Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser hijacked, SpeedBrowser [Closed]


  • This topic is locked This topic is locked

#1
stevielevi

stevielevi

    New Member

  • Member
  • Pip
  • 1 posts

Hi Guys, flyboy1565 helping stevielevi here on his first visit (brother-in-law).

 

A month or so ago, he lost ablitity to get online without pop-ups. He has random fake-virus protection notifications. I see that when any link for his browser is clicked, it loads speedbrowser. from there i told him we should get intouch with you guys.

 

Here are the logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Steven (administrator) on STEVENS (02-08-2015 21:49:02)
Running from C:\Users\Steven\Desktop
Loaded Profiles: Steven (Available Profiles: Steven)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Over the Rainbow Tech) C:\ProgramData\PicColor Utility\ColorMedia.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\ProgramData\PicColor Utility\PicColor.exe
() C:\Users\Steven\AppData\Roaming\ASPackage\ASSrv.exe
(Aztec Media Inc) C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe
(Search Module Plus Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
() C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Word Proser) C:\Program Files (x86)\WordProser_1.10.0.5\Service\wpsvc.exe
(GOOBZO) C:\Program Files (x86)\YT Accelerator\ytAcceleratorService.exe
(Interesting Solutions) C:\ProgramData\KvnSqJfG\fVnbGuoH.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Users\Steven\AppData\Local\ospd_us_502\upospd_us_502.exe
(OB) C:\Program Files (x86)\Savepass 2.0\7c1f0781-e46a-4214-9ddf-6a05c92de23c-6.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Program Files (x86)\ver9SpeeditUp\m3SpeeditUpR61.exe
(Cinema PlusV18.03) C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\c4b3fd86-d39c-48b5-b922-0d28fbc1303e-6.exe
(Cinema PlusV18.03) C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\c4b3fd86-d39c-48b5-b922-0d28fbc1303e-1-6.exe
() C:\Program Files (x86)\ver9SpeeditUp\SpeeditUp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Boost Shopping) C:\Program Files (x86)\Boost\Boost.exe
(Aztec Media Inc) C:\Users\Steven\AppData\Local\Linkey\IEExtension\ietlbl.exe
(Aztec Media Inc) C:\Users\Steven\AppData\Local\Linkey\IEExtension\ietlbl64.exe
(GOOBZO) C:\Program Files (x86)\YT Accelerator\ytAccelerator.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\ospd_us_502\ospd_us_502.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\gmsd_us_335\gmsd_us_335.exe
(SoftBrain Technologies Ltd.) C:\Users\Steven\AppData\Local\SmartWeb\SmartWebHelper.exe
() C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(PC Utilities Software Limited) C:\ProgramData\{69c271f3-bb06-a1da-69c2-271f3bb0c7ce}\optimizerpro_soft_partner.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> dw20.exe
() C:\Program Files (x86)\PlumoWeb\bin\utilPlumoWeb.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftBrain Technologies Ltd.) C:\Users\Steven\AppData\Local\SmartWeb\SmartWebApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(Cinema PlusV18.03) C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\c4b3fd86-d39c-48b5-b922-0d28fbc1303e-10.exe
(Adobe Systems Incorporated) C:\Windows\Temp\{10DA66CC-0B51-49F3-8302-EA4BD1C13A46}\InstallFlashPlayer.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Cinema PlusV18.03) C:\Program Files (x86)\Lights Cinema 1.4betaV18.03\c4b3fd86-d39c-48b5-b922-0d28fbc1303e-10.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [upospd_us_502.exe] => C:\Users\Steven\AppData\Local\ospd_us_502\upospd_us_502.exe [3309224 2014-12-01] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] (Qualcomm®Atheros®)
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\...\Run: [GoogleChromeAutoLaunch_F24911D7A7038F5FFBF2DBF664E78DA0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\...\Run: [GoobzoYTAccelerator] => C:\Program Files (x86)\YT Accelerator\YTAccelerator.exe [2226120 2015-03-22] (GOOBZO)
AppInit_DLLs-x32: _c:\progra~2\search~1\search~1\bin\vc32lo~1.dll => "c:\progra~2\search~1\search~1\bin\vc32lo~1.dll" File not found
IFEO\b9eg190.exe: [Debugger] TaskList.exe
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\spyhunter.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajam.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-10-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk [2015-01-20]
ShortcutTarget: optimizerpro_soft_partner.lnk -> C:\ProgramData\{69c271f3-bb06-a1da-69c2-271f3bb0c7ce}\optimizerpro_soft_partner.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3622555047-1920436455-1886055571-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3622555047-1920436455-1886055571-1001] => http=127.0.0.1:52248;https=127.0.0.1:52248
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3622555047-1920436455-1886055571-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3622555047-1920436455-1886055571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll [2015-02-22] (Goobzo Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll [2015-02-22] (Goobzo Ltd.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2F4BF6D1-8870-4E09-9CD1-EF1A8892B2AB}: [DhcpNameServer] 40.52.1.201 40.52.1.203
Tcpip\..\Interfaces\{ED9F42B2-066E-4A21-9BEB-7C6C7D12BF03}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-22] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-3622555047-1920436455-1886055571-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-22] (Pando Networks)
FF HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-25]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-25]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-25]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-25]
CHR Extension: (No Name) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfghefomandejfcfhcindgbnfogdgjj [2015-03-18]
CHR Extension: (rocckkEtSale) - C:\ProgramData\maehejkckdfnooofanakidkmfjhmggob\ []
