Mark70
Members-
Posts
5 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Nothing showed up on My Fix list. FRST.txt- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017 Ran by Mark1 (administrator) on MARK1-HP (12-02-2017 14:47:15) Running from C:\Users\Mark1\Desktop Loaded Profiles: Mark1 (Available Profiles: Mark1 & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe () C:\Users\Mark1\AppData\Local\Amazon Music\Amazon Music Helper.exe (SAMSUNG Electornics Co., Ltd.) C:\Users\Mark1\AppData\Roaming\Verizon\UA_ar\UA.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxTsr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-15] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation) HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-07-23] (Acresso Corporation) HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Run: [Facebook Update] => C:\Users\Mark1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-05] (Facebook Inc.) HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [49152 2016-09-28] () HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2016-07-16] (Microsoft Corporation) HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Run: [GoogleChromeAutoLaunch_ABE6C767DBD8BD49225E2E344B30C5C7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.) HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Run: [Amazon Music] => C:\Users\Mark1\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-04-14] () HKU\S-1-5-21-3208214658-933763724-684603929-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File Startup: C:\Users\Mark1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-01] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Mark1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2016-11-19] ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Mark1\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 Tcpip\..\Interfaces\{9976f66d-abbb-4ea9-a7e1-15316685b6c9}: [DhcpNameServer] 208.180.42.68 208.180.42.100 Internet Explorer: ================== HKU\S-1-5-21-3208214658-933763724-684603929-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-3208214658-933763724-684603929-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie10 URLSearchHook: HKU\S-1-5-21-3208214658-933763724-684603929-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.) SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM -> {3E7AF644-EDA7-4C5A-BFC6-6AC477AF3EE2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {3E7AF644-EDA7-4C5A-BFC6-6AC477AF3EE2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> DefaultScope {1580417B-1418-4191-B383-8D2B15F31D4E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> DC68648CB86D46DEA697117C2BD76750 URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {111E385C-4F44-4801-9BAE-48B27EFA6EEB} URL = SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {1580417B-1418-4191-B383-8D2B15F31D4E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {1D59820D-A2CD-49C1-8CE4-C0C3E44F2DD2} URL = hxxp://www.flickr.com/search/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {2062167C-0F13-4375-8C21-5FCFCE615DD5} URL = hxxp://delicious.com/search?p={searchTerms} SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10 SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {3E7AF644-EDA7-4C5A-BFC6-6AC477AF3EE2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072613&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> {EEA1DC1C-E43A-4827-98FA-EA68D95830FE} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO: PriceMinus -> {4DDBEDC1-C35C-4169-826B-72C6A61420CD} -> C:\Program Files (x86)\PriceMinus\P6cG1XVKlOkHlf.x64.dll => No File BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll [2016-05-24] (Yahoo! Inc.) BHO-x32: PriceMinus -> {4DDBEDC1-C35C-4169-826B-72C6A61420CD} -> C:\Program Files (x86)\PriceMinus\P6cG1XVKlOkHlf.dll => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll [2016-05-24] (Yahoo! Inc.) Toolbar: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File IE Session Restore: HKU\S-1-5-21-3208214658-933763724-684603929-1001 -> is enabled. Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF DefaultProfile: 14kpefkc.default FF ProfilePath: C:\Users\Mark1\AppData\Roaming\Mozilla\Firefox\Profiles\14kpefkc.default [2016-01-19] FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Mark1\AppData\Roaming\Mozilla\Firefox\Profiles\14kpefkc.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-16] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3208214658-933763724-684603929-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mark1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-3208214658-933763724-684603929-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mark1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=0d59814a-4599-43f9-abbe-0c80259e753d&searchtype=hp&installDate=24/05/2013 CHR StartupUrls: Default -> "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=0d59814a-4599-43f9-abbe-0c80259e753d&searchtype=hp&installDate=24/05/2013","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072613","hxxp://websearch.thesearchpage.info/?pid=21329&r=2015/01/17&hid=8017350174916695253&lg=EN&cc=US&unqvl=74" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Mark1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File CHR Profile: C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default [2017-02-12] CHR Extension: (Popup Blocker (strict)) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefkmifgmaafnojlojpnekbpbmjiiogg [2017-02-11] CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2017-02-11] CHR Extension: (Google Drive) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Adguard