStartup MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: BringMeSports AppIntegrator 32-bit => C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator.exe MSCONFIG\startupreg: BringMeSports AppIntegrator 64-bit => C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator64.exe MSCONFIG\startupreg: BringMeSports EPM Support => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S MSCONFIG\startupreg: BringMeSports Search Scope Monitor => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [{969973B0-7598-457E-AE8D-E111B4FD047F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{11B9EC44-0AFC-4390-B704-E867596DAD8F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{9591AFA7-D3A1-4FA2-AA26-8F4F3C3FBAA5}] => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{ACB7B527-9692-45CA-BB7E-8299F7AC196B}] => LPort=5357 FirewallRules: [{3012DE9D-8B36-4A2F-BE95-9D134B6648D6}] => C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe FirewallRules: [{2C357B8A-9154-40B4-A654-B62B96B7D534}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{ABF38FA3-0A19-44A2-9D1C-BD068D740DF7}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{D7FCE6A6-41AC-48E8-8B9A-458A89E31569}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{88F4A63D-EF03-4DDE-8F70-B56CD7C18E43}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{DCCC0719-3048-4DFE-921F-ADC1A08ABA7D}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{1FCF2860-0B3B-45AA-BE2C-1940B61F0DB0}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{A324C362-EED1-40B2-B6DB-1A6D80114093}] => C:\Users\maryclyne\AppData\Local\Temp\7zS4793\HPDiagnosticCoreUI.exe FirewallRules: [{56FF070A-D463-4D7A-9A3A-A8B9177466B4}] => C:\Users\maryclyne\AppData\Local\Temp\7zS4793\HPDiagnosticCoreUI.exe FirewallRules: [{FC2EEC4E-7F1B-4EAC-93C3-C0C91E7593D3}] => C:\Users\maryclyne\AppData\Local\Temp\7zS3524\HPDiagnosticCoreUI.exe FirewallRules: [{07B5AB8F-D63A-4EC0-A134-64F22B8C6772}] => C:\Users\maryclyne\AppData\Local\Temp\7zS3524\HPDiagnosticCoreUI.exe FirewallRules: [{70F6CFA1-03B9-4302-86CD-AC10EB65A144}] => C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe FirewallRules: [{2C57E084-F5C4-42BB-B0CE-388DF41B681B}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe FirewallRules: [{36434DFA-ADE8-425A-872B-F56645046042}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe FirewallRules: [{112FD457-3D7E-4DD0-BB22-9BC2B07658D8}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe FirewallRules: [{2FB0B83A-8C4E-442E-AB5A-EFD2559EE6F0}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe FirewallRules: [{699607B1-9093-4AF3-9174-A6C09545A18B}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{B6AB620D-E81B-476C-9430-4109BDF82D1E}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{44B64FEF-5374-4088-8080-F93AD09FCD84}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{BF5BB368-04B6-42AC-82DA-4D5397A8C71B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{48A32EB9-541B-4396-97AA-94D175F4042E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{B6509D9D-885C-4CF9-A4FC-32E2730FCA35}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{B149F16F-7486-4B81-8B00-E8D000347CB2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{E78C71FC-3B14-4DE1-B629-D5A24E28F1AA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{B139A31E-B2D2-496A-BFE2-9C8B1EC76FFA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{CA6B04E8-854E-43A7-96A9-3240E41282C1}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{8B5FE821-282B-4F51-8512-F453C066B03A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{35BA3B84-3E96-480A-AF8A-35C31F91E07C}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{B49F7ECC-8D15-4BD4-8655-4706016DC2DB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{32EBC63B-D3FE-426A-9F00-A864790A1CD5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{E92C5369-118F-49ED-890F-D4534396594B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{E782DCC5-9BF1-43A5-829C-4C3DB17CA5D2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{B15BE39F-B37E-4D13-B5E1-DB62D3F408EA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{7843CFD2-48CC-499E-B8E1-7F5425456441}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{3D9E3D50-AF26-4A3B-90E4-B57D352BAC14}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{488773EB-DD12-4718-9E0C-684EAA5CF507}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{955FC20D-684C-452B-BDF9-5282A24D1B3B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{2E3B6824-4FC4-4F44-822E-F7D91D87BAA1}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{B438B11D-E5DE-4BB4-AE41-74722BC70F6F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{0976330B-3E2E-4E7D-B607-39A0819D4491}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{1405C72D-985A-4C39-8CBE-4F19C5B5E478}] => LPort=7000 FirewallRules: [{7EF58C20-E1AA-4186-8EF8-44C0CA09709E}] => LPort=7000 FirewallRules: [{E5539E5C-4FEB-4A63-9304-54E6B46BC7EC}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{5B02E6D2-5606-4A26-904F-A66368F685BB}] => C:\Windows\System32\migwiz\migwiz.exe FirewallRules: [{5B4B6ED9-AA0E-4F83-B2E0-6B23FE8BD902}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{EF0B3B96-11D1-4B34-9C84-494ABB1431E9}] => c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{C8B28F75-D0F7-4441-B6E0-F422D5B4B137}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{99F745CA-7426-4B1A-B994-26B5B4D65B84}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{1CE3775E-B7F1-498E-B72E-0CD4E1E0BBAF}] => LPort=1900 FirewallRules: [{EBAB509F-E5A3-4F5C-8100-E40DC0935DE8}] => LPort=2869 FirewallRules: [{64C2E9DE-5D53-492D-B92A-B37608C3B569}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{96492B46-7074-4D87-9701-5B27CA7751D8}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{451F92F1-8D52-4978-BDB8-E5AD3354CE7D}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{89DB5EE8-41A1-4927-9AAF-67B8E370B436}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{F1A14C6F-6B28-4706-9B7E-6C7324D7B734}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{7F33DE16-2219-4337-A7A9-448310803418}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{4916451C-E384-4469-A9AB-E3D4912FAA16}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{83052505-3951-402D-B9FB-C10ED296554B}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{760D945D-70E1-40A5-BD8C-2B7D23F90CE5}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51C1DDDC-F2FF-4E94-A555-99F678C91904}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{81BEA391-A982-4955-BC29-57CF11A06641}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2E9B4F0A-F586-401D-9D40-5227AFBF41C1}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [{0EBD2EAF-9625-4C8E-B1CB-CC3321433717}] => C:\Users\maryclyne\AppData\Local\Temp\7zS7BB0\HPDiagnosticCoreUI.exe FirewallRules: [{2759FF56-2DC6-46DC-9056-6420C102E291}] => C:\Users\maryclyne\AppData\Local\Temp\7zS7BB0\HPDiagnosticCoreUI.exe FirewallRules: [{3BF722B8-1C2C-447C-8A3B-A755B11F66D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{56D9A094-2B5E-4C0A-89EB-35D6B088F63E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{5C0CA0E4-E679-4DF9-8977-D762E16F6129}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C856E4EC-C671-4A5B-BC9F-9510D8FFF381}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{49691F78-A11B-4D79-B78F-658037419625}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B89B709D-5334-4FFD-B97F-DD8CFEF0856F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AE28D09D-754B-4A5F-8017-B61498E074DA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/19/2017 04:57:10 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\ScratchBox\ScratchBox.ocx.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:57:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\SoundBox\SoundBox.ocx.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:57:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\MultiChannelDll\MultiChannel.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:57:02 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\WEDll\waveedit.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:53:40 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnap.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest. Error: (01/19/2017 04:33:36 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\MultiChannelDll\MultiChannel.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:33:36 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\WEDll\waveedit.dll.Manifest". Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/19/2017 04:29:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest. Error: (01/19/2017 04:29:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest. Error: (01/19/2017 04:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARYCLYNE-PC) Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (01/19/2017 06:03:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/19/2017 05:09:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/19/2017 04:13:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The File History Service service hung on starting. Error: (01/19/2017 04:11:20 PM) (Source: DCOM) (EventID: 10001) (User: MARYCLYNE-PC) Description: Unable to start a DCOM Server: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca as Unavailable/Unavailable. The error: "15616" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer Error: (01/19/2017 04:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetMsmqActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/19/2017 04:08:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect. Error: (01/19/2017 04:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetPipeActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/19/2017 04:07:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect. Error: (01/19/2017 04:07:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (01/19/2017 04:07:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. CodeIntegrity: =================================== Date: 2017-01-19 15:55:09.771 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 15:55:09.702 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 15:55:08.133 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 13:29:08.526 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 13:29:08.472 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 13:29:08.320 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 11:54:24.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-19 11:52:01.504 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 11:52:01.246 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-19 11:21:28.212 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD Phenom(tm) II N970 Quad-Core Processor Percentage of memory in use: 80% Total physical RAM: 3838.17 MB Available physical RAM: 743.55 MB Total Virtual: 7678.17 MB Available Virtual: 4033.4 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:452.04 GB) (Free:244.75 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 38CCD7A3) Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=449 MB) - (Type=27) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted January 28, 2017 ID:1096894 Share Posted January 28, 2017 Thanks for those logs, continue as follows: Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop. Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All". Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button. Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract". From the newly extracted files, right click on and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.) A screen like this should appear: Type a custom name in Backup Name if you want, then choose Backup Now. If backup is successful, a message will appear at the lower half of the screen with an option to view logs. The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings. Close Tweaking.com Registry Backup when done. Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Uninstall the following using GeekUninstaller: AVG AVG SafeGuard toolbar AVG Zen Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information) Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required. Run the tool, the main GUI will populate with installed programs list, Left click on Program name to highlight that entry. Select Action from the Menu bar, then Uninstall from there follow the prompts. If Uninstall fails open the "Action" menu one more time and use "Force Removal" option Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in your next reply... Thank you, Kevin.... fixlist.txt Link to post Share on other sites More sharing options...
golfnut123 Posted January 28, 2017 Author ID:1096929 Share Posted January 28, 2017 I don't have this computer in front of me now. It is a friends so it may be a few days before I get him to bring it over. THANKS and I will get back. Link to post Share on other sites More sharing options...
kevinf80 Posted January 28, 2017 ID:1096933 Share Posted January 28, 2017 Ok, your friend should not use the PC whilst we are making fixes.... Link to post Share on other sites More sharing options...
kevinf80 Posted February 5, 2017 ID:1099269 Share Posted February 5, 2017 Do you still need help...? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 11, 2017 Root Admin ID:1100899 Share Posted February 11, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts