Jump to content

Recommended Posts

I suggested to a good friend to buy the pro version of malwarebytes.  He did as I told him and even went as far as bringing it to me to help him do this.  I have installed malwarebytes on hundreds of computers over the years and never once had any problem until the last two I installed it on.  Both were running windows 10 upgraded from windows 7.  On this one this morning after many tries I was finally able to get back to the desktop and don't have a clue how. 

 

     I rebooted it again and same thing.  Again I tried at least 10 times before I could get back to his desktop.  I then went into malwarebytes and all that was quarantined ( 776 mostly PUP's I restored back to where they were before I ran malwarebytes.  It now will boot find.  I tried it 10 times and each time I would sign in and back to the desktop.  

 

    I know there has to be a fix for this.  This computer is still infected but I am not running anything until I find out what caused this to happen today.  

 

   Last week almost the same thing happened after I removed AVG with the uninstall utility and when it asked to reboot I got to a desktop telling me a temp profile had be created.  I rebooted it several times and finally got back to where it was.  I told them to just leave the computer on until I found a fix.  Both of these computers I ran malwarebytes on.  This morning I know for a fact that removing the things that malwarebytes found and then removing them and rebooting caused this annoying problem.  Thanks for any help on this. 

Link to post
Share on other sites

Hello golfnut123 and welcome to Malwarebytes,

As the PC owner has a Premium version it would be better placed to seek help/advice at consumer support. Go to the following link, scroll to the bottom of the page and select "Contact us now" tab. Create a support ticket, from there you will receive professional support...

https://support.malwarebytes.com/?b_id=6400

Please reply and let me know the outcome, if you want to continue here instead post back and let me know....

Thank you,

Kevin....
Link to post
Share on other sites

I think I would just like to continue to post here instead.  I do recommend the free version of malwarebytes and have for years.  I have worked with computers since 1996 so I know my way around pretty good.  I have also been in several jams over the years and most of the time I could always get myself out.   This puzzle just has me scared to ever tell anyone to download malwarebytes again on a windows 10 computer. 

 

     What are the odds on this happening two times in a row as many times as I have used this great program?   I tell people that malwarebytes is more important than antivirus which I do believe to be the case.   

 

    I do know for a fact on the computer I was helping with yesterday that malwarebytes did cause this problem.  I removed the 700 + things that malwarebytes had quarantined and put them back on the hard drive and the problem went away.  Most of the bad things were PUP's but there were so many I didn't take the time to research all of them. 

 

   I know it took some time to remove them when I first ran malwarebytes and after it rebooted I knew things were not going to be good.  The man that owned this computer was sitting right with me when I ran the program and I did warn him what might happen but really didn't think it would.  I was prompted to sign in with his password but it would never go to the desktop.  A message came up saying something about the profile but I was a little mad at this happening I didn't take the time to read the exact message.  After many restarts I was finally able to get back to his desktop.  Whew :)

 

    Surely someone else has had this annoying problem.  I am glad I was able to get his things back but his computer is still infected with those 700 + bad things so which router do I go now.  Safe mode is not like windows 7 so I could not get there from the sign in  menu or hitting any keys when booting. I am lost.    

Link to post
Share on other sites

Ok run the following and post the produced logs...

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Here is the log from the 1st computer that I had this problem with. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by maryclyne (administrator) on MARYCLYNE-PC (19-01-2017 18:14:36)
Running from C:\Users\maryclyne\Desktop
Loaded Profiles: maryclyne &  (Available Profiles: maryclyne & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Scan PC\ScPCS64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [CXMon] => C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [45056 2001-09-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-09-07] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Run: [AvgUpdater0215tb] => C:\ProgramData\Avg_Update_0215tb\0215tb_{0DEA67E6-A2B7-4B78-BEF5-50950E19908C}.exe [2794520 2015-02-25] ()
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\RunOnce: [Uninstall C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\maryclyne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3f0c7b0a-9f43-4879-bb7f-6a2435db6b4b}: [DhcpNameServer] 192.54.112.29
Tcpip\..\Interfaces\{d3aecf30-0f20-4eed-8980-9f66bbf05645}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131293409641340428&GUID=2A27879B-698C-4A25-BE53-7CEDD32345F3
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={9BFD4479-CF0E-43F7-8254-A062EDC7F20B}&mid=5dcea6de5f9f47d0aaadf123cca0969a-1d089d566809ac21f2aa52c872850781330c4233&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 18:17:50&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-23] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-11-01] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-11-01] (Yahoo! Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-09-07] (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-23] (Google Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-09-07] (AVG Secure Search)

FireFox:
========
FF DefaultProfile: e6rx6nnj.default
FF ProfilePath: C:\Users\maryclyne\AppData\Roaming\Mozilla\Firefox\Profiles\e6rx6nnj.default [2017-01-19]
FF Homepage: Mozilla\Firefox\Profiles\e6rx6nnj.default -> google.com
FF Extension: (uBlock Origin) - C:\Users\maryclyne\AppData\Roaming\Mozilla\Firefox\Profiles\e6rx6nnj.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: (AVG SafeGuard toolbar) - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-05] [not signed]
FF HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3319612&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPD5904585-3625-4287-98D7-0D9E3F54FEB6&SSPV=
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD5904585-3625-4287-98D7-0D9E3F54FEB6&q={searchTerms}&SSPV=
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default [2016-01-26]
CHR Extension: (Ask Toolbar) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2015-05-05]
CHR Extension: (Google Docs) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31]
CHR Extension: (YouTube) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-31]
CHR Extension: (Google Docs Offline) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-31]
CHR Extension: (Installl Converter A) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lepklnbloplpapghhenhamaomkechegb [2015-02-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30]
CHR Extension: (Gmail) - C:\Users\maryclyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Scan2PC; C:\Program Files (x86)\Scan PC\ScPCS64.exe [93184 2010-06-17] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-09-07] (AVG Secure Search)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-19] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-19] (Malwarebytes)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-14] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-19] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 18:14 - 2017-01-19 18:20 - 00026362 _____ C:\Users\maryclyne\Desktop\FRST.txt
2017-01-19 18:13 - 2017-01-19 18:14 - 00000000 ____D C:\FRST
2017-01-19 18:11 - 2017-01-19 18:13 - 02419712 _____ (Farbar) C:\Users\maryclyne\Desktop\FRST64.exe
2017-01-19 17:09 - 2017-01-19 18:03 - 00001295 _____ C:\Users\maryclyne\Desktop\Google Chrome.lnk
2017-01-19 16:27 - 2017-01-19 16:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-19 16:26 - 2017-01-19 16:26 - 00000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-19 16:26 - 2017-01-19 16:26 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-19 16:24 - 2017-01-19 16:25 - 34741672 _____ (Adlice Software ) C:\Users\maryclyne\Desktop\setup.exe
2017-01-19 15:37 - 2017-01-19 15:37 - 00000000 ____D C:\Users\maryclyne\AppData\Local\TeamViewer
2017-01-19 13:35 - 2017-01-19 16:08 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-19 13:35 - 2017-01-19 16:08 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-19 13:35 - 2017-01-19 16:08 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-19 13:35 - 2017-01-19 16:08 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-19 13:35 - 2017-01-19 13:35 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-19 13:34 - 2017-01-19 13:34 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-19 13:34 - 2017-01-19 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-19 13:34 - 2017-01-19 13:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-19 13:34 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-19 13:33 - 2017-01-19 13:33 - 54199488 _____ (Malwarebytes ) C:\Users\maryclyne\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-19 13:29 - 2017-01-19 16:16 - 00000000 ____D C:\Users\maryclyne\AppData\LocalLow\Mozilla
2017-01-19 13:26 - 2017-01-19 13:26 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-19 13:26 - 2017-01-19 13:26 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-19 13:25 - 2017-01-19 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-19 13:18 - 2017-01-19 16:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-19 13:18 - 2017-01-19 13:18 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-01-19 13:18 - 2017-01-19 13:18 - 00001108 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-01-19 13:18 - 2017-01-19 13:18 - 00000000 ____D C:\Users\maryclyne\AppData\Roaming\TeamViewer
2017-01-11 12:41 - 2017-01-11 12:41 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-12-28 08:37 - 2017-01-19 09:00 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-27 20:48 - 2016-12-27 20:48 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-12-27 20:48 - 2016-12-27 20:48 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-23 09:05 - 2017-01-18 20:04 - 00003292 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 18:04 - 2015-10-30 01:11 - 00000000 ____D C:\Windows\CbsTemp
2017-01-19 17:50 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\AppReadiness
2017-01-19 17:41 - 2012-04-04 17:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-19 17:18 - 2015-12-27 15:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 17:18 - 2014-12-26 15:56 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-19 16:12 - 2014-12-26 16:56 - 00000000 ___RD C:\Users\maryclyne\iCloudDrive
2017-01-19 16:09 - 2004-08-28 18:12 - 00000000 ____D C:\TEMP
2017-01-19 16:07 - 2015-12-26 20:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-19 16:07 - 2015-12-26 19:19 - 00308432 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-19 16:05 - 2015-10-30 00:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-01-19 16:04 - 2015-12-26 19:30 - 00000000 ____D C:\Users\maryclyne
2017-01-19 15:45 - 2014-10-14 15:52 - 00000000 ____D C:\Users\maryclyne\AppData\Local\SlimWare Utilities Inc
2017-01-19 15:45 - 2013-11-17 16:31 - 00000000 ____D C:\Users\maryclyne\AppData\Local\NativeMessaging
2017-01-19 15:41 - 2015-12-27 10:03 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2017-01-19 15:05 - 2013-01-22 16:40 - 00000000 ____D C:\ProgramData\APN
2017-01-19 13:35 - 2012-11-19 11:09 - 00000000 ____D C:\Users\maryclyne\AppData\Local\Mozilla
2017-01-19 13:34 - 2012-01-22 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-19 13:29 - 2016-01-25 11:43 - 00000000 ____D C:\Users\maryclyne\AppData\Roaming\Mozilla
2017-01-19 13:26 - 2012-11-08 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-19 13:24 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\NDF
2017-01-19 13:19 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-19 13:09 - 2016-01-25 15:58 - 00000496 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2017-01-19 12:42 - 2015-12-26 19:28 - 01009692 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-19 12:42 - 2015-10-30 01:21 - 00000000 ____D C:\Windows\INF
2017-01-19 11:15 - 2011-10-22 12:16 - 00000000 ____D C:\Users\maryclyne\AppData\Local\ElevatedDiagnostics
2017-01-18 20:37 - 2016-01-25 11:51 - 00000600 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Genealogy, Family Trees and Family History Records online - Ancestry.com.website
2017-01-18 20:23 - 2013-09-27 19:15 - 00000000 ____D C:\Users\maryclyne\Documents\Family Tree Maker
2017-01-18 20:04 - 2015-12-26 21:00 - 00002425 _____ C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-18 20:04 - 2015-12-26 21:00 - 00000000 ___RD C:\Users\maryclyne\OneDrive
2017-01-18 19:58 - 2015-02-20 09:34 - 00000000 ____D C:\Users\maryclyne\Desktop\Wayne's droid
2017-01-18 19:50 - 2013-07-02 16:49 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-11 12:41 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 12:41 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-28 08:41 - 2016-07-07 14:23 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-12-28 08:41 - 2015-08-17 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-12-27 20:56 - 2010-11-20 21:47 - 00547216 _____ C:\Windows\PFRO.log
2016-12-27 20:55 - 2015-12-26 19:28 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000002.regtrans-ms
2016-12-27 20:48 - 2013-01-22 19:26 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-27 19:29 - 2014-12-26 16:55 - 00003506 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-12-23 09:25 - 2013-07-02 16:48 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-23 09:25 - 2013-07-02 16:48 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2012-07-28 11:53 - 2014-12-16 13:49 - 0000156 _____ () C:\Users\maryclyne\AppData\Roaming\default.rss
2013-01-23 18:51 - 2013-01-23 18:51 - 0000091 _____ () C:\Users\maryclyne\AppData\Roaming\mbam.context.scan
2014-11-05 15:09 - 2014-11-10 12:09 - 0000132 _____ () C:\Users\maryclyne\AppData\Roaming\WB.CFG
2012-07-01 13:41 - 2016-02-08 21:29 - 0004608 _____ () C:\Users\maryclyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-09 17:09 - 2014-11-09 17:09 - 0000001 _____ () C:\Users\maryclyne\AppData\Local\DSI.DAT
2012-11-05 14:34 - 2012-11-05 14:34 - 0000017 _____ () C:\Users\maryclyne\AppData\Local\resmon.resmoncfg
2014-12-29 15:03 - 2014-12-29 15:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-07-08 13:48 - 2012-11-06 18:36 - 0003044 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\maryclyne\DMOrganizer.dat


Some files in TEMP:
====================
C:\Users\maryclyne\AppData\Local\Temp\7E20.exe
C:\Users\maryclyne\AppData\Local\Temp\avguirn_081421086240.exe
C:\Users\maryclyne\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-19 10:38

==================== End of FRST.txt ============================

Link to post
Share on other sites

2nd log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by maryclyne (19-01-2017 18:24:20)
Running from C:\Users\maryclyne\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-27 02:50:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3304695931-2058254051-2897350217-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3304695931-2058254051-2897350217-503 - Limited - Disabled)
Guest (S-1-5-21-3304695931-2058254051-2897350217-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3304695931-2058254051-2897350217-1002 - Limited - Enabled)
maryclyne (S-1-5-21-3304695931-2058254051-2897350217-1000 - Administrator - Enabled) => C:\Users\maryclyne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden
3100_3200_3300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
3200 (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1424 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1424 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1124.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{A0158415-15CA-B2A0-928D-E755DD506C0D}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.6.0.592 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glance 2.9 (HKLM-x32\...\Glance_is1) (Version:  - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photo Imaging Software (HKLM-x32\...\HP Photo Imaging Software) (Version:  - )
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Explosion (HKLM-x32\...\{822944D4-BC5D-44AE-9315-16C174D318B0}) (Version: 4.0.0.12 - Nova Development)
Picture Window 4.0 (HKLM-x32\...\{4F8D3FF1-1A21-4425-8518-4FC135FE8A92}) (Version: 4.0.1.12 - Digital Light & Color)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.4.0 - Adlice Software)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scan PC software for KODAK Personal Photo Scanner (HKLM-x32\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.3.0 - Q)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundTrax (x32 Version: 4.0.18.0 - Nero AG) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> no filepath

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0943B3D0-C70E-4375-A073-CD5ABE17C78F} - System32\Tasks\{90B00CC0-3CC0-4D37-A7F3-E2AE07C02FA3} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com)
Task: {0D63C88F-1823-43D4-8DAF-F4FB7D136340} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {0D7F051F-EF10-4343-9A5B-E726A1D9E9F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0F2FA3A3-13B6-4786-B584-4B58670FED3C} - System32\Tasks\{0DEC06D1-BA89-4197-8393-389B1FEC454F} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com)
Task: {129957BE-D085-460A-B247-3D5668FFD063} - System32\Tasks\{221D4751-FAA3-46C7-B9E9-B9D15E02C829} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files (x86)\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
Task: {1356A73A-2B66-4C80-8D18-8D27EA89DE2F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {17089F56-BCE4-4805-B2FF-20B589C41A24} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {178B0944-DE02-4A0F-BD40-8130C8E208F4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1E0DF903-4635-4638-8513-8E2F410A701A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {1F077F7A-5C13-4056-A4A1-BFBD18CD6445} - System32\Tasks\{243E4A77-5CA0-4C66-A9B6-E9F4826C03B6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE [2007-04-09] (Microsoft Corporation)
Task: {1F7E5989-7B35-446A-8B7D-EF195F07AF3C} - System32\Tasks\{DBC67EE3-ED2C-4FF5-B4CD-0AC4343AB2A6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {2072669E-3884-4C4D-B81A-8A75FBC27D3D} - System32\Tasks\{628CB38B-7452-4B85-9A17-5AA912C544D5} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com)
Task: {224EFD0C-B680-4ABD-A853-DAA8CC9BFBAC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {24D00D6E-CBBD-423F-89A3-4C10EA6B3358} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {298A95B1-9368-4EEB-9B4F-DC5E60A3969B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
Task: {2C4E8127-BB81-443C-8029-93C369BAF703} - System32\Tasks\{14C17245-F2A9-4625-91AB-22A0A9109288} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {2D78E680-A02F-4C9E-A4A2-5541A60FB575} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {3418839B-88B9-4D1F-A0A7-85EE22212624} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {342274A7-62D2-47A6-B356-0C83120E3A29} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {349ADF61-3452-409B-8639-A18A6A977722} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3AF4E02B-1970-4850-A507-69697305082E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3B98C873-B4F0-496E-A2CB-DED757E12C3A} - System32\Tasks\{0C9460EF-948D-4868-B394-A3F0DC760C90} => pcalua.exe -a "C:\Program Files (x86)\Install Converter\Install_Converter.exe" -d "C:\Program Files (x86)\Install Converter"
Task: {4087C71B-B5BB-44CE-A305-E245061D480E} - System32\Tasks\{934D162F-3150-419A-937E-8116DF2005A6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {4704D7FD-7CE1-4D7F-8A1A-7C0594AF9CF1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {51B3E3AE-8C9D-427D-9562-80F7995B52B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {57DCDE58-2CD0-46B9-AF96-DCBE76A594CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {57EC3B17-B7F0-4DCF-B355-AC70A5843B63} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {57FC202B-950B-43C3-B900-C933B181A834} - System32\Tasks\{A29B6463-DE62-4E34-A89D-A5429355ADCF} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {5A3F6449-4BC0-4AD9-A58E-2E30FFE8D946} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {616DCBAE-3912-4E1F-BB44-3C06BAFA3AC2} - System32\Tasks\{490B122F-3E83-493B-B1DE-802A5F8003CA} => C:\FreeOCR\FreeOCR.exe
Task: {6CBA18DC-F61B-456C-B4CD-888F24B73AD9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {6D79435F-A7DE-4918-821D-716747492380} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {79F5D90E-B25D-4C51-95CE-E03BF4383CAF} - System32\Tasks\{2030E40D-4742-401C-8FA2-C71E8B78BF8A} => C:\FreeOCR\FreeOCR.exe
Task: {84E2B2AE-6E81-4B10-A762-6BA938A726B9} - System32\Tasks\{E42EDBFF-FE16-45E4-92FB-BB326C12CE1D} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {87250C94-033C-4766-9634-49B7A0840E35} - System32\Tasks\{5E16BE52-FB5C-4216-B8A2-780CD89685C9} => C:\FreeOCR\FreeOCR.exe
Task: {88876E95-5453-47BE-A7ED-33789F01C83B} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {88E80309-28DD-4FD5-ADEE-9EA63B4646CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8B2F49DB-3CF0-44EF-B2D8-FBB7318211AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {900DC5FA-7746-4E90-A830-15BC849B67FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {92CD9D2E-5451-4D43-9001-6FC244214B57} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {9518038E-C134-4D75-BF88-7B386347B507} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {96FC994D-F54E-4B90-94C3-A01DE458C12F} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {97069FF1-2079-4D52-97AF-75DD71A06373} - System32\Tasks\{0F6DEA0C-3876-4916-9E1A-3DC5A3C20851} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {98D92E22-78FC-4952-865C-8D1001959B85} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {993A2BE9-A6A6-4C50-9D6F-9A5A5A3F34DA} - System32\Tasks\{50389D1F-D20E-4183-B515-8BC23F385151} => E:\My Files\My Downloads\install_flash_player_ax.exe
Task: {9ACA9F84-3090-4DAC-9EA8-F4522FE1C626} - System32\Tasks\{58DE4CDA-16D7-4C31-94E6-D59A85D6167B} => C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe [2012-01-26] (Barnes & Noble, Inc.)
Task: {9DFE7699-6E67-401C-82B9-49C1D1B21BB2} - System32\Tasks\{03785062-BCB7-4763-A279-E8B0EB608670} => C:\FreeOCR\FreeOCR.exe
Task: {9F584F07-8D0A-459B-8134-E039681FC534} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {AB6019DB-F6D4-4E98-B541-8ACD71BB5702} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {AB769E0B-B037-4B6E-A470-A0B3C4781D06} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AD638837-326A-45F5-A531-D00CF517851B} - System32\Tasks\NeroLiveEpgUpdate-maryclyne-PC_maryclyne => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18] (Nero AG)
Task: {AF275449-D427-49E1-8042-BCBF71905D6F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B3BAFC73-C666-4389-AC4D-C974E2F85205} - System32\Tasks\{4DC94D3A-44DC-405C-B8A6-5D9214891642} => pcalua.exe -a D:\setup.exe -d D:\
Task: {B5976454-738A-4BDD-9600-9F352487DF84} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {B645446F-9BA2-420D-9ECC-E9F6497531C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B6CF8611-EC4E-4061-BC4F-E65CA93EFC7E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B7061A47-91B2-47FC-A1A1-BA26C2244EAC} - System32\Tasks\{3C9EFABC-BC97-484D-BA36-722397D33F19} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {BBC73CA3-9E55-4B89-BE38-143DA61B73AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {BC25C43B-77A3-4865-9F24-34B6EAC75154} - System32\Tasks\{84164796-CE53-4D82-8CB9-28CFEDAED3DE} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {BE95567A-868F-4DBD-B0AA-34AD0D6176EE} - System32\Tasks\{68C0DBDF-354D-4070-BBD9-DEE7AD503B28} => C:\FreeOCR\FreeOCR.exe
Task: {C26EF1EA-D903-4100-A576-3787E852F4CC} - System32\Tasks\{6935A943-51B5-46DE-B342-9FA05F45965E} => C:\Program Files\Family Tree Maker 2014\FTM.exe [2015-10-29] (Ancestry.com)
Task: {C29704AA-ACAC-4A6C-8A68-04907570D84F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C5444FAF-D423-49CD-B2B9-54756990C1B9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {CA842EDE-F67C-4DC6-AD8F-284307555278} - System32\Tasks\{11AADC47-A2B3-469A-AACF-504F57353C20} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {CE73AD1E-DBB5-481D-B6F6-9DD7450B5883} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {D5C3929C-0194-423F-9CB0-5473548812D8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D75B3F78-3B2E-4283-A357-B5497DDBF617} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DACA3D52-8725-49AB-92C0-E987DEC70BEA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E90C961F-CDEB-4A1E-84B4-F3E589913720} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {E97AB03C-51DA-4652-B4F3-944F35974EB4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F19F389A-2653-437F-9282-62404A92C88C} - System32\Tasks\{70215D4F-7167-4986-9D2D-673C43C3B98F} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {F1E7431C-4357-466C-941B-8C5B4305AF2D} - System32\Tasks\{36587F7D-BB5B-4589-8610-7CCB9DA74577} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {F44FE212-5936-42BE-B0F2-7A725B915EA8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F5470E9B-173B-4DA0-BCFC-138A4F7E22E9} - System32\Tasks\{A289A9F9-8EF0-46DD-A2F5-4574092FB457} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {F75BE5E2-788C-4CA0-ABAD-AFC5F9899368} - System32\Tasks\{8A725581-5E97-4BF7-8C31-E0E8571B438C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {FA06DEF5-D2CB-4754-9B8C-0C8F44F91C7B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FA1417D2-F88A-459C-8572-3AB3E6E3007D} - System32\Tasks\{973BCBA2-C895-4DBC-9547-8C0ADC4AE56E} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {FA90E967-B7BE-48B0-BD48-1060173239C9} - System32\Tasks\{10ADD658-9A2C-43F9-994C-2346F26F87D7} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {FB0040A5-3EC3-474F-89A2-DC2F32E3C8EF} - System32\Tasks\{A43A1EA8-5F1E-40A5-85CD-147076C063B6} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {FF56291F-811E-42E4-9F8D-ED01A8C1B4F3} - System32\Tasks\{73DF72D6-BFC0-4F01-B2D8-60C03CF438E8} => C:\Program Files (x86)\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [2007-04-09] (Microsoft Corporation)
Task: {FF9E4A1D-37FD-4513-B63D-81073DC3761D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\NeroLiveEpgUpdate-maryclyne-PC_maryclyne.job => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-01-19 13:34 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-19 13:34 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-19 13:34 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2012-03-27 15:54 - 2010-06-17 08:46 - 00093184 _____ () C:\Program Files (x86)\Scan PC\ScPCS64.exe
2016-07-30 09:53 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-07-30 09:53 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-12-26 21:10 - 2015-12-26 21:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-30 09:58 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-30 09:53 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-30 09:53 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-30 09:53 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-30 09:53 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-09 18:44 - 2016-09-07 14:07 - 01707080 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2016-01-25 12:39 - 2016-01-25 12:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2010-06-28 16:20 - 2010-06-28 16:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 16:12 - 2010-06-28 16:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-10-31 09:05 - 2013-10-31 09:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-12-28 08:37 - 2016-12-28 08:37 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2011-06-23 20:21 - 2009-05-20 16:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2016-01-25 12:39 - 2016-01-25 12:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-25 12:39 - 2016-01-25 12:39 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\maryclyne\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.reg: Regedit.Document =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4792 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3304695931-2058254051-2897350217-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scan PC.lnk => C:\Windows\pss\Scan PC.lnk.CommonStartup
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BringMeSports AppIntegrator 32-bit => C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: BringMeSports AppIntegrator 64-bit => C:\PROGRA~2\BRINGM~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: BringMeSports EPM Support => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: BringMeSports Search Scope Monitor => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{969973B0-7598-457E-AE8D-E111B4FD047F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{11B9EC44-0AFC-4390-B704-E867596DAD8F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9591AFA7-D3A1-4FA2-AA26-8F4F3C3FBAA5}] => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{ACB7B527-9692-45CA-BB7E-8299F7AC196B}] => LPort=5357
FirewallRules: [{3012DE9D-8B36-4A2F-BE95-9D134B6648D6}] => C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{2C357B8A-9154-40B4-A654-B62B96B7D534}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{ABF38FA3-0A19-44A2-9D1C-BD068D740DF7}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D7FCE6A6-41AC-48E8-8B9A-458A89E31569}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{88F4A63D-EF03-4DDE-8F70-B56CD7C18E43}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{DCCC0719-3048-4DFE-921F-ADC1A08ABA7D}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{1FCF2860-0B3B-45AA-BE2C-1940B61F0DB0}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{A324C362-EED1-40B2-B6DB-1A6D80114093}] => C:\Users\maryclyne\AppData\Local\Temp\7zS4793\HPDiagnosticCoreUI.exe
FirewallRules: [{56FF070A-D463-4D7A-9A3A-A8B9177466B4}] => C:\Users\maryclyne\AppData\Local\Temp\7zS4793\HPDiagnosticCoreUI.exe
FirewallRules: [{FC2EEC4E-7F1B-4EAC-93C3-C0C91E7593D3}] => C:\Users\maryclyne\AppData\Local\Temp\7zS3524\HPDiagnosticCoreUI.exe
FirewallRules: [{07B5AB8F-D63A-4EC0-A134-64F22B8C6772}] => C:\Users\maryclyne\AppData\Local\Temp\7zS3524\HPDiagnosticCoreUI.exe
FirewallRules: [{70F6CFA1-03B9-4302-86CD-AC10EB65A144}] => C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe
FirewallRules: [{2C57E084-F5C4-42BB-B0CE-388DF41B681B}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{36434DFA-ADE8-425A-872B-F56645046042}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{112FD457-3D7E-4DD0-BB22-9BC2B07658D8}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{2FB0B83A-8C4E-442E-AB5A-EFD2559EE6F0}] => C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{699607B1-9093-4AF3-9174-A6C09545A18B}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{B6AB620D-E81B-476C-9430-4109BDF82D1E}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{44B64FEF-5374-4088-8080-F93AD09FCD84}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{BF5BB368-04B6-42AC-82DA-4D5397A8C71B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{48A32EB9-541B-4396-97AA-94D175F4042E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B6509D9D-885C-4CF9-A4FC-32E2730FCA35}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B149F16F-7486-4B81-8B00-E8D000347CB2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{E78C71FC-3B14-4DE1-B629-D5A24E28F1AA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{B139A31E-B2D2-496A-BFE2-9C8B1EC76FFA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{CA6B04E8-854E-43A7-96A9-3240E41282C1}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{8B5FE821-282B-4F51-8512-F453C066B03A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{35BA3B84-3E96-480A-AF8A-35C31F91E07C}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{B49F7ECC-8D15-4BD4-8655-4706016DC2DB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{32EBC63B-D3FE-426A-9F00-A864790A1CD5}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{E92C5369-118F-49ED-890F-D4534396594B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E782DCC5-9BF1-43A5-829C-4C3DB17CA5D2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{B15BE39F-B37E-4D13-B5E1-DB62D3F408EA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{7843CFD2-48CC-499E-B8E1-7F5425456441}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{3D9E3D50-AF26-4A3B-90E4-B57D352BAC14}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{488773EB-DD12-4718-9E0C-684EAA5CF507}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{955FC20D-684C-452B-BDF9-5282A24D1B3B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{2E3B6824-4FC4-4F44-822E-F7D91D87BAA1}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{B438B11D-E5DE-4BB4-AE41-74722BC70F6F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0976330B-3E2E-4E7D-B607-39A0819D4491}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1405C72D-985A-4C39-8CBE-4F19C5B5E478}] => LPort=7000
FirewallRules: [{7EF58C20-E1AA-4186-8EF8-44C0CA09709E}] => LPort=7000
FirewallRules: [{E5539E5C-4FEB-4A63-9304-54E6B46BC7EC}] => C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{5B02E6D2-5606-4A26-904F-A66368F685BB}] => C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{5B4B6ED9-AA0E-4F83-B2E0-6B23FE8BD902}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EF0B3B96-11D1-4B34-9C84-494ABB1431E9}] => c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{C8B28F75-D0F7-4441-B6E0-F422D5B4B137}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{99F745CA-7426-4B1A-B994-26B5B4D65B84}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1CE3775E-B7F1-498E-B72E-0CD4E1E0BBAF}] => LPort=1900
FirewallRules: [{EBAB509F-E5A3-4F5C-8100-E40DC0935DE8}] => LPort=2869
FirewallRules: [{64C2E9DE-5D53-492D-B92A-B37608C3B569}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{96492B46-7074-4D87-9701-5B27CA7751D8}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{451F92F1-8D52-4978-BDB8-E5AD3354CE7D}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{89DB5EE8-41A1-4927-9AAF-67B8E370B436}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{F1A14C6F-6B28-4706-9B7E-6C7324D7B734}] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{7F33DE16-2219-4337-A7A9-448310803418}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4916451C-E384-4469-A9AB-E3D4912FAA16}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{83052505-3951-402D-B9FB-C10ED296554B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{760D945D-70E1-40A5-BD8C-2B7D23F90CE5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51C1DDDC-F2FF-4E94-A555-99F678C91904}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81BEA391-A982-4955-BC29-57CF11A06641}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E9B4F0A-F586-401D-9D40-5227AFBF41C1}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0EBD2EAF-9625-4C8E-B1CB-CC3321433717}] => C:\Users\maryclyne\AppData\Local\Temp\7zS7BB0\HPDiagnosticCoreUI.exe
FirewallRules: [{2759FF56-2DC6-46DC-9056-6420C102E291}] => C:\Users\maryclyne\AppData\Local\Temp\7zS7BB0\HPDiagnosticCoreUI.exe
FirewallRules: [{3BF722B8-1C2C-447C-8A3B-A755B11F66D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{56D9A094-2B5E-4C0A-89EB-35D6B088F63E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5C0CA0E4-E679-4DF9-8977-D762E16F6129}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C856E4EC-C671-4A5B-BC9F-9510D8FFF381}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{49691F78-A11B-4D79-B78F-658037419625}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B89B709D-5334-4FFD-B97F-DD8CFEF0856F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE28D09D-754B-4A5F-8017-B61498E074DA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2017 04:57:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\ScratchBox\ScratchBox.ocx.Manifest".
Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/19/2017 04:57:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\SoundBox\SoundBox.ocx.Manifest".
Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/19/2017 04:57:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\MultiChannelDll\MultiChannel.dll.Manifest".
Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/19/2017 04:57:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero SoundTrax\WEDll\waveedit.dll.Manifest".
Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/19/2017 04:53:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnap.exe.Manifest".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.

Error: (01/19/2017 04:33:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\MultiChannelDll\MultiChannel.dll.Manifest".
Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/19/2017 04:33:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero WaveEditor\WEDll\waveedit.dll.Manifest".
Dependent Assembly SMC,processorArchitecture="x86",type="win32",version="6.2.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/19/2017 04:29:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.

Error: (01/19/2017 04:29:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.

Error: (01/19/2017 04:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARYCLYNE-PC)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/19/2017 06:03:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2017 05:09:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2017 04:13:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The File History Service service hung on starting.

Error: (01/19/2017 04:11:20 PM) (Source: DCOM) (EventID: 10001) (User: MARYCLYNE-PC)
Description: Unable to start a DCOM Server: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca as Unavailable/Unavailable. The error:
"15616"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer

Error: (01/19/2017 04:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/19/2017 04:08:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

Error: (01/19/2017 04:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/19/2017 04:07:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (01/19/2017 04:07:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/19/2017 04:07:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.


CodeIntegrity:
===================================
  Date: 2017-01-19 15:55:09.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 15:55:09.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 15:55:08.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 13:29:08.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 13:29:08.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 13:29:08.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 11:54:24.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-19 11:52:01.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 11:52:01.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-19 11:21:28.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II N970 Quad-Core Processor
Percentage of memory in use: 80%
Total physical RAM: 3838.17 MB
Available physical RAM: 743.55 MB
Total Virtual: 7678.17 MB
Available Virtual: 4033.4 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.04 GB) (Free:244.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 38CCD7A3)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=449 MB) - (Type=27)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, continue as follows:
 
  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on hPxdDvj.png and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:
    user posted image
     
  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.


Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Uninstall the following using GeekUninstaller:

AVG
AVG SafeGuard toolbar
AVG Zen

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs in your next reply...

Thank you,

Kevin....

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.