Solved Mal/Adware... I loathe you

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dlsully

Thread Starter
Joined
Nov 4, 2008
Messages
62
Fairly new desktop has a bug, virus, or malware. Websites and pages have multiple underlined words that link to advertisements as well as the horrid pop-up insinuating that the owner need to call a special number to have their computer fixed! Also random and spontaneous videos pop up in new windows. Crazy!! Please help me get rid of this. Currently the only virus scan I use is Windows Defender, however log shows it is disabled... husband must have done that. I am enabling it now.

These issues appear in Firefox. Not sure about IE

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 8097 Mb
Graphics Card: Intel(R) HD Graphics 4400, 1024 Mb
Hard Drives: C: Total - 936418 MB, Free - 859240 MB; D: Total - 15482 MB, Free - 1909 MB;
Motherboard: Hewlett-Packard, 2AF7
Antivirus: Windows Defender, Disabled

Thank you in advance.
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Hi dlsully,
Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

    - Save ALL Tools to your Desktop-
    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
    Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.
    Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    Internet Explorer - Click the Tools menu in the upper right-corner of the browser.
    Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Let's get started....

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

  • Double click the FRST file on your desktop to start it loading. When the tool opens click Yes to UAC prompt / disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply. (You can use two posts if that is easier for you; I don't mind that.)
 

dlsully

Thread Starter
Joined
Nov 4, 2008
Messages
62
Here are the logs:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2016
Ran by DoyleandDeborah (20-08-2016 19:28:15)
Running from C:\Users\DoyleandDeborah\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-04 13:52:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-735262800-3402139366-674106683-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-735262800-3402139366-674106683-503 - Limited - Disabled)
DoyleandDeborah (S-1-5-21-735262800-3402139366-674106683-1001 - Administrator - Enabled) => C:\Users\DoyleandDeborah
Guest (S-1-5-21-735262800-3402139366-674106683-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-735262800-3402139366-674106683-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Amazon Music (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Amazon Amazon Music) (Version: 3.11.5.1140 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.82.2.30772 - AVG Technologies)
AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Extended Update (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Flickr Uploadr for Windows (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\FlickrUploadrWindows) (Version: 1.0.1.292 - Flickr)
FMW 1 (Version: 1.112.3 - AVG Technologies) Hidden
GenoPro 3.0.0.6 (HKLM-x32\...\GenoPro) (Version: - GenoPro Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.21.0.5387 (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\GoToMeeting) (Version: 7.21.0.5387 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.27.17 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.26.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smilebox (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Smilebox) (Version: 1.0.0.28051 - Smilebox, Inc.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
World Truck Racing (x32 Version: 3.0.2.118 - WildTangent) Hidden
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-735262800-3402139366-674106683-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-735262800-3402139366-674106683-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\1831\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2CF399F9-06DD-491E-AD05-12003AC72E64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {322EAC53-DAEB-4C39-94EB-5A4A9DC0F8D9} - System32\Tasks\HP AR Program Upload - 3be8675d5897481c8a6d730a3844451a9d078877dca94ff198c85997f0b7101c => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {3367D705-9AD5-424D-93F5-AF2455DE8B2F} - System32\Tasks\HP AR Program Upload - 32adddac79574d6193d8e40b1285991f2e8b266818074ebeb662730a86b9f7f1 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {3DC75A85-AEEE-4633-8EAD-B8D5136674DB} - System32\Tasks\HP AR Program Upload - 4ac7f944bbe4423b82dee8778c4af3b842dd72b3ec274fa8895bbf5158992e19 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {3F331DDC-A4A6-4F70-B2A0-33F388569221} - System32\Tasks\WSE_Astromenda => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {41A00FF0-C3C1-4E26-86D9-A4BD900D2ADC} - System32\Tasks\HP AR Program Upload - 02626b69d71642fcb12510fcf675c61e28f45ba20a4c4d8297083454f9076bce => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {424D3916-DEC6-40C2-9386-F368A19D3841} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4CFEA7EB-B67D-473A-9C4F-51C34FC74CB6} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {500D7619-69EA-45CA-BFF0-A61169B3437A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {566C34CC-3911-487D-9051-2C791EFCD6A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5C5AB699-F1EF-46C6-9C9A-5CC578FFA692} - System32\Tasks\HP AR Program Upload - 24a7a41d76f4491693abb86ec19945fe8962c67310a6477e9475297fc450aa59 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {5FAC844B-B9C8-4C94-829E-9C2FD82D5DD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {61F08F27-9518-4293-B1D2-334859D0C596} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {645EFF9A-BC04-4F3D-AB29-A1D59AFBA745} - System32\Tasks\HP AR Program Upload - 6a5221f93b2d4c1a93817a9034a9bed457a10a98d4d04dde8c3c08349761e526 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {6537C401-CA01-4B59-9579-22D06A73EDFD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {66C269E3-F79F-425E-8885-E0650A0C600D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6C184734-D060-4FF3-B854-0208A3BDA014} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {719EB093-1FE5-424F-AF0A-C93AC7AADDCB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {71C0C6F6-1180-4707-8D52-000336DC0154} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {775746D4-BA83-4536-9132-2B4951BF8BDE} - System32\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001 => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe [2016-08-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {866C7B3C-5068-4BB8-9113-DEFB4ACD715E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-07-08] (Apple Inc.)
Task: {8D576487-53C9-4346-8DAD-604C866D0DA2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {8F8B4CCA-6C38-4280-9C4C-19315D76CA21} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {95914A93-C79D-4953-8B23-BD3FD87601D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A0F9E79-B387-4743-A1C1-03F05C81D8FC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9F66803E-B584-46AF-8FAD-3CE61634CA59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9FF15B4A-1994-4896-AE02-AB0BF15052B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {A336E461-039D-4F03-92BF-E6586F1C9CBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A3653090-0F80-4842-941A-F7D1BECFEB47} - System32\Tasks\HP AR Program Upload - 38554900d65a48ee8b79365c17e92443626edf8701a248bc9a7b6bb4742bc99f => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {B147B0D4-7E39-4CEE-B5B6-3D5BDC89E384} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B4FEE773-3432-4AE2-89C1-E324E876D8F0} - System32\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BAD77D4B-9282-44B7-BA51-02AB3E3888E7} - System32\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001 => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe [2016-08-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BEDEB6FC-0E10-4B3C-ACCF-A8493843965D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {CDCB24BB-56D0-4557-8D9D-4999D0ADCED0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {D49F7653-457F-4592-8FDE-7C3BEAA61D07} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {DB4C0C09-7ACB-40DF-B729-B6C90EDAC792} - System32\Tasks\HPCeeScheduleForDoyleandDeborah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DDD09582-3BD6-4323-9B7A-628FFC8D8B38} - System32\Tasks\UpdaterEX => C:\Users\DoyleandDeborah\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {E5A1CF02-0B05-40C5-B03A-5EEEECD7DFD0} - System32\Tasks\HP AR Program Upload - 1f71b63f35bb44b28406ab8025134314227f19699185439ea37883b29b66c32c => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {EB8ACCFD-80DC-48D6-A3C1-A849D12A64DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EE5E8B5B-B6DC-4796-879F-C381BE02DBEC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F3A0931F-18F9-4992-8490-0DE9B6597A7B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F9BAE865-F8AC-4DF3-AB7F-31D100F77D4A} - System32\Tasks\HP AR Program Upload - 0330fbfe710845b78cef6366ca944fdf70446766441c4245ad2f1adeb5c1d269 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {FFDB7CC7-CDE5-4C4C-9830-1A591FDC43C7} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001.job => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001.job => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDoyleandDeborah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job =>
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-09-05 04:24 - 2013-09-05 04:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 04:21 - 2013-09-05 04:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 04:21 - 2013-09-05 04:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 04:21 - 2013-09-05 04:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 04:36 - 2013-09-05 04:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 04:36 - 2013-09-05 04:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-05 04:22 - 2013-09-05 04:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 04:24 - 2013-09-05 04:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-13 05:11 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 05:11 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-07-13 05:11 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 21:09 - 2016-05-19 21:09 - 00959168 _____ () C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-01-04 08:21 - 2016-01-04 08:21 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 05:13 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2013-09-05 04:31 - 2013-09-05 04:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-11-23 14:31 - 2015-11-18 15:36 - 05890368 _____ () C:\Users\DoyleandDeborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-04-18 14:30 - 2016-04-18 14:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-09-09 23:29 - 2015-09-09 23:29 - 00117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2016-07-13 05:12 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 05:11 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 05:12 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 05:12 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-19 21:09 - 2016-05-19 21:09 - 00679624 _____ () C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-09 14:32 - 2013-08-05 01:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-18 14:30 - 2016-04-18 14:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 14:30 - 2016-04-18 14:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-11-07 21:19 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-735262800-3402139366-674106683-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DoyleandDeborah\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{3dabeb7d-7bf6-4a88-8976-cf146ab9ba91}.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "SmileboxTray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1FEEED91-0E43-4F4F-8339-ACE5933D9F00}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0A6D86A9-F0B2-41B4-AA29-D32C060F08B9}] => (Allow) LPort=5357
FirewallRules: [{892D17CB-EACC-404D-B3C5-ED555B4A4C3A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{14C43C80-A7C7-40E6-B1B6-D39C4F798FA9}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{7B3E1942-B3FA-45C7-BCFC-26F741E02F02}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{B7D0724A-038B-4C61-8037-3F3CCA72E1A1}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{D9BE2CE5-89A2-46F9-8013-512C64CE02DD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{4E079BCD-083C-41C2-8F00-335B5FC42863}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{EEC319A6-3D8C-41CF-B3E7-ECD1788A49E7}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C7A613C1-4236-43DC-8580-0D077382A646}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{A0B6D8F3-974E-427C-BCF6-78863C8BDBBA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{A746BFA8-81BD-449F-A57F-8F6A56A89C93}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{55A1CC8B-F5B2-4F89-B934-BB6B92F98F77}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{72677A2F-7F3C-4F05-9606-5B05DE0883F4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7B65913D-81D5-4B3B-8940-ACB71D3BDD6B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{C4F0D8DB-C0FE-4DF4-9A78-7115A3E450B3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9DAB443F-3D24-4B13-83DF-82279667C913}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{305CD357-8836-49C7-B656-CFC4822BD1EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0C7E82D1-277F-429A-AB32-ACD501EFC554}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{881CBB5C-C86A-4A51-A106-8D2748BC30DE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E3A15D26-8CDC-430C-994A-673FD21B675E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A6C1B007-B7FE-4110-AC68-7251920DEBCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99B535CD-C1BD-45B1-BE06-50B40EEFC899}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D10D0275-9856-4954-A494-D749355E066D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5A65F0F9-68C5-45EB-BC7D-07150D68119F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D90B6743-78C0-4E0E-9852-10D9E94B94D3}] => (Allow) LPort=2869
FirewallRules: [{723A8167-2641-4F10-9842-E23C4C7E4959}] => (Allow) LPort=1900
FirewallRules: [{308A4F8D-4A9C-46B6-833D-8A0E1D415653}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2DB439F3-85C8-49A2-AC45-AFE81F663070}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CDC9F240-D253-466D-9A2C-88AF1535678C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CC59BD60-6062-4863-AA1C-B99498A7D635}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BB6AD5C6-DBDA-4ED8-A394-D5ACA808E8E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01B9E0C0-B51A-4FF6-9707-F5C4577086D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0C164CF-FFBA-45E7-AE02-8FE45ACDE053}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C972E197-3353-42C5-A624-CB49A5C0E41B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{B469A74A-B1B8-46C6-907C-87F1262B05D2}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{9A59536C-FFB7-4703-95C7-5A1D5A4FE616}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{3D916217-D833-4D2C-B4B6-FFA34CBE1BFC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{39C5F3A3-CD05-4BED-A6F1-DC4F274A5D2B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F8982055-FBC2-4872-9415-A1DF29DE9FFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5BBFBE71-F02F-4F59-87B9-A34D6C363135}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0EEF1566-D582-4D14-9D22-939A8BE05E0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F99117F-4250-45EF-B5C6-595D850B2E27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

05-08-2016 21:09:00 Windows Update
10-08-2016 05:03:44 Windows Update
13-08-2016 08:53:47 Windows Update
17-08-2016 05:43:34 Windows Update
20-08-2016 09:03:43 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2016 05:56:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/20/2016 09:03:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/19/2016 09:44:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/19/2016 08:05:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 10:50:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 10:50:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 09:50:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 09:22:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 09:20:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 07:23:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/20/2016 06:59:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 5 time(s).

Error: (08/20/2016 01:50:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 4 time(s).

Error: (08/20/2016 11:15:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).

Error: (08/20/2016 09:04:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Enterprise WSD Multi-Function Printer, Other hardware - Null Fax - HP Officejet 4630 series.

Error: (08/20/2016 12:57:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).

Error: (08/20/2016 12:51:40 AM) (Source: DCOM) (EventID: 10016) (User: OFFICE-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Office-pcDoyleandDeborahS-1-5-21-735262800-3402139366-674106683-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/20/2016 12:51:40 AM) (Source: DCOM) (EventID: 10016) (User: OFFICE-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Office-pcDoyleandDeborahS-1-5-21-735262800-3402139366-674106683-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/20/2016 12:45:59 AM) (Source: DCOM) (EventID: 10016) (User: OFFICE-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Office-pcDoyleandDeborahS-1-5-21-735262800-3402139366-674106683-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/19/2016 10:21:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2016 08:10:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Enterprise WSD Multi-Function Printer, Other hardware - Null Fax - HP Officejet 4630 series.


CodeIntegrity:
===================================
Date: 2016-08-20 00:45:24.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.672
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.533
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.523
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.892
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.832
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:29:18.364
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8097.27 MB
A
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2016
Ran by DoyleandDeborah (20-08-2016 19:28:15)
Running from C:\Users\DoyleandDeborah\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-04 13:52:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-735262800-3402139366-674106683-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-735262800-3402139366-674106683-503 - Limited - Disabled)
DoyleandDeborah (S-1-5-21-735262800-3402139366-674106683-1001 - Administrator - Enabled) => C:\Users\DoyleandDeborah
Guest (S-1-5-21-735262800-3402139366-674106683-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-735262800-3402139366-674106683-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Amazon Music (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Amazon Amazon Music) (Version: 3.11.5.1140 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.82.2.30772 - AVG Technologies)
AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Extended Update (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Flickr Uploadr for Windows (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\FlickrUploadrWindows) (Version: 1.0.1.292 - Flickr)
FMW 1 (Version: 1.112.3 - AVG Technologies) Hidden
GenoPro 3.0.0.6 (HKLM-x32\...\GenoPro) (Version: - GenoPro Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.21.0.5387 (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\GoToMeeting) (Version: 7.21.0.5387 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.27.17 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.26.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smilebox (HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Smilebox) (Version: 1.0.0.28051 - Smilebox, Inc.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
World Truck Racing (x32 Version: 3.0.2.118 - WildTangent) Hidden
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-735262800-3402139366-674106683-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-735262800-3402139366-674106683-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\1831\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2CF399F9-06DD-491E-AD05-12003AC72E64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {322EAC53-DAEB-4C39-94EB-5A4A9DC0F8D9} - System32\Tasks\HP AR Program Upload - 3be8675d5897481c8a6d730a3844451a9d078877dca94ff198c85997f0b7101c => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {3367D705-9AD5-424D-93F5-AF2455DE8B2F} - System32\Tasks\HP AR Program Upload - 32adddac79574d6193d8e40b1285991f2e8b266818074ebeb662730a86b9f7f1 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {3DC75A85-AEEE-4633-8EAD-B8D5136674DB} - System32\Tasks\HP AR Program Upload - 4ac7f944bbe4423b82dee8778c4af3b842dd72b3ec274fa8895bbf5158992e19 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {3F331DDC-A4A6-4F70-B2A0-33F388569221} - System32\Tasks\WSE_Astromenda => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {41A00FF0-C3C1-4E26-86D9-A4BD900D2ADC} - System32\Tasks\HP AR Program Upload - 02626b69d71642fcb12510fcf675c61e28f45ba20a4c4d8297083454f9076bce => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {424D3916-DEC6-40C2-9386-F368A19D3841} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4CFEA7EB-B67D-473A-9C4F-51C34FC74CB6} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {500D7619-69EA-45CA-BFF0-A61169B3437A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {566C34CC-3911-487D-9051-2C791EFCD6A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5C5AB699-F1EF-46C6-9C9A-5CC578FFA692} - System32\Tasks\HP AR Program Upload - 24a7a41d76f4491693abb86ec19945fe8962c67310a6477e9475297fc450aa59 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {5FAC844B-B9C8-4C94-829E-9C2FD82D5DD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {61F08F27-9518-4293-B1D2-334859D0C596} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {645EFF9A-BC04-4F3D-AB29-A1D59AFBA745} - System32\Tasks\HP AR Program Upload - 6a5221f93b2d4c1a93817a9034a9bed457a10a98d4d04dde8c3c08349761e526 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {6537C401-CA01-4B59-9579-22D06A73EDFD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {66C269E3-F79F-425E-8885-E0650A0C600D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6C184734-D060-4FF3-B854-0208A3BDA014} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {719EB093-1FE5-424F-AF0A-C93AC7AADDCB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {71C0C6F6-1180-4707-8D52-000336DC0154} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {775746D4-BA83-4536-9132-2B4951BF8BDE} - System32\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001 => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe [2016-08-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {866C7B3C-5068-4BB8-9113-DEFB4ACD715E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-07-08] (Apple Inc.)
Task: {8D576487-53C9-4346-8DAD-604C866D0DA2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {8F8B4CCA-6C38-4280-9C4C-19315D76CA21} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {95914A93-C79D-4953-8B23-BD3FD87601D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A0F9E79-B387-4743-A1C1-03F05C81D8FC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9F66803E-B584-46AF-8FAD-3CE61634CA59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9FF15B4A-1994-4896-AE02-AB0BF15052B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {A336E461-039D-4F03-92BF-E6586F1C9CBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A3653090-0F80-4842-941A-F7D1BECFEB47} - System32\Tasks\HP AR Program Upload - 38554900d65a48ee8b79365c17e92443626edf8701a248bc9a7b6bb4742bc99f => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {B147B0D4-7E39-4CEE-B5B6-3D5BDC89E384} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B4FEE773-3432-4AE2-89C1-E324E876D8F0} - System32\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BAD77D4B-9282-44B7-BA51-02AB3E3888E7} - System32\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001 => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe [2016-08-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BEDEB6FC-0E10-4B3C-ACCF-A8493843965D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {CDCB24BB-56D0-4557-8D9D-4999D0ADCED0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {D49F7653-457F-4592-8FDE-7C3BEAA61D07} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {DB4C0C09-7ACB-40DF-B729-B6C90EDAC792} - System32\Tasks\HPCeeScheduleForDoyleandDeborah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DDD09582-3BD6-4323-9B7A-628FFC8D8B38} - System32\Tasks\UpdaterEX => C:\Users\DoyleandDeborah\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {E5A1CF02-0B05-40C5-B03A-5EEEECD7DFD0} - System32\Tasks\HP AR Program Upload - 1f71b63f35bb44b28406ab8025134314227f19699185439ea37883b29b66c32c => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {EB8ACCFD-80DC-48D6-A3C1-A849D12A64DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EE5E8B5B-B6DC-4796-879F-C381BE02DBEC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F3A0931F-18F9-4992-8490-0DE9B6597A7B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F9BAE865-F8AC-4DF3-AB7F-31D100F77D4A} - System32\Tasks\HP AR Program Upload - 0330fbfe710845b78cef6366ca944fdf70446766441c4245ad2f1adeb5c1d269 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {FFDB7CC7-CDE5-4C4C-9830-1A591FDC43C7} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001.job => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001.job => C:\Users\DoyleandDeborah\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDoyleandDeborah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job =>
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-09-05 04:24 - 2013-09-05 04:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 04:21 - 2013-09-05 04:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 04:21 - 2013-09-05 04:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 04:21 - 2013-09-05 04:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 04:36 - 2013-09-05 04:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 04:36 - 2013-09-05 04:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-05 04:22 - 2013-09-05 04:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 04:24 - 2013-09-05 04:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-13 05:11 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 05:11 - 2016-06-30 22:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-07-13 05:11 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 21:09 - 2016-05-19 21:09 - 00959168 _____ () C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-01-04 08:21 - 2016-01-04 08:21 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 05:13 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2013-09-05 04:31 - 2013-09-05 04:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-11-23 14:31 - 2015-11-18 15:36 - 05890368 _____ () C:\Users\DoyleandDeborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-04-18 14:30 - 2016-04-18 14:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-09-09 23:29 - 2015-09-09 23:29 - 00117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2016-07-13 05:12 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 05:11 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 05:12 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 05:12 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-19 21:09 - 2016-05-19 21:09 - 00679624 _____ () C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-09 14:32 - 2013-08-05 01:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-18 14:30 - 2016-04-18 14:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 14:30 - 2016-04-18 14:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-11-07 21:19 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-735262800-3402139366-674106683-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DoyleandDeborah\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{3dabeb7d-7bf6-4a88-8976-cf146ab9ba91}.JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\StartupApproved\Run: => "SmileboxTray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1FEEED91-0E43-4F4F-8339-ACE5933D9F00}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0A6D86A9-F0B2-41B4-AA29-D32C060F08B9}] => (Allow) LPort=5357
FirewallRules: [{892D17CB-EACC-404D-B3C5-ED555B4A4C3A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{14C43C80-A7C7-40E6-B1B6-D39C4F798FA9}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{7B3E1942-B3FA-45C7-BCFC-26F741E02F02}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{B7D0724A-038B-4C61-8037-3F3CCA72E1A1}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{D9BE2CE5-89A2-46F9-8013-512C64CE02DD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{4E079BCD-083C-41C2-8F00-335B5FC42863}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{EEC319A6-3D8C-41CF-B3E7-ECD1788A49E7}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C7A613C1-4236-43DC-8580-0D077382A646}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{A0B6D8F3-974E-427C-BCF6-78863C8BDBBA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{A746BFA8-81BD-449F-A57F-8F6A56A89C93}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{55A1CC8B-F5B2-4F89-B934-BB6B92F98F77}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{72677A2F-7F3C-4F05-9606-5B05DE0883F4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7B65913D-81D5-4B3B-8940-ACB71D3BDD6B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{C4F0D8DB-C0FE-4DF4-9A78-7115A3E450B3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9DAB443F-3D24-4B13-83DF-82279667C913}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{305CD357-8836-49C7-B656-CFC4822BD1EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0C7E82D1-277F-429A-AB32-ACD501EFC554}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{881CBB5C-C86A-4A51-A106-8D2748BC30DE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E3A15D26-8CDC-430C-994A-673FD21B675E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A6C1B007-B7FE-4110-AC68-7251920DEBCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99B535CD-C1BD-45B1-BE06-50B40EEFC899}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D10D0275-9856-4954-A494-D749355E066D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5A65F0F9-68C5-45EB-BC7D-07150D68119F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D90B6743-78C0-4E0E-9852-10D9E94B94D3}] => (Allow) LPort=2869
FirewallRules: [{723A8167-2641-4F10-9842-E23C4C7E4959}] => (Allow) LPort=1900
FirewallRules: [{308A4F8D-4A9C-46B6-833D-8A0E1D415653}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2DB439F3-85C8-49A2-AC45-AFE81F663070}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CDC9F240-D253-466D-9A2C-88AF1535678C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CC59BD60-6062-4863-AA1C-B99498A7D635}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BB6AD5C6-DBDA-4ED8-A394-D5ACA808E8E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01B9E0C0-B51A-4FF6-9707-F5C4577086D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0C164CF-FFBA-45E7-AE02-8FE45ACDE053}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C972E197-3353-42C5-A624-CB49A5C0E41B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{B469A74A-B1B8-46C6-907C-87F1262B05D2}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{9A59536C-FFB7-4703-95C7-5A1D5A4FE616}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{3D916217-D833-4D2C-B4B6-FFA34CBE1BFC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{39C5F3A3-CD05-4BED-A6F1-DC4F274A5D2B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F8982055-FBC2-4872-9415-A1DF29DE9FFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5BBFBE71-F02F-4F59-87B9-A34D6C363135}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0EEF1566-D582-4D14-9D22-939A8BE05E0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F99117F-4250-45EF-B5C6-595D850B2E27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

05-08-2016 21:09:00 Windows Update
10-08-2016 05:03:44 Windows Update
13-08-2016 08:53:47 Windows Update
17-08-2016 05:43:34 Windows Update
20-08-2016 09:03:43 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2016 05:56:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/20/2016 09:03:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/19/2016 09:44:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/19/2016 08:05:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 10:50:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 10:50:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 09:50:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 09:22:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 09:20:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2016 07:23:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/20/2016 06:59:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 5 time(s).

Error: (08/20/2016 01:50:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 4 time(s).

Error: (08/20/2016 11:15:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).

Error: (08/20/2016 09:04:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Enterprise WSD Multi-Function Printer, Other hardware - Null Fax - HP Officejet 4630 series.

Error: (08/20/2016 12:57:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).

Error: (08/20/2016 12:51:40 AM) (Source: DCOM) (EventID: 10016) (User: OFFICE-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Office-pcDoyleandDeborahS-1-5-21-735262800-3402139366-674106683-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/20/2016 12:51:40 AM) (Source: DCOM) (EventID: 10016) (User: OFFICE-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Office-pcDoyleandDeborahS-1-5-21-735262800-3402139366-674106683-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/20/2016 12:45:59 AM) (Source: DCOM) (EventID: 10016) (User: OFFICE-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Office-pcDoyleandDeborahS-1-5-21-735262800-3402139366-674106683-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/19/2016 10:21:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2016 08:10:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Enterprise WSD Multi-Function Printer, Other hardware - Null Fax - HP Officejet 4630 series.


CodeIntegrity:
===================================
Date: 2016-08-20 00:45:24.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.672
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.533
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.523
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-20 00:45:24.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.892
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:58:16.832
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-19 22:29:18.364
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8097.27 MB
Available physical RAM: 4868.49 MB
Total Virtual: 9377.27 MB
Available Virtual: 5782.46 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.47 GB) (Free:839.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.12 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A3A797D8)

Partition: GPT.

==================== End of Addition.txt ============================
vailable physical RAM: 4868.49 MB
Total Virtual: 9377.27 MB
Available Virtual: 5782.46 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.47 GB) (Free:839.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.12 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A3A797D8)

Partition: GPT.

==================== End of Addition.txt ============================
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Sorry but it looks like you double posted the Addition.txt log file. Can you post the FRST.txt file by itself, please?
 

dlsully

Thread Starter
Joined
Nov 4, 2008
Messages
62
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by DoyleandDeborah (administrator) on OFFICE-PC (21-08-2016 16:59:17)
Running from C:\Users\DoyleandDeborah\Desktop
Loaded Profiles: DoyleandDeborah (Available Profiles: DoyleandDeborah)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Flickr) C:\Users\DoyleandDeborah\AppData\Local\FlickrUploadrWindows\app-1.0.1.292\Flickr.exe
() C:\Users\DoyleandDeborah\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKLM-x32\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [SmileboxTray] => C:\Users\DoyleandDeborah\AppData\Roaming\Smilebox\SmileboxTray.exe [341976 2015-09-08] (Smilebox, Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [FlickrUploadr] => "C:\Users\DoyleandDeborah\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [Amazon Music] => C:\Users\DoyleandDeborah\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-11-18] ()
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Uninstall C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DoyleandDeborah\AppData\Local\Microsoft\OneDrive\17.3.6386.0412"
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-06-30] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-735262800-3402139366-674106683-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{069580a9-1947-420e-a11f-8b90f9b68e1c}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f0fc5653-b217-49b2-b1bb-c5f36b864615}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={A0B4FBEA-8931-4400-8E48-2D8CF65CF733}&mid=f5ac03e1630547cca10df16c22334559-a56ccfc89b71929407fd2cc247b8580eebb2f424&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-09 11:52:14&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {C2ADD33F-A696-4C07-A753-2980B62B169D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF ProfilePath: C:\Users\DoyleandDeborah\AppData\Roaming\Mozilla\Firefox\Profiles\elowxhej.default-1459667439276
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.foxnews.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-735262800-3402139366-674106683-1001: @citrixonline.com/appdetectorplugin -> C:\Users\DoyleandDeborah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-05] (Citrix Online)
FF Extension: Pin It button - C:\Users\DoyleandDeborah\AppData\Roaming\Mozilla\Firefox\Profiles\elowxhej.default-1459667439276\Extensions\[email protected] [2016-05-01]
FF Extension: JollyArcade - C:\Users\DoyleandDeborah\AppData\Roaming\Mozilla\Firefox\Profiles\elowxhej.default-1459667439276\Extensions\{cd9d2474-fff2-4f19-8452-0ec2f4422117}.xpi [2016-08-11]

Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir="
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-13]
CHR Extension: (Google Docs) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-13]
CHR Extension: (Google Drive) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-09]
CHR Extension: (YouTube) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-09]
CHR Extension: (AVG Secure Search) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-06-09]
CHR Extension: (Google Search) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-13]
CHR Extension: (Google Sheets) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Gmail) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-03] (IDT, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-24] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-21 16:59 - 2016-08-21 16:59 - 00000000 ____D C:\Users\DoyleandDeborah\Desktop\FRST-OlderVersion
2016-08-20 19:28 - 2016-08-20 19:28 - 00048408 _____ C:\Users\DoyleandDeborah\Desktop\Addition.txt
2016-08-20 19:27 - 2016-08-21 16:59 - 00027041 _____ C:\Users\DoyleandDeborah\Desktop\FRST.txt
2016-08-20 19:27 - 2016-08-21 16:59 - 00000000 ____D C:\FRST
2016-08-20 19:25 - 2016-08-21 16:59 - 02396672 _____ (Farbar) C:\Users\DoyleandDeborah\Desktop\FRST64.exe
2016-08-20 00:51 - 2016-08-20 00:51 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-20 00:51 - 2016-08-20 00:51 - 00001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-20 00:48 - 2016-08-20 00:51 - 45146176 _____ C:\Users\DoyleandDeborah\Downloads\Firefox Setup 48.0.1.exe
2016-08-20 00:45 - 2016-08-20 00:45 - 00243408 _____ C:\Users\DoyleandDeborah\Downloads\Firefox_Setup_38.0.exe
2016-08-20 00:44 - 2016-08-20 00:45 - 01050944 _____ ( ) C:\Users\DoyleandDeborah\Downloads\Firefox_Setup.exe
2016-08-19 22:29 - 2016-08-19 22:29 - 00051712 _____ C:\Users\DoyleandDeborah\Downloads\WNMU Field Practicum Timesheet 2016.xls
2016-08-19 21:50 - 2016-08-19 21:50 - 00017590 _____ C:\Users\DoyleandDeborah\Downloads\MSW-without_BSW_2016-17-1.pdf
2016-08-19 08:03 - 2016-08-19 08:03 - 00000000 ___HD C:\OneDriveTemp
2016-08-18 22:45 - 2016-08-18 22:45 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\DoyleandDeborah\Downloads\Zoom_launcher.exe
2016-08-18 22:45 - 2016-08-18 22:45 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\DoyleandDeborah\Downloads\Zoom_launcher (1).exe
2016-08-16 22:20 - 2016-08-16 22:20 - 00104734 _____ C:\Users\DoyleandDeborah\Documents\Student Travel Request-2.pdf
2016-08-16 22:07 - 2016-08-20 19:20 - 00000000 ____D C:\Users\DoyleandDeborah\Documents\2016-17 Grad
2016-08-13 13:07 - 2016-08-13 13:07 - 00509440 _____ (Tech Support Guy System) C:\Users\DoyleandDeborah\Downloads\SysInfo.exe
2016-08-13 10:45 - 2016-08-13 10:45 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\Program Files\iTunes
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\Program Files\iPod
2016-08-13 10:45 - 2016-08-13 10:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-13 10:39 - 2016-08-13 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-08-13 10:24 - 2016-08-13 10:24 - 07045323 _____ C:\Users\DoyleandDeborah\Downloads\OST-2011-English-Music-and-Voice_eng.zip
2016-08-10 05:03 - 2016-08-03 04:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 05:03 - 2016-08-03 04:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 05:03 - 2016-08-03 04:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 05:03 - 2016-08-03 04:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 05:03 - 2016-08-03 04:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 05:03 - 2016-08-03 04:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 05:03 - 2016-08-03 04:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 05:03 - 2016-08-03 04:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 05:03 - 2016-08-03 04:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 05:03 - 2016-08-03 04:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 05:03 - 2016-08-03 04:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 05:03 - 2016-08-03 04:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 05:03 - 2016-08-03 04:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 05:03 - 2016-08-03 03:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 05:03 - 2016-08-03 03:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 05:03 - 2016-08-03 03:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 05:03 - 2016-08-03 03:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 05:03 - 2016-08-03 03:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 05:03 - 2016-08-03 03:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 05:03 - 2016-08-03 03:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 05:03 - 2016-08-03 03:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 05:03 - 2016-08-03 03:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 05:03 - 2016-08-03 03:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 05:03 - 2016-08-03 03:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 05:03 - 2016-08-03 03:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 05:03 - 2016-08-03 03:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 05:03 - 2016-08-03 03:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 05:03 - 2016-08-03 03:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 05:03 - 2016-08-03 03:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 05:03 - 2016-08-03 03:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 05:03 - 2016-08-03 03:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 05:03 - 2016-08-03 03:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 05:03 - 2016-08-03 03:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 05:03 - 2016-08-03 03:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 05:03 - 2016-08-03 03:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 05:03 - 2016-08-03 03:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 05:03 - 2016-08-03 03:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 05:03 - 2016-08-03 03:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 05:03 - 2016-08-02 23:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 05:03 - 2016-08-02 23:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 05:03 - 2016-08-02 23:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 05:03 - 2016-08-02 23:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 05:03 - 2016-08-02 23:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 05:03 - 2016-08-02 23:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 05:03 - 2016-08-02 23:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 05:03 - 2016-08-02 22:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 05:03 - 2016-08-02 22:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 05:03 - 2016-08-02 22:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 05:03 - 2016-08-02 22:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 05:03 - 2016-08-02 22:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 05:03 - 2016-08-02 22:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 05:03 - 2016-08-02 22:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 05:03 - 2016-08-02 22:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 05:03 - 2016-08-02 22:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 05:03 - 2016-08-02 22:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 05:03 - 2016-08-02 22:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 05:03 - 2016-08-02 22:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 05:03 - 2016-08-02 22:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 05:03 - 2016-08-02 22:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 05:02 - 2016-08-03 05:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 05:02 - 2016-08-03 05:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 05:02 - 2016-08-03 05:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 05:02 - 2016-08-03 04:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 05:02 - 2016-08-03 04:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 05:02 - 2016-08-03 04:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 05:02 - 2016-08-03 04:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 05:02 - 2016-08-03 04:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 05:02 - 2016-08-03 04:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 05:02 - 2016-08-03 04:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 05:02 - 2016-08-03 04:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 05:02 - 2016-08-03 04:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 05:02 - 2016-08-03 04:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 05:02 - 2016-08-03 03:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 05:02 - 2016-08-03 03:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 05:02 - 2016-08-03 03:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 05:02 - 2016-08-03 03:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 05:02 - 2016-08-03 03:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 05:02 - 2016-08-03 03:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 05:02 - 2016-08-03 03:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 05:02 - 2016-08-03 03:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 05:02 - 2016-08-03 03:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 05:02 - 2016-08-03 03:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 05:02 - 2016-08-03 03:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 05:02 - 2016-08-03 03:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 05:02 - 2016-08-03 03:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 05:02 - 2016-08-03 03:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 05:02 - 2016-08-03 03:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 05:02 - 2016-08-03 03:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 05:02 - 2016-08-03 03:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 05:02 - 2016-08-03 03:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 05:02 - 2016-08-03 03:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 05:02 - 2016-08-03 03:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 05:02 - 2016-08-03 03:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 05:02 - 2016-08-03 03:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 05:02 - 2016-08-03 03:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 05:02 - 2016-08-03 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 05:02 - 2016-08-03 03:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 05:02 - 2016-08-03 03:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 05:02 - 2016-08-03 03:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 05:02 - 2016-08-03 03:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 05:02 - 2016-08-03 03:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 05:02 - 2016-08-03 03:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 05:02 - 2016-08-03 03:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 05:02 - 2016-08-03 03:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 05:02 - 2016-08-03 03:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 05:02 - 2016-08-03 03:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 05:02 - 2016-08-03 03:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 05:02 - 2016-08-02 23:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 05:02 - 2016-08-02 23:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 05:02 - 2016-08-02 23:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 05:02 - 2016-08-02 22:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 05:02 - 2016-08-02 22:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 05:02 - 2016-08-02 22:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 05:02 - 2016-08-02 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 05:02 - 2016-08-02 22:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 05:02 - 2016-08-02 22:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 05:02 - 2016-08-02 22:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 05:02 - 2016-08-02 22:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 05:02 - 2016-08-02 22:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 05:02 - 2016-08-02 22:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 05:02 - 2016-08-02 22:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 05:02 - 2016-08-02 22:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 05:02 - 2016-08-02 22:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 05:02 - 2016-08-02 22:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 05:02 - 2016-08-02 22:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 05:02 - 2016-08-02 22:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 05:02 - 2016-08-02 22:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 05:02 - 2016-08-02 22:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 05:02 - 2016-08-02 22:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-21 16:53 - 2015-02-03 21:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f.job
2016-08-21 16:46 - 2014-09-10 19:07 - 00000338 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2016-08-21 16:42 - 2014-10-20 18:27 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-21 16:35 - 2014-11-05 19:28 - 00000642 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001.job
2016-08-21 16:34 - 2014-09-11 18:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-21 16:15 - 2014-09-10 18:25 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1D506CD0-8EC6-4A51-9420-79D755D33A61}
2016-08-21 09:31 - 2015-06-01 14:22 - 00000738 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001.job
2016-08-21 09:08 - 2014-09-10 19:08 - 00000338 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
2016-08-20 19:49 - 2016-01-04 07:31 - 00000000 ____D C:\Users\DoyleandDeborah
2016-08-20 19:49 - 2014-07-09 14:33 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-08-20 19:32 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-20 00:51 - 2016-06-10 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-20 00:51 - 2014-09-10 19:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-20 00:45 - 2014-09-10 19:07 - 00002820 _____ C:\WINDOWS\System32\Tasks\UpdaterEX
2016-08-19 08:23 - 2014-09-13 11:41 - 00003324 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDoyleandDeborah
2016-08-19 08:23 - 2014-09-13 11:41 - 00000392 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDoyleandDeborah.job
2016-08-19 08:06 - 2016-01-04 07:31 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-19 08:03 - 2016-01-04 07:28 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-19 08:03 - 2014-11-15 10:25 - 00000000 __SHD C:\Users\DoyleandDeborah\IntelGraphicsProfiles
2016-08-19 08:03 - 2014-10-20 18:27 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 08:03 - 2014-09-13 17:22 - 00000000 __RDO C:\Users\DoyleandDeborah\OneDrive
2016-08-19 08:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-19 07:59 - 2016-01-04 07:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 06:58 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-17 16:21 - 2014-09-26 18:52 - 00003512 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-08-16 22:14 - 2015-09-24 17:33 - 00000000 ____D C:\Users\DoyleandDeborah\Documents\2015-16 grad papers
2016-08-15 21:13 - 2016-01-06 16:44 - 00000000 ____D C:\Users\DoyleandDeborah\Documents\EI DS II
2016-08-13 10:51 - 2016-03-07 23:19 - 00000000 ___RD C:\Users\DoyleandDeborah\iCloudDrive
2016-08-13 10:51 - 2016-03-07 23:19 - 00000000 ____D C:\Users\DoyleandDeborah\AppData\Local\67E3E129-54B5-4109-B890-05E83A93D247.aplzod
2016-08-13 10:48 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-13 10:45 - 2014-09-26 17:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-12 09:35 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 13:39 - 2015-06-01 14:22 - 00003912 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-735262800-3402139366-674106683-1001
2016-08-11 13:39 - 2014-11-05 19:28 - 00003816 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-735262800-3402139366-674106683-1001
2016-08-11 05:45 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 03:46 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 03:46 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 03:46 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 05:13 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 05:13 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 05:13 - 2014-09-12 09:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 05:09 - 2014-09-12 09:41 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 18:54 - 2014-10-20 18:28 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 18:54 - 2014-10-20 18:28 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-06 13:55 - 2016-06-07 16:28 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-08-06 13:55 - 2016-06-07 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-08-02 16:23 - 2015-10-02 11:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 07:48 - 2015-02-03 21:37 - 00004014 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0402bf0691d3f
2016-08-02 07:48 - 2014-10-20 18:27 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-02 07:43 - 2014-09-18 16:53 - 00000000 ____D C:\ProgramData\FitbitConnect
2016-08-02 07:43 - 2014-07-09 14:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-02 07:34 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\registration
2016-08-02 07:33 - 2014-11-29 18:02 - 00000000 __RHD C:\MSOCache
2016-07-27 13:25 - 2015-11-08 13:26 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-09-10 20:08 - 2014-12-09 01:08 - 0000130 _____ () C:\Users\DoyleandDeborah\AppData\Roaming\WB.CFG
2014-12-01 18:08 - 2014-12-01 18:08 - 0000010 _____ () C:\Users\DoyleandDeborah\AppData\Local\DSI.DAT
2014-11-15 12:41 - 2014-11-15 12:41 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\DoyleandDeborah\AppData\Local\Temp\avguirn_08284737444.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-15 07:59

==================== End of FRST.txt ============================
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
We will see what we can do here even though the logs are from two different dates.

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Extended Update
QuickTime 7
WSE_Astromenda


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
C:\Program Files (x86)\QuickTime
HKLM-x32\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKLM-x32\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
C:\Users\DOYLEA~1\AppData\Local\Temp
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={A0B4FBEA-8931-4400-8E48-2D8CF65CF733}&mid=f5ac03e1630547cca10df16c22334559-a56ccfc89b71929407fd2cc247b8580eebb2f424&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-09 11:52:14&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir="
CHR Extension: (Google Drive) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-09]
CHR Extension: (YouTube) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-09]
CHR Extension: (Google Search) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
2016-08-21 16:46 - 2014-09-10 19:07 - 00000338 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2016-08-21 09:08 - 2014-09-10 19:08 - 00000338 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
2016-08-20 00:45 - 2014-09-10 19:07 - 00002820 _____ C:\WINDOWS\System32\Tasks\UpdaterEX
C:\Users\DoyleandDeborah\AppData\Local\Temp\avguirn_08284737444.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u91-windows-au.exe
Task: {3F331DDC-A4A6-4F70-B2A0-33F388569221} - System32\Tasks\WSE_Astromenda => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1
Task: {424D3916-DEC6-40C2-9386-F368A19D3841} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {566C34CC-3911-487D-9051-2C791EFCD6A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5FAC844B-B9C8-4C94-829E-9C2FD82D5DD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {66C269E3-F79F-425E-8885-E0650A0C600D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6C184734-D060-4FF3-B854-0208A3BDA014} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {95914A93-C79D-4953-8B23-BD3FD87601D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A0F9E79-B387-4743-A1C1-03F05C81D8FC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9F66803E-B584-46AF-8FAD-3CE61634CA59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B147B0D4-7E39-4CEE-B5B6-3D5BDC89E384} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EE5E8B5B-B6DC-4796-879F-C381BE02DBEC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F3A0931F-18F9-4992-8490-0DE9B6597A7B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job =>
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also, please tell me how the system is running now. Thank you.
 

dlsully

Thread Starter
Joined
Nov 4, 2008
Messages
62
Actually, Firefox is not running any better and in fact may be slower and more cumbersome than before. The underlined words in random spots in an article are still there and they link to ads EVEN if your mouse merely runs near them. I do not, however, have random videos popping up in other screens but there is still some crazy stuff. For instance, our homepage; Fox News. We click on a story and a second browser window opens with something random such as 'Support For Computers and Laptops'. (Just happened.)

Here is the Fixlist:


Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by DoyleandDeborah (22-08-2016 13:32:59) Run:1
Running from C:\Users\DoyleandDeborah\Desktop
Loaded Profiles: DoyleandDeborah (Available Profiles: DoyleandDeborah)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
C:\Program Files (x86)\QuickTime
HKLM-x32\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKLM-x32\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
C:\Users\DOYLEA~1\AppData\Local\Temp
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60434125] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
HKU\S-1-5-21-735262800-3402139366-674106683-1001\...\RunOnce: [Del60445578] => cmd.exe /Q /D /c del "C:\Users\DOYLEA~1\AppData\Local\Temp\0.del" <===== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
SearchScopes: HKU\S-1-5-21-735262800-3402139366-674106683-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={A0B4FBEA-8931-4400-8E48-2D8CF65CF733}&mid=f5ac03e1630547cca10df16c22334559-a56ccfc89b71929407fd2cc247b8580eebb2f424&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-09 11:52:14&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_37_ie&cd=2XzuyEtN2Y1L1QzutAtDtCtD0BtAtDtCyDyCyC0A0DyDyDzytN0D0Tzu0SzyzzyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEtDtDzztDyCtAtG0B0A0BtAtGyB0Bzz0DtG0DyC0C0FtGtAzz0D0D0Czy0A0AtAtAyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0DyBzztAyCyDtCtG0D0E0FzytGyEyB0F0FtGzz0D0EzytG0FzztD0CtDzyyCtDtCyBtB0C2Q&cr=609131869&ir="
CHR Extension: (Google Drive) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-09]
CHR Extension: (YouTube) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-09]
CHR Extension: (Google Search) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
2016-08-21 16:46 - 2014-09-10 19:07 - 00000338 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2016-08-21 09:08 - 2014-09-10 19:08 - 00000338 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
2016-08-20 00:45 - 2014-09-10 19:07 - 00002820 _____ C:\WINDOWS\System32\Tasks\UpdaterEX
C:\Users\DoyleandDeborah\AppData\Local\Temp\avguirn_08284737444.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u91-windows-au.exe
Task: {3F331DDC-A4A6-4F70-B2A0-33F388569221} - System32\Tasks\WSE_Astromenda => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1
Task: {424D3916-DEC6-40C2-9386-F368A19D3841} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {566C34CC-3911-487D-9051-2C791EFCD6A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5FAC844B-B9C8-4C94-829E-9C2FD82D5DD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {66C269E3-F79F-425E-8885-E0650A0C600D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6C184734-D060-4FF3-B854-0208A3BDA014} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {95914A93-C79D-4953-8B23-BD3FD87601D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A0F9E79-B387-4743-A1C1-03F05C81D8FC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9F66803E-B584-46AF-8FAD-3CE61634CA59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B147B0D4-7E39-4CEE-B5B6-3D5BDC89E384} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EE5E8B5B-B6DC-4796-879F-C381BE02DBEC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F3A0931F-18F9-4992-8490-0DE9B6597A7B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job =>
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value not found.
"C:\Program Files (x86)\QuickTime" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del60434125 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del60445578 => value not found.

"C:\Users\DOYLEA~1\AppData\Local\Temp" folder move:

Could not move "C:\Users\DOYLEA~1\AppData\Local\Temp" => Scheduled to move on reboot.

HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del60434125 => value not found.
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del60445578 => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-735262800-3402139366-674106683-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-735262800-3402139366-674106683-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\WINDOWS\Tasks\UpdaterEX.job => moved successfully
C:\WINDOWS\Tasks\WSE_Astromenda.job => moved successfully
C:\WINDOWS\System32\Tasks\UpdaterEX => moved successfully
C:\Users\DoyleandDeborah\AppData\Local\Temp\avguirn_08284737444.exe => moved successfully
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\DoyleandDeborah\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F331DDC-A4A6-4F70-B2A0-33F388569221}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F331DDC-A4A6-4F70-B2A0-33F388569221}" => key removed successfully
C:\WINDOWS\System32\Tasks\WSE_Astromenda => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => key removed successfully
C:\Users\DOYLEA~1\AppData\Roaming\WSE_AS~1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{424D3916-DEC6-40C2-9386-F368A19D3841}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{424D3916-DEC6-40C2-9386-F368A19D3841}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{566C34CC-3911-487D-9051-2C791EFCD6A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{566C34CC-3911-487D-9051-2C791EFCD6A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FAC844B-B9C8-4C94-829E-9C2FD82D5DD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FAC844B-B9C8-4C94-829E-9C2FD82D5DD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66C269E3-F79F-425E-8885-E0650A0C600D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66C269E3-F79F-425E-8885-E0650A0C600D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C184734-D060-4FF3-B854-0208A3BDA014}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C184734-D060-4FF3-B854-0208A3BDA014}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95914A93-C79D-4953-8B23-BD3FD87601D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95914A93-C79D-4953-8B23-BD3FD87601D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A0F9E79-B387-4743-A1C1-03F05C81D8FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A0F9E79-B387-4743-A1C1-03F05C81D8FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F66803E-B584-46AF-8FAD-3CE61634CA59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F66803E-B584-46AF-8FAD-3CE61634CA59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B147B0D4-7E39-4CEE-B5B6-3D5BDC89E384}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B147B0D4-7E39-4CEE-B5B6-3D5BDC89E384}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE5E8B5B-B6DC-4796-879F-C381BE02DBEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5E8B5B-B6DC-4796-879F-C381BE02DBEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3A0931F-18F9-4992-8490-0DE9B6597A7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A0931F-18F9-4992-8490-0DE9B6597A7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\WINDOWS\Tasks\UpdaterEX.job => not found.
C:\WINDOWS\Tasks\WSE_Astromenda.job => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-735262800-3402139366-674106683-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-735262800-3402139366-674106683-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25545547 B
Java, Flash, Steam htmlcache => 58444 B
Windows/system/drivers => 222632519 B
Edge => 126214895 B
Chrome => 397099613 B
Firefox => 393301377 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 557792 B
NetworkService => 10164 B
DoyleandDeborah => 431702381 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-08-2016 13:36:39)

C:\Users\DOYLEA~1\AppData\Local\Temp => moved successfully

==== End of Fixlog 13:36:43 ====
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Let us see what removing the leftover Adware does.

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:


Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this


On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

dlsully

Thread Starter
Joined
Nov 4, 2008
Messages
62
Here are the JRT log and the AdwCleaner log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by DoyleandDeborah (Administrator) on Mon 08/22/2016 at 17:10:56.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\Program Files (x86)\WSE_Astromenda (Folder)
Successfully deleted: C:\Users\DoyleandDeborah\AppData\Local\astromenda (Folder)
Successfully deleted: C:\Users\DoyleandDeborah\AppData\Local\ysearchutil (Folder)
Successfully deleted: C:\Users\DoyleandDeborah\AppData\Roaming\astromenda (Folder)
Successfully deleted: C:\Users\DoyleandDeborah\AppData\Roaming\updaterex (Folder)
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/22/2016 at 17:12:14.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v6.000 - Logfile created 22/08/2016 at 17:22:38
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-22.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : DoyleandDeborah - OFFICE-PC
# Running from : C:\Users\DoyleandDeborah\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Users\DoyleandDeborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: UpdaterEX


***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\BRS
[-] Key deleted: HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\InstallCore
[-] Key deleted: HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\UpdaterEX
[-] Key deleted: HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\WSE_Astromenda
[#] Key deleted on reboot: HKCU\Software\BRS
[#] Key deleted on reboot: HKCU\Software\InstallCore
[#] Key deleted on reboot: HKCU\Software\UpdaterEX
[#] Key deleted on reboot: HKCU\Software\WSE_Astromenda
[-] Key deleted: HKLM\SOFTWARE\InstallCore
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Value deleted: HKU\S-1-5-21-735262800-3402139366-674106683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [BRS]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]


***** [ Web browsers ] *****

[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2737 Bytes] - [22/08/2016 17:22:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [2960 Bytes] - [22/08/2016 17:21:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2883 Bytes] ##########
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.

Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"


Once the program has loaded and updated, select "Scan Now >>" to start the scan.


The scan may take some time to finish, so please be patient.


If any malware is found, you will be presented with a screen like the one below.


Make sure that everything is checked, and click Remove Selected. when the removal is completed, a summary screen will be presented.


At the bottom of this screen, click on Save Results and then on Text file (*.txt). Save the file to your desktop and click OK. Click Finish to return to the main screen and then close Malwarebytes.


Double click on log file you saved to your desktop; the log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

dlsully

Thread Starter
Joined
Nov 4, 2008
Messages
62
I had, in a previous post, stated that the videos had quit... Not so, they are still there. Also when I ran the Malwarebyte scan, I did not see the 'save results' until the pc had rebooted. However, I have exported the scan log from the history and am copying and pasting that here:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/23/2016
Scan Time: 7:53 PM
Logfile: Malwarebyte scan log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.24.01
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: DoyleandDeborah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347143
Time Elapsed: 19 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [a43d76d8cbcf10261cb4a0f7a85b6f91]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.InstallCore, C:\Users\DoyleandDeborah\Desktop\adobe_flash_setup.exe, Quarantined, [03dee36b8e0cc670fa50395ed72df60a],
PUP.Optional.InstallCore, C:\Users\DoyleandDeborah\Downloads\Firefox_Setup.exe, Quarantined, [e2ff331b8416b77f1adacf051de753ad],

Physical Sectors: 0
(No malicious items detected)


(end)
---------------------------------------------------------------------------------------------------------------


It found NO malicious malware. Nevertheless, the pc is still a horrible mess. :(
 

dlsully

Thread Starter
Joined
Nov 4, 2008
Messages
62
It's possible that the following information may help: Every time I open my home page, Malwarebyte protection pops up to tell me that it has blocked the following website - trcklion.com . I've no idea where this is hidden or why it keeps trying to go there.
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Go to Emsisoft and download the Emsisoft Free Emergency Kit from here.
  • Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
  • Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
  • Once the scanner loads, click on 1.Update to check for and load the current updates.
  • When the updates are finished, click on Malware Scan in the 2. Scan box.
  • Please enable the PUP detection option. (The Kit may ask about this after it is loading updates or right when the scan starts; it will only ask once, so enable it when the Kit asks.)
  • If the scan finds anything, it will open a scan finding window. Please click on View Report; copy this report and paste it here in reply post.
  • Please close the Emergency Kit Scanner program now.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top