AdBlocker) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-02-11] CHR Extension: (8-Ball Pool) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2016-12-21] CHR Extension: (Adobe Acrobat) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31] CHR Extension: (Best free games online) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebloljdjoljibdnklhefbdefolabkd [2015-05-26] CHR Extension: (Click&Clean) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-02-11] CHR Extension: (AdBlock) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31] CHR Extension: (Spell Checker for Chrome) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2015-05-26] CHR Extension: (HP Network Check Launcher) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-01-26] CHR Extension: (Grammarly for Chrome) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Chrome Media Router) - C:\Users\Mark1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06] CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hfimfliilbabfohebppnfomgjljicpdm] - C:\Program Files (x86)\MP3 Rocket\MP3RocketDownloader.crx [2013-01-16] CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation) R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-12] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation) S3 vvftUVC; C:\WINDOWS\system32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-12 14:40 - 2017-02-12 14:42 - 00049810 _____ C:\Users\Mark1\Desktop\Addition.txt 2017-02-12 14:39 - 2017-02-12 14:47 - 00027986 _____ C:\Users\Mark1\Desktop\FRST.txt 2017-02-12 14:39 - 2017-02-12 14:47 - 00000000 ____D C:\FRST 2017-02-12 14:37 - 2017-02-12 14:38 - 02421248 _____ (Farbar) C:\Users\Mark1\Desktop\FRST64.exe 2017-02-12 11:45 - 2017-02-12 11:45 - 00000000 ___HD C:\OneDriveTemp 2017-02-11 13:32 - 2017-02-11 13:32 - 00000000 ____D C:\Program Files (x86)\GUM944B.tmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-12 13:38 - 2016-12-02 19:39 - 00000000 ____D C:\Users\Mark1\AppData\Roaming\Kodi 2017-02-12 13:00 - 2014-05-15 08:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-12 12:56 - 2016-09-15 11:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-12 11:53 - 2015-10-30 11:38 - 00000000 ___RD C:\Users\Mark1\OneDrive 2017-02-11 14:24 - 2015-02-15 14:55 - 00000000 ____D C:\Users\Mark1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-02-11 13:53 - 2016-09-15 11:32 - 01644496 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-11 13:52 - 2016-09-15 14:14 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMark1 2017-02-11 13:52 - 2016-05-12 18:39 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMark1.job 2017-02-11 13:46 - 2016-09-15 14:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-11 13:46 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-11 13:46 - 2012-05-03 00:34 - 00000000 ____D C:\ProgramData\PDFC 2017-02-11 13:32 - 2016-09-15 14:14 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-02-11 13:32 - 2016-09-15 14:14 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-02-11 13:26 - 2012-05-03 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers 2017-02-07 19:39 - 2016-09-15 11:32 - 00000000 ____D C:\Users\Mark1 2017-02-06 17:54 - 2015-08-06 17:35 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 17:54 - 2013-07-15 02:00 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-06 15:50 - 2016-11-28 14:53 - 00184320 ___SH C:\Users\Mark1\Desktop\Thumbs.db 2017-01-27 17:43 - 2012-12-27 13:13 - 00000000 ____D C:\Users\Mark1\AppData\Local\ElevatedDiagnostics 2017-01-24 09:45 - 2014-04-19 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-01-24 09:45 - 2013-11-13 13:01 - 00000000 ____D C:\ProgramData\Oracle 2017-01-24 09:45 - 2013-06-25 08:21 - 00000000 ____D C:\Program Files (x86)\Java 2017-01-24 09:44 - 2014-10-20 09:27 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-01-20 14:33 - 2012-12-26 13:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-20 12:03 - 2015-09-23 09:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-18 17:30 - 2016-12-13 17:29 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-18 17:30 - 2015-08-06 18:34 - 00002405 _____ C:\Users\Mark1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-18 11:56 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-18 11:55 - 2013-04-03 14:31 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-01-14 13:05 - 2016-11-24 19:08 - 00000140 _____ C:\Users\Mark1\Desktop\New Text Document.txt ==================== Files in the root of some directories ======= 2013-02-19 19:28 - 2016-04-19 09:39 - 0002119 _____ () C:\Users\Mark1\AppData\Roaming\SAS7_000.DAT Some files in TEMP: ==================== 2016-09-15 17:05 - 2016-09-15 17:05 - 0741440 _____ (Oracle Corporation) C:\Users\Mark1\AppData\Local\Temp\jre-8u101-windows-au.exe 2016-10-24 13:58 - 2016-10-24 13:58 - 0737856 _____ (Oracle Corporation) C:\Users\Mark1\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-24 09:43 - 2017-01-24 09:43 - 0739904 _____ (Oracle Corporation) C:\Users\Mark1\AppData\Local\Temp\jre-8u121-windows-au.exe 2016-11-18 14:34 - 2016-05-28 15:55 - 1748144 _____ (SAMSUNG Electornics Co., Ltd.) C:\Users\Mark1\AppData\Local\Temp\LiveUpdater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-06 14:29 ==================== End of FRST.txt ============================ Addition.txt- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017 Ran by Mark1 (12-02-2017 14:48:01) Running from C:\Users\Mark1\Desktop Windows 10 Home Version 1607 (X64) (2016-09-15 20:23:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3208214658-933763724-684603929-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3208214658-933763724-684603929-503 - Limited - Disabled) Guest (S-1-5-21-3208214658-933763724-684603929-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3208214658-933763724-684603929-1002 - Limited - Enabled) Mark1 (S-1-5-21-3208214658-933763724-684603929-1001 - Administrator - Enabled) => C:\Users\Mark1 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Amazon Amazon Music) (Version: 4.3.0.1330 - Amazon Services LLC) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 3.1.0 - Amazon Services LLC) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden BlueStacks Packages (HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\BlueStacks Packages) (Version: - ) <==== ATTENTION CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.) Kodi (HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\Kodi) (Version: - XBMC-Foundation) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla) MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - ) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Unity Web Player (HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{D549825F-FB85-49F6-8075-79847871C246}) (Version: 2.16.1101 - Samsung Electronics Co., Ltd.) Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.) Vimicro USB2.0 UVC PC Camera (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo Inc.) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ZeoSpace (HKLM-x32\...\{bf871291-e41d-42d2-b12f-6dc83ec8c5fd}) (Version: 1.0.1676.0 - ZeoSpace Limited) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {05BE8D8B-C99A-4735-8C86-54E83F1E955B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {0C6CE9E5-B21D-4A69-AFE1-1BBBC523B3A0} - System32\Tasks\HPCeeScheduleForMark1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {1291DAB9-0FC5-4B00-9D8D-3F8338BFB7F2} - System32\Tasks\{1934539D-20AB-4EF5-BCB4-3E0CBFF8CF18} => C:\Users\Mark1\Desktop\ShowBox.exe Task: {1DA399E6-78E7-48FA-80EE-4CBA3859F4EC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation) Task: {1EE1272A-FCF6-4CF2-977F-FB6257548643} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {2A58FE4B-0A5E-48C7-9DC2-8C32CA9231E3} - System32\Tasks\{151CC756-2B8A-48A3-AA98-8E83227C7209} => C:\Users\Mark1\AppData\Roaming\Spotify\spotify.exe Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {36A28358-D9A7-4D08-AF90-EA7B54E5D0C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {36BD7F30-2433-466D-ACC5-A3B3EF9D5EFA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3208214658-933763724-684603929-1001Core => C:\Users\Mark1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-05] (Facebook Inc.) Task: {378CDE1E-BB4E-435B-93AB-3AEA6167A71A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {3BF56BFC-E2AC-4550-BD3F-E2061E3BB664} - System32\Tasks\{920F9E10-E030-4D03-B837-D196D3831CC0} => C:\Users\Mark1\Desktop\ShowBox.exe Task: {4091C293-F3C4-4781-82CF-0F5408A402FA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {55E49BFA-39AA-487A-B128-57C0DA0E9413} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {560E4AA3-7097-4A30-9694-488ED111AB33} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {61E8EB95-3FD8-4678-B0D5-C54A2268E2A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.) Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {6A573550-8492-4878-84FA-355AB6A42112} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {78310C07-4A6F-41E6-A530-2498B4AAEEFE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {7F0BAE54-718D-4A8D-9FBA-20FE11FBC7D5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {7FBDCBBA-7808-4617-AC75-3B59A4E69540} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Mark1\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {89197CDE-F01B-4AEE-9F09-28B6550BB76F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {8D5EE7A5-EECB-4572-A76F-70247D194F37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.) Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {901CECBE-94F3-434E-9D3B-3783C2E8EFF3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {9C3C844A-684B-4721-9162-7C9F4CB314E5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {9EE1E618-3594-4EAA-94C3-3A1E353644C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {A1C90E98-30C4-4428-8365-D55182E69A33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A6C07FBC-B0B8-473F-B671-3969A3D19F2A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A762D239-E48B-4223-8A3E-047A1158CA95} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {A906970B-085C-4F73-9078-FBDE135A7C7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated) Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {AE21CDC6-26E0-45E3-BD06-9564E2A97C21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {B645A756-BE1B-413E-83F3-A6199D45C08F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B83C3F2C-697D-4AF4-A805-DD111135B0A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {CEA24990-58B8-4B33-A321-44D7F94A53B1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3208214658-933763724-684603929-1001UA => C:\Users\Mark1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-05] (Facebook Inc.) Task: {D0679FE0-AF9F-4669-B2A9-B73604CFC6E8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {DB06F773-35B8-47F3-A40E-E374219B6D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {EF41D008-09A1-40C1-9393-C9409129DDDD} - System32\Tasks\{61E3DAEF-1D9A-49D1-9E04-846729243B75} => C:\Users\Mark1\AppData\Roaming\Spotify\spotify.exe Task: {F0A3B281-9428-419C-937A-492AA9020827} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F2043E33-7FB2-40D6-8CF6-863F8EAA0F50} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {F65D144A-5CC0-425D-B25F-DB51C994B6A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3208214658-933763724-684603929-1001Core.job => C:\Users\Mark1\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3208214658-933763724-684603929-1001UA.job => C:\Users\Mark1\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForMark1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Mark1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Plex.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fpniocchabmgenibceglhnfeimmdhdfm ==================== Loaded Modules (Whitelisted) ============== 2014-03-23 08:49 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-09-29 14:19 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-09-29 14:19 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-29 14:19 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-07-26 06:48 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-07-16 05:42 - 2016-07-16 05:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-09-15 14:20 - 2016-09-15 14:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-09-29 14:18 - 2016-09-15 10:39 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-09-29 14:19 - 2016-09-15 10:24 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-29 14:19 - 2016-09-15 10:18 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-29 14:19 - 2016-09-15 10:17 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-09-29 14:19 - 2016-09-15 10:18 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-09-29 14:19 - 2016-09-15 10:18 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-29 14:19 - 2016-09-15 10:20 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-28 10:50 - 2016-09-28 11:20 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-09-28 10:50 - 2016-09-28 11:20 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-09-28 10:50 - 2016-09-28 11:20 - 35250688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2015-08-06 18:39 - 2015-08-06 18:39 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-01-15 21:29 - 2016-04-14 18:44 - 05907944 _____ () C:\Users\Mark1\AppData\Local\Amazon Music\Amazon Music Helper.exe 2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2016-08-16 06:31 - 2016-08-16 06:31 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-16 06:31 - 2016-08-16 06:31 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-03 09:25 - 2016-06-03 09:25 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-03-03 11:03 - 2016-03-03 11:03 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-09-20 07:05 - 2016-09-20 07:05 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2017-02-06 17:54 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-06 17:54 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [474] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3208214658-933763724-684603929-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark1\OneDrive\skins\16299553_1841867202767542_5326100919150248111_n.jpg DNS Servers: 208.180.42.68 - 208.180.42.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk" HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\StartupApproved\Run: => "Speech Recognition" HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\StartupApproved\Run: => "TWC.Win7" HKU\S-1-5-21-3208214658-933763724-684603929-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [{5CC6958E-02D2-46BA-AFF3-AB1D52349443}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{984A6164-9BA1-492C-BAA1-7BB4335908E5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{03C13BD4-FF0D-44C4-BA20-BD576CBDB058}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe FirewallRules: [TCP Query User{5885145F-23B7-4FAD-B7C8-A3A6DBF518C6}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe FirewallRules: [{BC075065-04D7-4771-BF2F-5AF3D1AE5B8F}] => C:\Users\Mark1\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [UDP Query User{5795BAA3-C5E0-48E3-BDD9-47BA59BF6FF8}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe FirewallRules: [TCP Query User{B5ED06A8-B177-4D70-BB43-80E32425729B}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe FirewallRules: [{2E6D8592-2328-441C-90BA-B9AF6689E38D}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [UDP Query User{52AC87D5-7387-4F82-AC88-40BBFACEBBF6}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{A4079305-5A03-44B4-8A0C-61460E4EE4E5}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{B696C4D2-23A5-4A9C-A5D8-D5F82A47A9B1}C:\users\mark1\appdata\roaming\spotify\spotify.exe] => C:\users\mark1\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{F748790F-1907-47A8-8AB2-204DA330C780}C:\users\mark1\appdata\roaming\spotify\spotify.exe] => C:\users\mark1\appdata\roaming\spotify\spotify.exe FirewallRules: [{A6187E01-4107-4228-942F-6C392330937B}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe FirewallRules: [{7BF33579-94DB-4EB6-9A53-264776AF40B7}] => C:\Users\Mark1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{2C5598CB-D182-4431-9DB5-48246DDEF72C}] => LPort=37675 FirewallRules: [{DC5E244C-7AD7-45B4-9A2A-18802B7AC106}] => LPort=37674 FirewallRules: [{6166037D-667B-4A1D-80D3-1C1F510347F1}] => LPort=37674 FirewallRules: [{DD06FC65-41DB-483C-AA60-A697E3E70238}] => LPort=443 FirewallRules: [{16787961-8454-4F75-9BD8-58027447152E}] => LPort=443 FirewallRules: [{AE9BB993-4A77-4D7D-9DE0-37B42AFF7997}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{283ED636-5BAC-4398-94CC-DBB3ED4A8268}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{54825EAB-F499-42FB-8340-6D10EBD409E4}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{CF0B0E13-70FE-4998-B5C8-D27CEF62CA7D}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{3E29A88F-6707-4FAE-8800-0F3437442AC8}] => LPort=1900 FirewallRules: [{289CA4F1-C7CA-4616-B5C9-B0574767545A}] => LPort=2869 FirewallRules: [{7C7FBC1D-E789-4094-9312-E3B245DA8076}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{0D8B8B20-016B-420A-9E21-1971AD5DD27B}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{4896CD5F-E68E-489C-B008-474852CE0E8F}] => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{62528F00-6333-46DF-955F-304D2DAE1F53}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{39A14EC7-99EC-485B-9B65-DF9C7E6075CB}] => C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{0E69F7DC-B0EE-4964-A60F-D676B1990596}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BBE4EB6A-E2BA-4DE3-9848-1173F3F71F30}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{9B89CF4A-D57F-42A2-9000-993F218EE44F}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{F73C2112-8FD0-4471-A3B5-3AFD6F319F6E}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{C9428818-5E05-4274-AB78-46C2A3DED606}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{22A70E7F-B9E9-46C9-A7C0-B4C80541DB7C}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [TCP Query User{A9433658-E31B-42E7-8B43-C45CF4CED1C2}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [UDP Query User{9814F29D-6F78-463D-9E51-5DF468BE8413}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [TCP Query User{23F94152-EBC2-46ED-8571-33212E75BC3E}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{EC4825D0-151A-4775-B0B4-05D9B44D8DCF}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe FirewallRules: [{07E1ACAA-395A-4ABB-82E5-25B0233EE5BF}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 25-01-2017 15:03:45 Scheduled Checkpoint 03-02-2017 15:09:52 Scheduled Checkpoint 11-02-2017 13:24:54 Removed Blio. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/12/2017 01:38:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Kodi.exe, version: 16.1.0.0, time stamp: 0x571c922e Faulting module name: python27.dll, version: 2.7.8150.1013, time stamp: 0x53b1ecd6 Exception code: 0x40000015 Fault offset: 0x001161bb Faulting process id: 0x1e44 Faulting application start time: 0x01d285677401caea Faulting application path: C:\Program Files (x86)\Kodi\Kodi.exe Faulting module path: C:\Program Files (x86)\Kodi\python27.dll Report Id: 1186d164-3dc1-4428-9af2-3c8e9182d3eb Faulting package full name: Faulting package-relative application ID: Error: (02/12/2017 12:19:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/11/2017 01:25:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (02/11/2017 12:19:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/10/2017 04:50:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Mark1-HP) Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend. Error: (02/10/2017 12:19:51 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/09/2017 12:19:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/08/2017 12:19:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/07/2017 12:19:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/06/2017 12:19:53 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (02/12/2017 11:44:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/12/2017 11:18:03 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/11/2017 04:06:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (02/11/2017 01:48:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/11/2017 01:46:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (02/11/2017 01:46:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroupListener service terminated with the following service-specific error: %%2147944153 = There are no more endpoints available from the endpoint mapper. Error: (02/11/2017 12:39:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/10/2017 09:19:00 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (02/10/2017 09:18:48 PM) (Source: DCOM) (EventID: 10010) (User: Mark1-HP) Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout. Error: (02/10/2017 09:18:48 PM) (Source: DCOM) (EventID: 10010) (User: Mark1-HP) Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2017-02-12 12:22:55.558 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-12 12:22:55.514 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-12 12:22:55.491 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-12 12:22:31.134 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-12 12:22:31.092 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-12 12:22:31.069 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-10 17:09:09.680 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-10 17:09:09.677 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-10 17:09:09.667 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-10 12:23:42.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz Percentage of memory in use: 57% Total physical RAM: 4002.55 MB Available physical RAM: 1684.32 MB Total Virtual: 4386.55 MB Available Virtual: 1485.53 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:448.24 GB) (Free:367.33 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:16.86 GB) (Free:2.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9426B878) Partition: GPT. ==================== End of Addition.txt ============================
-
I'm also running Malwarebytes. and I keep getting these {Malicious website blocked} Epicunitscan.info . I've ran multiple scans on my PC and it shows 0 threats Found. is it a Real threat? and how do I get it off My Chrom Browser.
-
Not sure what i'm doing Wrong? but both links aren't working.
-
I'm having the Same issue. How to Resolve this Problem???