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-06-25] (BitRaider, LLC)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SmdmFService; C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-01-22] (Aztec Media Inc) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 YTAcceleratorService; C:\Program Files (x86)\YT Accelerator\YTAcceleratorService.exe [1509320 2015-03-22] (GOOBZO)
R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-06-26] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-10-15] (BitRaider)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-08-07] (Intel Corporation)
R1 MpKsl26a2aa48; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7F55B85-72DF-47AA-B828-417F49BA4F5B}\MpKsl26a2aa48.sys [45352 2015-03-23] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-02 21:49 - 2015-08-02 21:49 - 00022028 _____ C:\Users\Steven\Desktop\FRST.txt
2015-08-02 21:48 - 2015-08-02 21:49 - 00000000 ____D C:\FRST
2015-08-02 21:48 - 2015-08-02 21:44 - 02169856 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2015-08-02 21:29 - 2015-08-02 21:29 - 00001056 _____ C:\Users\Steven\Desktop\mbamReport.txt
2015-08-02 21:19 - 2015-08-02 21:19 - 00000000 ____D C:\Users\Steven\AppData\Local\WebGuard
2015-08-02 21:15 - 2015-08-02 21:15 - 01187032 _____ (Adobe Systems Incorporated) C:\Users\Steven\Downloads\flashplayer18_ha_install.exe
2015-08-02 21:13 - 2015-08-02 21:13 - 00000000 ____D C:\Users\Steven\AppData\Local\StormWatch
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-02 21:48 - 2015-01-05 15:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-02 21:48 - 2014-03-18 03:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-02 21:45 - 2013-08-22 07:46 - 00289964 _____ C:\WINDOWS\setupact.log
2015-08-02 21:31 - 2014-06-25 16:41 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3622555047-1920436455-1886055571-1001
2015-08-02 21:27 - 2015-01-05 15:18 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-02 21:26 - 2015-03-25 23:35 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-02 21:25 - 2014-06-25 22:29 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-02 21:21 - 2014-06-25 22:29 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-02 21:20 - 2014-06-25 20:22 - 00000000 ____D C:\Users\Steven\AppData\Local\Adobe
2015-08-02 21:16 - 2014-06-25 22:29 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-02 21:16 - 2014-06-25 22:29 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-02 21:14 - 2015-03-17 20:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2015-08-02 21:14 - 2015-02-20 09:26 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2015-08-02 21:14 - 2015-01-19 11:30 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-02 21:14 - 2015-01-19 11:25 - 00000000 ____D C:\Users\Steven\AppData\Roaming\Pro PC Cleaner
2015-08-02 21:14 - 2015-01-07 14:31 - 00000000 ____D C:\Program Files (x86)\WordProser_1.10.0.5
2015-08-02 21:14 - 2015-01-02 19:11 - 00000000 ____D C:\Program Files (x86)\ver9SpeeditUp
2015-08-02 21:14 - 2014-12-15 13:53 - 00000000 ____D C:\Users\Steven\AppData\Local\ospd_us_502
2015-08-02 21:13 - 2015-03-18 14:17 - 00000000 ____D C:\Program Files (x86)\gmsd_us_335
2015-08-02 21:13 - 2015-01-25 09:20 - 00000000 ____D C:\ProgramData\PicColor Utility
2015-08-02 21:13 - 2015-01-20 18:50 - 00000000 ____D C:\Users\Steven\AppData\Local\Linkey
2015-08-02 21:13 - 2015-01-19 11:24 - 00000000 ____D C:\Program Files (x86)\Search Extensions
2015-08-02 21:13 - 2015-01-19 11:23 - 00000000 ____D C:\ProgramData\{158BFD48-4509-2CCE-F48F-5C4C240D8FC2}
2015-08-02 21:13 - 2014-12-15 13:53 - 00000000 ____D C:\Program Files (x86)\ospd_us_502
2015-08-02 21:13 - 2014-12-15 13:52 - 00000000 ____D C:\ProgramData\KvnSqJfG
2015-08-02 21:12 - 2015-03-18 14:42 - 00000000 ____D C:\Program Files (x86)\89b89a7f-d3cc-4160-b0d3-0b7dde676f6a
2015-08-02 21:12 - 2015-03-18 14:41 - 00000000 ____D C:\Program Files (x86)\Lights Cinema 1.4betaV18.03
2015-08-02 21:12 - 2015-03-18 14:17 - 00000000 ____D C:\Users\Steven\AppData\Local\SmartWeb
2015-08-02 21:12 - 2015-02-20 09:19 - 00000000 ____D C:\Users\Steven\AppData\Roaming\ASPackage
2015-08-02 21:12 - 2015-02-20 09:07 - 00000000 ____D C:\Program Files (x86)\SheoPpErMassteri
2015-08-02 21:12 - 2015-02-20 03:48 - 00000000 ____D C:\Program Files (x86)\lowprriicEeS
2015-08-02 21:12 - 2015-02-15 20:43 - 00000000 ____D C:\ProgramData\cheap-o
2015-08-02 21:12 - 2015-01-25 09:21 - 00000000 ____D C:\ProgramData\2856d835a11a4d1790856bb4923c3dc2
2015-08-02 21:12 - 2015-01-20 20:35 - 00000000 ____D C:\ProgramData\{69c271f3-bb06-a1da-69c2-271f3bb0c7ce}
2015-08-02 21:12 - 2015-01-20 18:40 - 00000000 ____D C:\Users\Steven\AppData\Local\33c3f368-b94d-422a-a0a8-42ea7d6368be
2015-08-02 21:12 - 2015-01-19 11:30 - 00000000 ____D C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547
2015-08-02 21:12 - 2015-01-19 11:29 - 00000000 ____D C:\Program Files (x86)\Savepass 2.0
2015-08-02 21:12 - 2015-01-07 14:33 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-08-02 21:12 - 2015-01-02 19:11 - 00000000 ____D C:\Program Files (x86)\PlumoWeb
2015-08-02 21:12 - 2015-01-02 18:54 - 00000000 ____D C:\ProgramData\Browser
2015-08-02 21:12 - 2014-12-15 17:28 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-08-02 21:12 - 2014-12-15 13:53 - 00000000 ____D C:\Program Files (x86)\StormWatch
2015-08-02 21:12 - 2014-12-15 13:53 - 00000000 ____D C:\Program Files (x86)\Boost
2015-08-02 21:12 - 2014-12-15 13:51 - 00000000 ____D C:\ProgramData\WebGuard
2015-08-02 21:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-02 20:43 - 2014-07-01 18:05 - 01463985 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-02 20:41 - 2015-03-18 15:41 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-02 20:25 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\servicing
2015-08-02 20:18 - 2014-08-19 10:22 - 00003926 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8AF30AE-1BBB-4193-961D-71D6989C9963}
2015-08-02 20:18 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
 
==================== Files in the root of some directories =======
 
2015-01-25 09:56 - 2015-03-22 17:58 - 0000020 _____ () C:\Users\Steven\AppData\Roaming\appdataFr3.bin
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Steven\AppData\Roaming\PVYJW
2014-06-25 16:44 - 2015-03-23 15:37 - 0000074 _____ () C:\Users\Steven\AppData\Roaming\sp_data.sys
2015-01-19 22:24 - 2015-03-25 23:24 - 0000163 _____ () C:\Users\Steven\AppData\Roaming\WB.CFG
2015-01-20 19:24 - 2015-01-20 19:24 - 0000001 _____ () C:\Users\Steven\AppData\Local\DSI.DAT
2014-07-01 17:34 - 2014-07-01 17:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-28 22:19 - 2014-11-04 19:12 - 0000846 _____ () C:\ProgramData\hpzinstall.log
2013-05-01 02:34 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 02:34 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 02:34 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
 
 
Some files in TEMP:
====================
C:\Users\Steven\AppData\Local\Temp\71385_updater.exe
C:\Users\Steven\AppData\Local\Temp\7EC259B3-437F-F301-EC92-C382C4A9D910.exe
C:\Users\Steven\AppData\Local\Temp\cabex.dll
C:\Users\Steven\AppData\Local\Temp\CloudBackup3211.exe
C:\Users\Steven\AppData\Local\Temp\F045F119-2594-FB9F-C254-113018EDC621.dll
C:\Users\Steven\AppData\Local\Temp\F045F119-2594-FB9F-C254-113018EDC621.exe
C:\Users\Steven\AppData\Local\Temp\gb-installer-core.exe
C:\Users\Steven\AppData\Local\Temp\rt-update.exe
C:\Users\Steven\AppData\Local\Temp\setacl.exe
C:\Users\Steven\AppData\Local\Temp\setupA9_.exe
C:\Users\Steven\AppData\Local\Temp\Setup_162334.exe
C:\Users\Steven\AppData\Local\Temp\SpOrder.dll
C:\Users\Steven\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Steven\AppData\Local\Temp\unelevate.exe
C:\Users\Steven\AppData\Local\Temp\Uninstall.exe
C:\Users\Steven\AppData\Local\Temp\Uninstaller-120.exe
C:\Users\Steven\AppData\Local\Temp\Uninstaller-7436.exe
C:\Users\Steven\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-22 17:46
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Steven (2015-08-02 21:50:40)
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3622555047-1920436455-1886055571-500 - Administrator - Disabled)
Guest (S-1-5-21-3622555047-1920436455-1886055571-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3622555047-1920436455-1886055571-1005 - Limited - Enabled)
Steven (S-1-5-21-3622555047-1920436455-1886055571-1001 - Administrator - Enabled) => C:\Users\Steven
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C6200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C6200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dizzel (HKLM-x32\...\Steam App 315640) (Version:  - NSStudio)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.304.16315 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlumoWeb (HKLM\...\PlumoWeb) (Version: 2015.01.02.222313 - PlumoWeb) <==== ATTENTION
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.316 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
YT Accelerator (HKLM-x32\...\YT Accelerator) (Version: 3394(build_404) - Goobzo Ltd.)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3622555047-1920436455-1886055571-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
20-02-2015 03:44:57 Windows Modules Installer
19-03-2015 19:55:13 Windows Update
22-03-2015 17:11:27 Windows Modules Installer
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {001F853A-35CF-48DD-BD82-7B524B975644} - System32\Tasks\RunTool => C:\Users\Steven\AppData\Local\33c3f368-b94d-422a-a0a8-42ea7d6368be\sysad.exe <==== ATTENTION
Task: {10D114C8-BD94-4B20-991B-3FFB5F368EBD} - System32\Tasks\NXDJQC => C:\ProgramData\2856d835a11a4d1790856bb4923c3dc2\2856d835a11a4d1790856bb4923c3dc2.exe <==== ATTENTION
Task: {29A9705C-1CB4-4D27-BFB7-F78F0FB5FC0A} - \RocketTab No Task File <==== ATTENTION
Task: {2D24D9C9-573D-40AC-B2A1-4802A9940154} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-19] (Microsoft Corporation)
Task: {31453346-73DC-486B-B531-4623D5C8715A} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {43C61A7C-321E-4FB5-B046-741F5E27FE90} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {45EDA508-E505-4FDF-902E-64A7AC9E6DD7} - System32\Tasks\PVYJW => C:\Users\Steven\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: {4BA9881F-46FB-44F2-A8E4-DAAD01D4D0FB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {4FCD5E49-00BD-4A1E-B9C2-6AE099FB4FAF} - \Super Optimizer Schedule No Task File <==== ATTENTION
Task: {504A9656-2850-438D-BCAF-D3A3A4B5542D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-02] (Adobe Systems Incorporated)
Task: {695EFE23-DD91-4939-85CB-F782369004D6} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {7A293ABE-A06E-45AD-BEDD-D5C41594CC68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: {8F95AD7F-98EA-4F76-8422-E5F518041DC4} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe [2015-02-22] (Goobzo LTD) <==== ATTENTION
Task: {903423E4-5579-412B-B4F7-33CD2CA136FD} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {9960F9AD-63A5-429D-98A5-40E82640BC08} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {A97F7D6A-E644-4876-BE96-2B9F8D9029EC} - System32\Tasks\YTAUpdate => C:\Program Files (x86)\YT Accelerator\Updater.exe [2015-03-22] (Goobzo) <==== ATTENTION
Task: {C86FB809-6A77-4EC9-875A-8F41CA602E97} - \SMWPUpd No Task File <==== ATTENTION
Task: {C9DBE60A-0689-4DB7-B8C8-F450693803D1} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {CB288B69-73E8-4FC9-857D-A77B45D8B48B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {D2AAFFE6-FC6C-4783-B26F-C4333C2CF49F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3622555047-1920436455-1886055571-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {D98D5DE2-C783-40A1-81CE-7B2A405AA762} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {DA7D1A85-8D84-4EEC-8597-08B60CE9A7BF} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {DC5373A5-6AC7-47D8-8568-CEE1EECC41F1} - System32\Tasks\YTAUpdate_logon => C:\Program Files (x86)\YT Accelerator\Updater.exe [2015-03-22] (Goobzo) <==== ATTENTION
Task: {E813B5D5-E4E7-409C-B71B-3F289EC7BE8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E85F1045-AE8D-412E-AD32-3023BD650CEF} - System32\Tasks\{643789A8-B9CE-4C9E-8297-A93E01D19ED6} => pcalua.exe -a C:\Users\Steven\Downloads\SWTOR_setup.exe -d C:\Users\Steven\Downloads
Task: {F133C38E-BCA5-4256-A053-D55D30FA13B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PVYJW.job => C:\Users\Steven\AppData\Roaming\PVYJW.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-17 20:25 - 2014-11-25 12:43 - 00053832 _____ () C:\Program Files (x86)\MyPC Backup\BackupStack.exe
2015-03-17 20:26 - 2014-11-25 12:29 - 00299008 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2015-01-25 09:21 - 2015-02-08 00:27 - 00563712 _____ () C:\ProgramData\PicColor Utility\PicColor.exe
2015-02-20 09:26 - 2015-02-20 09:27 - 00089600 _____ () C:\Users\Steven\AppData\Roaming\ASPackage\ASSrv.exe
2015-01-02 15:25 - 2015-03-22 17:29 - 00415472 _____ () C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe
2014-12-15 13:53 - 2014-12-01 14:12 - 03309224 _____ () C:\Users\Steven\AppData\Local\ospd_us_502\upospd_us_502.exe
2015-01-02 19:10 - 2015-01-02 19:10 - 00723968 _____ () C:\Program Files (x86)\ver9SpeeditUp\m3SpeeditUpR61.exe
2015-01-02 19:10 - 2015-01-02 19:10 - 00745984 _____ () C:\Program Files (x86)\ver9SpeeditUp\SpeeditUp.exe
2014-01-24 03:24 - 2014-01-24 03:24 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-24 03:21 - 2014-01-24 03:21 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-24 03:27 - 2014-01-24 03:27 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-12-15 13:53 - 2014-12-01 14:12 - 03978408 _____ () C:\Program Files (x86)\ospd_us_502\ospd_us_502.exe
2015-03-18 14:17 - 2015-03-18 12:36 - 03978408 _____ () C:\Program Files (x86)\gmsd_us_335\gmsd_us_335.exe
2015-03-17 20:25 - 2014-11-25 12:43 - 00839264 _____ () C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
2015-03-17 20:26 - 2014-11-25 12:37 - 00012800 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-25 12:47 - 2014-11-25 12:47 - 01465880 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe
2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2015-03-25 23:18 - 2015-03-25 23:17 - 01457664 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2015-01-02 19:20 - 2015-03-25 23:34 - 00653040 _____ () C:\Program Files (x86)\PlumoWeb\bin\utilPlumoWeb.exe
2015-06-19 09:41 - 2015-06-19 09:41 - 01250848 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-07 14:33 - 2015-01-07 14:33 - 02801768 _____ () c:\Program Files (x86)\Super Optimizer\SupOptStats.dll
2013-08-19 17:16 - 2013-08-19 17:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 10:03 - 2013-08-16 10:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2015-03-25 23:27 - 2015-03-25 23:27 - 02300928 ____N () c:\Program Files (x86)\TrimModule\TrimModule.dll
2015-01-19 11:34 - 2015-01-08 17:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-19 11:34 - 2015-01-08 17:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-19 11:34 - 2015-01-08 17:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-19 11:34 - 2015-01-08 17:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Steven\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{575241CF-3084-4EBF-83E1-8F262A67033C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{2FA36D4C-6857-4872-A0AB-F53B7A3712E7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{2E8F305E-8FC0-4DCA-95E8-E30F67515E32}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe
FirewallRules: [{F7BC7978-4A17-4873-AFFA-DB1FB49622BF}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe
FirewallRules: [{0C8789EC-0D61-4787-98D8-412F7FE7171E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe
FirewallRules: [{001ECD05-8B16-4F80-A46D-456FB8FFCA0E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe
FirewallRules: [{263C3CCA-4876-416C-9573-A64DA351D526}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{30B0BEBE-5555-4456-97E6-BC0E4FE05831}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{902425AE-1F68-4642-8AA5-4798D774F8DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDA89818-1147-4FA0-8655-70B0F1150B99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D02744CC-C6A6-4B2F-8A4C-F1F3430C08D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F2B31906-DD6A-45A3-91FF-FE0E3A77208F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{12223DA3-0792-46D5-8D6A-36EFF3A47494}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{037906A0-EA0B-4353-8B10-388C0254F270}] => (Allow) LPort=1900
FirewallRules: [{4C85DDCB-8F3B-459E-8894-079FA992ABC1}] => (Allow) LPort=2869
FirewallRules: [{0C2C45C0-6122-4D6E-B66D-D1A6A4ACD5DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8F1B1719-F5D8-4A27-9224-FA3CAE292141}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5B1DB7A7-95F0-480E-B4F8-46A373CA3DCF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{052C8F58-1AD5-468D-801D-682CA31428AE}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F6546C95-C3D9-4032-AABC-71FC13075F0B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7CA40C74-EBB5-4E97-9983-86FF18A6EDC3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BB0CC4BB-D420-44DF-BA37-F4955215C8DF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DB88751D-7D5C-4C90-9B67-E9C2A1FE0E89}] => (Allow) C:\Users\Steven\AppData\Local\Temp\7zS4BF3\setup\hpznui40.exe
FirewallRules: [{779EB034-36B3-41D5-9472-48DAC116EEC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6E435D93-8988-4392-A77C-0EED1AC7EEFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BDB23F83-07AB-4AAD-9B41-31D9289262D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2565BBEC-BFA1-4EEC-A200-A7E5E73C67A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{536F86D3-9534-4B0F-B4AB-6234AE1069ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E7C44307-1F85-4138-8347-05CAE062FEFF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8F324733-88E1-461F-BD9C-A52075DC3F00}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1CF1181A-5F3F-4F09-A947-754DC287CF0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{374E8CF4-2C70-4252-A8BD-F5AAAA7578C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{A02B97A6-A3E9-46BD-8778-F7A657F15AA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{DC7EBCB7-451A-4F7D-A920-3E5202FAD676}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{5A790CA7-1C3B-409B-A5FA-9D0D1858725A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E0AED4FD-2CE9-4E2D-8978-E9E04E7DC4BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{B459941C-2571-4CFD-95DC-45C68FE1CC7C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{16D46B17-48DD-465C-B1D0-49F1AC9F08FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8C139760-9834-4F7F-BB6B-A3A6A1FA7D76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F6A4568E-1BB1-4508-B19F-1A5F06745987}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{80016529-16E1-4A3E-8C50-CB4B1350C1C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{596CE157-5EF2-4D69-801B-B6DCD0BFF12D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F7CA563D-362B-4DF9-A441-0890D0E85E5D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{26447B83-E8CF-4114-BF5E-966CCC93E2FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E49FDFCC-E894-482A-938F-F0007B515869}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C8192650-F243-4821-902C-72D5BC3BD974}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8F1BDCF8-9FF2-42D0-9AB2-8A40E936CF6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dizzel\ogpsteam.exe
FirewallRules: [{5BCD064C-3D66-46A8-9072-65539C09A37C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dizzel\ogpsteam.exe
FirewallRules: [{DC46ADD5-0440-4979-8EC1-82074BD9708F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dizzel\Dizzel.exe
FirewallRules: [{BBE40C8C-3DEB-42E9-8C5D-C35574A7A82F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dizzel\Dizzel.exe
FirewallRules: [{7BE339EB-F025-4C1B-A54E-E73B36AD4CBD}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{D8450692-AFA3-442B-AC87-19E283F83541}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{84F87C16-0BCF-48F9-A063-61CEA078F7CE}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{D07044C5-2331-46F3-846B-22A0C0A49D75}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{21C23915-829D-4703-B2AC-A5ED51ADEE90}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{138CB6DE-7BE4-4E45-8F0A-12A99F1EDD8A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5E81C0BD-5DDE-4972-91BB-DB0154D6A018}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{83BB662C-D399-4E2B-9F86-F90CD0D09C9E}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{075BCE33-C439-460C-8F7B-D917D8C7CAFE}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{2C410AB4-2008-4160-BB8E-036461B228EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/02/2015 09:27:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 151c
 
Start Time: 01d0cda3f9903fe8
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ed1c8d9f-3997-11e5-be91-40167e45bce7
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/02/2015 09:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c2ece8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x026afaa8
Faulting process id: 0x138c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (08/02/2015 08:57:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cac
 
Start Time: 01d0cd9fc8b66765
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: bc7e154c-3993-11e5-be91-40167e45bce7
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:31:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ce0
 
Start Time: 01d0678dc27f0895
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: b6bb6bbb-d381-11e4-be91-40167e45bce7
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:30:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dw20.exe version 2.0.50727.8007 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1aa8
 
Start Time: 01d0678c9c2dfb00
 
Termination Time: 366
 
Application Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
 
Report Id: 842ace01-d381-11e4-be91-40167e45bce7
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/25/2015 11:21:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1388
 
Start Time: 01d0678c553c40ca
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 48bfdc4d-d380-11e4-be91-40167e45bce7
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:15:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18fc
 
Start Time: 01d065be1b649053
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 8fdc7c04-d37f-11e4-be91-40167e45bce7
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:11:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/23/2015 04:06:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1730
 
Start Time: 01d065bd475d7236
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 3ae96c24-d1b1-11e4-be91-40167e45bce7
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/23/2015 03:42:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 129c
 
Start Time: 01d065b9f52ff5e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ea26754f-d1ad-11e4-be91-40167e45bce7
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (03/25/2015 11:11:51 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: Windows Media Player Network Sharing Service
 
Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.
 
You may have to restart the computer in safe mode before you can disable the service.
 
Error: (03/25/2015 11:11:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/23/2015 04:08:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/23/2015 04:07:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/23/2015 03:39:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/23/2015 03:39:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/23/2015 03:38:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/23/2015 03:38:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/22/2015 08:32:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (03/22/2015 08:32:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
 
Microsoft Office:
=========================
Error: (08/02/2015 09:27:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689151c01d0cda3f9903fe84294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeed1c8d9f-3997-11e5-be91-40167e45bce7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/02/2015 09:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c2ece8unknown0.0.0.000000000c0000005026afaa8138c01d0cda38b23819fC:\WINDOWS\SysWOW64\explorer.exeunknownd0326f45-3996-11e5-be91-40167e45bce7
 
Error: (08/02/2015 08:57:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689cac01d0cd9fc8b667654294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exebc7e154c-3993-11e5-be91-40167e45bce7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:31:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891ce001d0678dc27f08954294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeb6bb6bbb-d381-11e4-be91-40167e45bce7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:30:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dw20.exe2.0.50727.80071aa801d0678c9c2dfb00366C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe842ace01-d381-11e4-be91-40167e45bce7
 
Error: (03/25/2015 11:21:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689138801d0678c553c40ca4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe48bfdc4d-d380-11e4-be91-40167e45bce7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:15:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068918fc01d065be1b6490534294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe8fdc7c04-d37f-11e4-be91-40167e45bce7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/25/2015 11:11:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/23/2015 04:06:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689173001d065bd475d72364294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe3ae96c24-d1b1-11e4-be91-40167e45bce7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (03/23/2015 03:42:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689129c01d065b9f52ff5e04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeea26754f-d1ad-11e4-be91-40167e45bce7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2815 @ 1.86GHz
Percentage of memory in use: 48%
Total physical RAM: 3967 MB
Available physical RAM: 2060.99 MB
Total Virtual: 4671 MB
Available Virtual: 1680.04 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:151.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS
Drive f: (TravelDrive) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 57788C0B)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 246 MB) (Disk ID: 1EE4CCDC)
Partition 1: (Active) - (Size=246 MB) - (Type=0E)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, this is adware city... I may well have missed some elements first time around


Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

NEXT

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [upospd_us_502.exe] => C:\Users\Steven\AppData\Local\ospd_us_502\upospd_us_502.exe [3309224 2014-12-01] ()
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\...\Run: [GoogleChromeAutoLaunch_F24911D7A7038F5FFBF2DBF664E78DA0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\...\Run: [GoobzoYTAccelerator] => C:\Program Files (x86)\YT Accelerator\YTAccelerator.exe [2226120 2015-03-22] (GOOBZO)
AppInit_DLLs-x32: _c:\progra~2\search~1\search~1\bin\vc32lo~1.dll => "c:\progra~2\search~1\search~1\bin\vc32lo~1.dll" File not found
IFEO\b9eg190.exe: [Debugger] TaskList.exe
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\spyhunter.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajam.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk [2015-01-20]
ShortcutTarget: optimizerpro_soft_partner.lnk -> C:\ProgramData\{69c271f3-bb06-a1da-69c2-271f3bb0c7ce}\optimizerpro_soft_partner.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3622555047-1920436455-1886055571-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3622555047-1920436455-1886055571-1001] => http=127.0.0.1:52248;https=127.0.0.1:52248
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll [2015-02-22] (Goobzo Ltd.)
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll [2015-02-22] (Goobzo Ltd.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\ColorMedia64.dll [364024 2015-01-25] (Over the Rainbow Tech)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-22] (Pando Networks)
FF Plugin HKU\S-1-5-21-3622555047-1920436455-1886055571-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-22] (Pando Networks)
FF HKU\S-1-5-21-3622555047-1920436455-1886055571-1001\...\Firefox\Extensions: [[email protected]pete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi
CHR Extension: (No Name) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfghefomandejfcfhcindgbnfogdgjj [2015-03-18]
CHR Extension: (rocckkEtSale) - C:\ProgramData\maehejkckdfnooofanakidkmfjhmggob\ []
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-06-25] (BitRaider, LLC)
R2 SmdmFService; C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-01-22] (Aztec Media Inc) [File not signed]
R2 YTAcceleratorService; C:\Program Files (x86)\YT Accelerator\YTAcceleratorService.exe [1509320 2015-03-22] (GOOBZO)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-06-26] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-10-15] (BitRaider)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [X]
2015-08-02 21:13 - 2015-08-02 21:13 - 00000000 ____D C:\Users\Steven\AppData\Local\StormWatch
2015-08-02 21:14 - 2015-03-17 20:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2015-08-02 21:14 - 2015-02-20 09:26 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2015-08-02 21:14 - 2015-01-19 11:30 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-02 21:14 - 2015-01-19 11:25 - 00000000 ____D C:\Users\Steven\AppData\Roaming\Pro PC Cleaner
2015-08-02 21:14 - 2015-01-07 14:31 - 00000000 ____D C:\Program Files (x86)\WordProser_1.10.0.5
2015-08-02 21:14 - 2015-01-02 19:11 - 00000000 ____D C:\Program Files (x86)\ver9SpeeditUp
2015-08-02 21:14 - 2014-12-15 13:53 - 00000000 ____D C:\Users\Steven\AppData\Local\ospd_us_502
2015-08-02 21:13 - 2015-03-18 14:17 - 00000000 ____D C:\Program Files (x86)\gmsd_us_335
2015-08-02 21:13 - 2015-01-25 09:20 - 00000000 ____D C:\ProgramData\PicColor Utility
2015-08-02 21:13 - 2015-01-20 18:50 - 00000000 ____D C:\Users\Steven\AppData\Local\Linkey
2015-08-02 21:13 - 2015-01-19 11:24 - 00000000 ____D C:\Program Files (x86)\Search Extensions
2015-08-02 21:13 - 2015-01-19 11:23 - 00000000 ____D C:\ProgramData\{158BFD48-4509-2CCE-F48F-5C4C240D8FC2}
2015-08-02 21:13 - 2014-12-15 13:53 - 00000000 ____D C:\Program Files (x86)\ospd_us_502
2015-08-02 21:13 - 2014-12-15 13:52 - 00000000 ____D C:\ProgramData\KvnSqJfG
2015-08-02 21:12 - 2015-03-18 14:42 - 00000000 ____D C:\Program Files (x86)\89b89a7f-d3cc-4160-b0d3-0b7dde676f6a
2015-08-02 21:12 - 2015-03-18 14:41 - 00000000 ____D C:\Program Files (x86)\Lights Cinema 1.4betaV18.03
2015-08-02 21:12 - 2015-03-18 14:17 - 00000000 ____D C:\Users\Steven\AppData\Local\SmartWeb
2015-08-02 21:12 - 2015-02-20 09:19 - 00000000 ____D C:\Users\Steven\AppData\Roaming\ASPackage
2015-08-02 21:12 - 2015-02-20 09:07 - 00000000 ____D C:\Program Files (x86)\SheoPpErMassteri
2015-08-02 21:12 - 2015-02-20 03:48 - 00000000 ____D C:\Program Files (x86)\lowprriicEeS
2015-08-02 21:12 - 2015-02-15 20:43 - 00000000 ____D C:\ProgramData\cheap-o
2015-08-02 21:12 - 2015-01-25 09:21 - 00000000 ____D C:\ProgramData\2856d835a11a4d1790856bb4923c3dc2
2015-08-02 21:12 - 2015-01-20 20:35 - 00000000 ____D C:\ProgramData\{69c271f3-bb06-a1da-69c2-271f3bb0c7ce}
2015-08-02 21:12 - 2015-01-20 18:40 - 00000000 ____D C:\Users\Steven\AppData\Local\33c3f368-b94d-422a-a0a8-42ea7d6368be
2015-08-02 21:12 - 2015-01-19 11:30 - 00000000 ____D C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547
2015-08-02 21:12 - 2015-01-19 11:29 - 00000000 ____D C:\Program Files (x86)\Savepass 2.0
2015-08-02 21:12 - 2015-01-07 14:33 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-08-02 21:12 - 2015-01-02 19:11 - 00000000 ____D C:\Program Files (x86)\PlumoWeb
2015-08-02 21:12 - 2015-01-02 18:54 - 00000000 ____D C:\ProgramData\Browser
2015-08-02 21:12 - 2014-12-15 17:28 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-08-02 21:12 - 2014-12-15 13:53 - 00000000 ____D C:\Program Files (x86)\StormWatch
2015-08-02 21:12 - 2014-12-15 13:53 - 00000000 ____D C:\Program Files (x86)\Boost
2015-08-02 21:12 - 2014-12-15 13:51 - 00000000 ____D C:\ProgramData\WebGuard
2015-08-02 21:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-02 20:41 - 2015-03-18 15:41 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-02 20:25 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\servicing
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Steven\AppData\Roaming\PVYJW
2014-06-25 16:44 - 2015-03-23 15:37 - 0000074 _____ () C:\Users\Steven\AppData\Roaming\sp_data.sys
Task: {001F853A-35CF-48DD-BD82-7B524B975644} - System32\Tasks\RunTool => C:\Users\Steven\AppData\Local\33c3f368-b94d-422a-a0a8-42ea7d6368be\sysad.exe <==== ATTENTION
Task: {10D114C8-BD94-4B20-991B-3FFB5F368EBD} - System32\Tasks\NXDJQC => C:\ProgramData\2856d835a11a4d1790856bb4923c3dc2\2856d835a11a4d1790856bb4923c3dc2.exe <==== ATTENTION
Task: {29A9705C-1CB4-4D27-BFB7-F78F0FB5FC0A} - \RocketTab No Task File <==== ATTENTION
Task: {43C61A7C-321E-4FB5-B046-741F5E27FE90} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {45EDA508-E505-4FDF-902E-64A7AC9E6DD7} - System32\Tasks\PVYJW => C:\Users\Steven\AppData\Roaming\PVYJW.exe <==== ATTENTION
Task: {4FCD5E49-00BD-4A1E-B9C2-6AE099FB4FAF} - \Super Optimizer Schedule No Task File <==== ATTENTION
Task: {8F95AD7F-98EA-4F76-8422-E5F518041DC4} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe [2015-02-22] (Goobzo LTD) <==== ATTENTION
Task: {A97F7D6A-E644-4876-BE96-2B9F8D9029EC} - System32\Tasks\YTAUpdate => C:\Program Files (x86)\YT Accelerator\Updater.exe [2015-03-22] (Goobzo) <==== ATTENTION
Task: {C86FB809-6A77-4EC9-875A-8F41CA602E97} - \SMWPUpd No Task File <==== ATTENTION
Task: {D98D5DE2-C783-40A1-81CE-7B2A405AA762} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {DA7D1A85-8D84-4EEC-8597-08B60CE9A7BF} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {DC5373A5-6AC7-47D8-8568-CEE1EECC41F1} - System32\Tasks\YTAUpdate_logon => C:\Program Files (x86)\YT Accelerator\Updater.exe [2015-03-22] (Goobzo) <==== ATTENTION
Task: {E85F1045-AE8D-412E-AD32-3023BD650CEF} - System32\Tasks\{643789A8-B9CE-4C9E-8297-A93E01D19ED6} => pcalua.exe -a C:\Users\Steven\Downloads\SWTOR_setup.exe -d C:\Users\Steven\Downloads
Task: C:\WINDOWS\Tasks\PVYJW.job => C:\Users\Steven\AppData\Roaming\PVYJW.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
C:\ProgramData\BitRaider
C:\Users\Steven\AppData\Roaming\PVYJW.exe
C:\ProgramData\YTAHelper
C:\ProgramData\PicColor Utility
C:\Windows\Temp\{10DA66CC-0B51-49F3-8302-EA4BD1C13A46}
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Search Extensions
C:\ProgramData\{69c271f3-bb06-a1da-69c2-271f3bb0c7ce}
C:\Users\Steven\AppData\Local\SmartWeb
C:\Program Files (x86)\gmsd_us_335
C:\Users\Steven\AppData\Local\Linkey
C:\Program Files (x86)\Boost
C:\Program Files (x86)\Lights Cinema 1.4betaV18.03
C:\Program Files (x86)\ver9SpeeditUp
C:\Program Files (x86)\Savepass 2.0
C:\Users\Steven\AppData\Local\ospd_us_502
C:\ProgramData\KvnSqJfG
C:\Program Files (x86)\YT Accelerator
C:\Program Files (x86)\WordProser_1.10.0.5
C:\Program Files (x86)\PlumoWeb
C:\Program Files (x86)\StormWatch
C:\Program Files\Common Files\Goobzo
C:\Program Files (x86)\Assets Manager
C:\Users\Steven\AppData\Roaming\ASPackage
C:\Program Files (x86)\MyPC Backup
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP