Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Norton "high outbound traffic detected"

Started by mcooley , Sep 05 2015 12:10 PM

  • This topic is locked This topic is locked

#1
mcooley
Posted 05 September 2015 - 12:10 PM

mcooley

    Member

  • Member
  • PipPip
  • 16 posts

I keep getting a pop-up that asks me to run a new Norton program. After I run it & check the box not to show me this again, it keeps popping up. I did a full scan using Norton and it found nothing. After searching this topic I was directed here. Is this a malware program? I ran the FRST already & this was listed as the next step. Thanks

 


  • 0

Advertisements

#2
zep516
Posted 05 September 2015 - 02:00 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I need the log reports generated by running FRST. Those log reports are as follows and should be on the desktop, or in the downloads folder depending on where FRST is located.
1. FRST.txt
2. Additions.txt

Please post them both to your next reply so I can review them.

Thanks
Joe :)
  • 0

#3
mcooley
Posted 06 September 2015 - 12:10 PM

mcooley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I've attached the files you requested:

 

Thanks!!

 

 

Attached File  Addition.txt   40.91KB   208 downloadsAttached File  FRST.txt   33.35KB   183 downloads

 

 


  • 0

#4
zep516
Posted 06 September 2015 - 12:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

I'm going to post them into the forum, it's quite a bit easier for me that way.... I'll be with shortly with instructions.

FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by michelle cooley (administrator) on COOLEYMOM-PC (06-09-2015 10:33:55)
Running from C:\Users\michelle cooley\Downloads
Loaded Profiles: michelle cooley (Available Profiles: michelle cooley)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
Failed to access process -> iexplore.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WMIC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\symerr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [Facebook Update] => C:\Users\michelle cooley\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-01] (Facebook Inc.)
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-23] (CyberLink Corp.)
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53760128 2015-07-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\Run: [BingSvc] => C:\Users\michelle cooley\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C8D092D-2076-4941-AA25-9A010E225259}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{762172ED-54F6-4A92-B1E4-7A81D39543D9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1344420199-33566695-4287825354-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-06-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1344420199-33566695-4287825354-1002: @nsroblox.roblox.com/launcher -> C:\Users\michelle cooley\AppData\Local\Roblox\Versions\version-1fc13f51ea764eb7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1344420199-33566695-4287825354-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\michelle cooley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1344420199-33566695-4287825354-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\michelle cooley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-05]

Chrome:
=======
CHR Profile: C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-18]
CHR Extension: (Google Drive) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-18]
CHR Extension: (YouTube) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-18]
CHR Extension: (Google Search) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-18]
CHR Extension: (Google Sheets) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-18]
CHR Extension: (Norton Identity Safe) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-18]
CHR Extension: (Gmail) - C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-18]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-06-13] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [368640 2014-08-13] (Verizon) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-09-05] (Enigma Software Group USA, LLC.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 0109631412269381mcinstcleanup; C:\Users\MICHEL~1\AppData\Local\Temp\010963~1.EXE -cleanup -nolog [X]
S2 Winmgmt; C:\PROGRA~3\575A75D2E.zot [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-27] (Symantec Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-09-05] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-09-05] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150904.003\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150905.002\ENG64.SYS [138488 2015-08-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150905.002\EX64.SYS [2146040 2015-08-24] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 21:49 - 2015-09-05 22:13 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\michelle cooley\Downloads\tdsskiller.exe
2015-09-05 18:14 - 2015-09-05 18:14 - 00000000 _____ C:\autoexec.bat
2015-09-05 18:13 - 2015-09-05 18:13 - 00003374 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-09-05 18:13 - 2015-09-05 18:13 - 00001110 _____ C:\Users\michelle cooley\Desktop\SpyHunter.lnk
2015-09-05 18:13 - 2015-09-05 18:13 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-09-05 18:13 - 2015-09-05 18:13 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Enigma Software Group
2015-09-05 18:12 - 2015-09-05 18:13 - 00000000 ____D C:\sh4ldr
2015-09-05 18:08 - 2015-09-05 18:08 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-09-05 18:07 - 2015-09-05 18:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-09-05 18:06 - 2015-09-05 18:06 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\michelle cooley\Downloads\SpyHunter-Installer.exe
2015-09-05 11:51 - 2015-09-05 12:20 - 00041889 _____ C:\Users\michelle cooley\Downloads\Addition.txt
2015-09-05 11:43 - 2015-09-06 10:33 - 00024041 _____ C:\Users\michelle cooley\Downloads\FRST.txt
2015-09-05 11:41 - 2015-09-06 10:34 - 00000000 ____D C:\FRST
2015-09-05 11:31 - 2015-09-05 11:31 - 02188800 _____ (Farbar) C:\Users\michelle cooley\Downloads\FRST64.exe
2015-09-05 08:01 - 2015-09-05 08:01 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Sun
2015-09-05 08:00 - 2015-09-05 08:00 - 00000000 ____D C:\Users\michelle cooley\.oracle_jre_usage
2015-09-05 08:00 - 2015-09-05 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-05 08:00 - 2015-09-05 07:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-05 07:58 - 2015-09-05 07:58 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-05 06:33 - 2015-09-05 10:49 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\NPE
2015-09-05 06:32 - 2015-09-05 06:32 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-08-30 17:29 - 2015-08-30 17:29 - 01546150 _____ C:\Users\michelle cooley\Downloads\C3.pptx
2015-08-24 08:43 - 2015-08-24 08:43 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-08-24 07:52 - 2015-08-24 07:52 - 01767936 _____ C:\Users\michelle cooley\Downloads\Toyota_Case_Example_Adjusted_102014.ppt
2015-08-23 11:08 - 2015-08-23 11:08 - 00044032 _____ C:\Users\michelle cooley\Downloads\OM540_Week_07_Standard Normal Loss Function.xls
2015-08-22 07:22 - 2015-08-22 07:24 - 12768084 _____ C:\Users\michelle cooley\Downloads\chopra_scm6_inppt_05.pptx
2015-08-22 07:14 - 2015-08-22 07:14 - 00028160 _____ C:\Users\michelle cooley\Downloads\3_2015__OM_540_Week_04_DryIce_Solution (1).xls
2015-08-19 11:12 - 2015-08-19 11:12 - 00139279 _____ C:\Users\michelle cooley\Downloads\OM540_Week_08_New_Skycell_Solution.xlsx
2015-08-18 14:30 - 2015-09-02 07:32 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-18 14:30 - 2015-08-18 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-18 14:19 - 2015-09-06 10:29 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 14:19 - 2015-08-30 14:24 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-18 14:19 - 2015-08-30 14:24 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-18 14:19 - 2015-08-30 14:24 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 14:19 - 2015-08-18 14:30 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Google
2015-08-18 14:19 - 2015-08-18 14:29 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-18 14:18 - 2015-08-18 14:19 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Deployment
2015-08-18 14:18 - 2015-08-18 14:18 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Apps\2.0
2015-08-18 07:41 - 2015-08-18 07:41 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\CEF
2015-08-18 07:35 - 2015-08-18 19:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-18 07:35 - 2015-08-18 07:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-08-18 07:35 - 2015-08-18 07:35 - 00002074 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-08-18 07:34 - 2015-08-18 07:41 - 00000000 ____D C:\ProgramData\Adobe
2015-08-18 07:34 - 2015-08-18 07:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-18 07:24 - 2015-08-18 07:41 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Adobe
2015-08-18 02:59 - 2015-08-18 02:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-08-08 08:12 - 2015-08-08 08:13 - 00037888 _____ C:\Users\michelle cooley\Downloads\2_13_Worksheet_for_Practice_Exercise_II.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 10:21 - 2014-08-01 01:15 - 00000994 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002UA.job
2015-09-06 10:02 - 2014-07-28 02:23 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1344420199-33566695-4287825354-1002
2015-09-06 10:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-06 09:29 - 2014-07-28 02:17 - 01543250 _____ C:\Windows\WindowsUpdate.log
2015-09-06 07:40 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-06 07:26 - 2014-10-02 16:52 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\CrashDumps
2015-09-06 07:13 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-09-06 07:10 - 2014-07-28 02:19 - 00000000 ____D C:\Users\michelle cooley\Documents\Youcam
2015-09-06 07:09 - 2015-07-28 16:15 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Skype
2015-09-06 07:09 - 2014-10-28 21:24 - 00000000 ____D C:\Users\michelle cooley\OneDrive
2015-09-06 01:20 - 2014-08-01 01:15 - 00000972 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002Core.job
2015-09-05 22:37 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 22:36 - 2013-08-26 02:01 - 00383036 _____ C:\Windows\PFRO.log
2015-09-05 22:36 - 2013-08-22 10:46 - 00039043 _____ C:\Windows\setupact.log
2015-09-05 22:35 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-05 22:04 - 2014-07-28 02:18 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F6523E0-8969-488A-9E8E-3F76D0793576}
2015-09-05 10:55 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-05 08:43 - 2014-07-28 02:17 - 00000000 ____D C:\Users\michelle cooley\AppData\Local\Packages
2015-09-05 08:02 - 2014-09-01 11:16 - 00000000 ____D C:\ProgramData\Oracle
2015-09-05 08:00 - 2014-07-28 02:17 - 00000000 ____D C:\Users\michelle cooley
2015-09-05 07:15 - 2014-10-02 13:11 - 00000000 ____D C:\ProgramData\Norton
2015-09-02 15:55 - 2014-07-28 12:22 - 00000000 ____D C:\Users\michelle cooley\Documents\Post Notes III
2015-08-29 07:23 - 2014-07-28 13:44 - 00000253 _____ C:\Users\michelle cooley\Desktop\Engage.url
2015-08-25 07:57 - 2014-07-28 10:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-25 07:36 - 2015-05-16 12:08 - 00005030 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for COOLEYMOM-PC-michelle cooley cooleymom-pc
2015-08-24 08:37 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-18 07:40 - 2014-07-28 02:18 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Adobe
2015-08-18 02:59 - 2014-10-02 13:12 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-08-18 02:59 - 2014-10-02 13:12 - 00002264 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-08-18 02:59 - 2014-10-02 13:11 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-08-18 01:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-18 01:26 - 2015-07-31 06:41 - 00000000 ____D C:\Windows\System32\Tasks\Remediation

==================== Files in the root of some directories =======

2014-10-04 15:53 - 2015-06-04 22:34 - 0005632 _____ () C:\Users\michelle cooley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-03 17:21 - 2014-12-03 17:21 - 0103749 _____ () C:\Users\michelle cooley\AppData\Local\VZWifiIcon.ico
2015-03-17 19:51 - 2015-03-17 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\michelle cooley\MetricCollection.dll


Some files in TEMP:
====================
C:\Users\michelle cooley\AppData\Local\Temp\Extract.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-29 09:46

==================== End of FRST.txt ============================

Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by michelle cooley (2015-09-05 11:51:27)
Running from C:\Users\michelle cooley\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1344420199-33566695-4287825354-500 - Administrator - Disabled)
Guest (S-1-5-21-1344420199-33566695-4287825354-501 - Limited - Disabled)
michelle cooley (S-1-5-21-1344420199-33566695-4287825354-1002 - Administrator - Enabled) => C:\Users\michelle cooley

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{05D12146-31FA-CB4C-C780-8E450FCC5F2E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (x32 Version: 1.2.2.0 - Minitab, Inc.) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM-x32\...\{270235CC-405E-4F9E-B8CF-A937CA0DA4A0}) (Version: 2.0.64 - Verizon)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minitab 17 (HKLM-x32\...\Minitab17) (Version: 17.2.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.2.0.0 - Minitab, Inc.)
Minitab17 (x32 Version: 17.2.1.0 - Minitab Inc) Hidden
Minitab17 (x32 Version: 17.2.1.0 - Minitab, Inc.) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
SoftwareManager (x32 Version: 1.2.0.0 - Minitab, Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.67.0 - Verizon)
VzDownloadManager (HKU\S-1-5-21-1344420199-33566695-4287825354-1002\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ieapfltr.dll ( froosMtiinrooCtopcar) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\michelle cooley\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\michelle cooley\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\michelle cooley\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\michelle cooley\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C092315-E856-4ACE-A771-36F157EF3E2E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002UA => C:\Users\michelle cooley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-01] (Facebook Inc.)
Task: {11267CE6-43CC-4C95-A9BC-7886082AA80F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {159CE19C-FB74-4862-B8B1-D539F44DB37C} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2015-02-25] (Minitab)
Task: {1B42397A-4857-41FE-BCB4-C0FA15BD3919} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {23EA8827-5A7F-4CA8-A6BA-BF1E6D7A260E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN14Q11057 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {2D14AB08-AD9D-4ADD-84A3-908C3BBB16C3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002Core => C:\Users\michelle cooley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-01] (Facebook Inc.)
Task: {2F947AA4-0AE2-4659-BF28-C62E77986261} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {393C5EB1-FC83-4D44-92CC-A2E330E021DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {3ABE54BA-D67B-4B25-98AD-565BF0755CC7} - System32\Tasks\Microsoft Office 15 Sync Maintenance for COOLEYMOM-PC-michelle cooley cooleymom-pc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {46E789CA-6F10-4707-ACE9-CEF95AF78726} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {5072C08F-13DB-409A-A6DA-655EF6F16D38} - System32\Tasks\{992AAAB8-FFAD-4952-ABD6-D9EA6E64E890} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\Setup\Setup.exe" -c /p SoftwareManager /x
Task: {65D2040D-754B-447E-8D93-A30DEA2F386D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {740C3804-E2EF-424E-8CBD-4A569C546935} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {84D154DB-0967-423D-9562-DA5CECC4C162} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {8FFA8E31-757B-4713-BDBB-EA7577D2D030} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {A9E2CB50-529E-4CE1-BA43-FDB33E6C3596} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {AB6380D5-8300-414D-B078-C643335027C7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {AE55A6CE-0A1F-4FC4-9EB2-A1104324E8CF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {BA739D3A-C504-42D5-9FD2-489D7E4ADE25} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {D20C9F23-535E-42DB-B966-3813BCE1EA2F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA1C47ED-81BF-4C1F-9A8F-97442BB2B0FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN516EX39G => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002Core.job => C:\Users\michelle cooley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1344420199-33566695-4287825354-1002UA.job => C:\Users\michelle cooley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-08-19 16:47 - 2013-08-19 16:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-10 09:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 19:53 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-13 16:46 - 2014-07-23 23:03 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-01-13 16:46 - 2014-04-17 02:35 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2015-01-13 16:46 - 2014-07-23 23:03 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\michelle cooley\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1344420199-33566695-4287825354-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\michelle cooley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A992A13F-3422-43F7-904D-ABF794EDED2D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FE3D4655-FABC-427A-A463-A073D0636888}] => (Allow) LPort=2869
FirewallRules: [{CD02FAA6-18F0-444F-BA24-F1E627044DB8}] => (Allow) LPort=1900
FirewallRules: [{B272E049-AB0D-46D7-BD1E-0D445631900D}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{1F721E72-4B6D-4F75-9CFF-C40C946A3ABD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{32A043B5-CD33-4798-8F62-24220613845C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{AA4749F9-0BA0-484F-B71E-72F0B66708A8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{F1A3CBA8-D80E-4843-84BB-95BECF2D607D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{83ADD45D-ABC0-4EFB-A9D3-35893E0CBF97}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{9752CE11-2214-4173-9BE9-73B12A67182B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8770CA2-BB87-4BCE-A04F-CE66486DFDE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C422932E-6EAB-446B-8CED-183E7E5927EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{13F9ED96-D8FB-49EF-BB9D-6693297816FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25082DBE-8ED9-4971-9FE1-D0F48F1F854F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{580793A0-021A-46EA-9A57-AD04719573D2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FC9C062E-7903-430B-A4A4-1B705E89A82A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{079328B4-89DE-482E-9507-28D681ABEC1A}] => (Allow) C:\Users\michelle cooley\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7E73DC06-0488-4641-A105-E69943F6B418}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C39685CF-DF32-43AC-BFD9-7D2F2FCB91ED}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{12C89AEC-D24A-4B91-B943-C5875CC65806}] => (Allow) C:\Users\michelle cooley\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{4E90C8C2-D8BF-4485-B7CB-F752B5C044C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{071593F6-79D1-4696-8D00-1EF0B554003E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{E69FF252-AC69-4779-9A1C-4D9C43CACC01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{9EF97DC2-DDE8-4D3C-90E4-D12AA5917BE6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{B77BCA3C-8196-416D-A0D0-E544A7EC53D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{94C3F7DA-68F2-4A35-9795-2FCBEA46BBDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F56571B0-5B87-4158-9A49-21914F090F2C}] => (Allow) LPort=50000
FirewallRules: [{4F268503-5340-4413-8527-F7DDE60B2406}] => (Allow) LPort=50000
FirewallRules: [{CEDA0F4E-21F5-44E8-9E43-A1CE45A9F4D5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E311C090-6D14-4D8D-8F22-DED1A99A446D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{6A9BB6BB-3C8B-483B-9782-A8ECEE060398}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{C0F64183-096E-442D-892B-B102B0E8DA41}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{C48F02FA-1D3E-49DE-962A-D863BD79038B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{DEAC5A30-A99B-4DD8-AD1B-F956E1E79CC3}] => (Allow) LPort=5357
FirewallRules: [{94DC4253-64F2-48E7-9B7A-E49D62ABA484}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8BADA373-BDB0-4B87-8776-69EDCA12EEBF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3A0AC20D-7311-4F59-B99A-C18BF4738B36}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2015 12:02:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 173c

Start Time: 01d0e7ed8773c308

Termination Time: 1421

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 73f2f5f2-53e7-11e5-82a2-a02bb853ad99

Faulting package full name:

Faulting package-relative application ID:

Error: (09/05/2015 11:56:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1970

Start Time: 01d0e7ebdab5b391

Termination Time: 5954

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a81f31f0-53e6-11e5-82a2-a02bb853ad99

Faulting package full name:

Faulting package-relative application ID:

Error: (09/05/2015 11:45:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c94

Start Time: 01d0e7f10f4eb341

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 02455a74-53e5-11e5-82a2-a02bb853ad99

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 11:27:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ccc

Start Time: 01d0e7ec8281af6f

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 936d87ce-53e2-11e5-82a2-a02bb853ad99

Faulting package full name:

Faulting package-relative application ID:

Error: (09/05/2015 11:15:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c34

Start Time: 01d0e7ecdb9b20b6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: cf5efa95-53e0-11e5-82a2-a02bb853ad99

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 11:14:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e10

Start Time: 01d0e7ecc3d4779a

Termination Time: 92

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: b36bae96-53e0-11e5-82a2-a02bb853ad99

Faulting package full name:

Faulting package-relative application ID:

Error: (09/05/2015 11:06:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 1.1.4.0, time stamp: 0x53328331
Faulting module name: HPMSGSVC.exe, version: 1.1.4.0, time stamp: 0x53328331
Exception code: 0xc0000005
Fault offset: 0x00002469
Faulting process id: 0x1258
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3
Faulting package full name: HPMSGSVC.exe4
Faulting package-relative application ID: HPMSGSVC.exe5

Error: (09/05/2015 09:14:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 479c

Start Time: 01d0e7dc1348de4c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 0c80bb2e-53d0-11e5-82a1-a02bb853ad99

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 08:44:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5798

Start Time: 01d0e7d7e372bf4b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d56d541c-53cb-11e5-82a1-a02bb853ad99

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 07:44:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20dc

Start Time: 01d0e7cf804b6477

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 73c86c19-53c3-11e5-82a1-a02bb853ad99

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (09/05/2015 12:18:16 PM) (Source: DCOM) (EventID: 10010) (User: COOLEYMOM-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (09/05/2015 12:16:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (09/05/2015 12:11:35 PM) (Source: DCOM) (EventID: 10010) (User: COOLEYMOM-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (09/05/2015 12:09:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (09/05/2015 12:08:13 PM) (Source: DCOM) (EventID: 10010) (User: COOLEYMOM-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (09/05/2015 12:06:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (09/05/2015 12:06:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (09/05/2015 12:04:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (09/05/2015 12:04:13 PM) (Source: DCOM) (EventID: 10010) (User: COOLEYMOM-PC)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (09/05/2015 12:02:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126


Microsoft Office:
=========================
Error: (09/05/2015 12:02:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416173c01d0e7ed8773c3081421C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE73f2f5f2-53e7-11e5-82a2-a02bb853ad99

Error: (09/05/2015 11:56:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416197001d0e7ebdab5b3915954C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa81f31f0-53e6-11e5-82a2-a02bb853ad99

Error: (09/05/2015 11:45:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111c9401d0e7f10f4eb3414294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe02455a74-53e5-11e5-82a2-a02bb853ad99microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 11:27:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174161ccc01d0e7ec8281af6f0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE936d87ce-53e2-11e5-82a2-a02bb853ad99

Error: (09/05/2015 11:15:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111c3401d0e7ecdb9b20b64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.execf5efa95-53e0-11e5-82a2-a02bb853ad99microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 11:14:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174161e1001d0e7ecc3d4779a92C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb36bae96-53e0-11e5-82a2-a02bb853ad99

Error: (09/05/2015 11:06:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPMSGSVC.exe1.1.4.053328331HPMSGSVC.exe1.1.4.053328331c000000500002469125801d0e7eb00a0f51dC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exea36882ee-53df-11e5-82a2-a02bb853ad99

Error: (09/05/2015 09:14:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911479c01d0e7dc1348de4c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe0c80bb2e-53d0-11e5-82a1-a02bb853ad99microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 08:44:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911579801d0e7d7e372bf4b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exed56d541c-53cb-11e5-82a1-a02bb853ad99microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/05/2015 07:44:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2091120dc01d0e7cf804b64774294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe73c86c19-53c3-11e5-82a1-a02bb853ad99microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity:
===================================
Date: 2015-09-05 06:35:39.169
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ieapfltr.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 75%
Total physical RAM: 3270.26 MB
Available physical RAM: 802.64 MB
Total Virtual: 6393.65 MB
Available Virtual: 1773.48 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:677.51 GB) (Free:619.72 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.35 GB) (Free:2.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 429EAAF4)

Partition: GPT.

==================== End of Addition.txt ============================
  • 0

#5
zep516
Posted 06 September 2015 - 01:46 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Remember you have FRST running from--> C:\Users\michelle cooley\Downloads. So make sure you save the fixlist to the your downloads folder. Then in the downloads folder find FRST, Right click on it, choose "Run as administrator" then click the fixbutton, it will make a log called Fixlog.txt that will also be found in your downloads folder.

Here we go
A few items to fix using FRST
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1344420199-33566695-4287825354-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
2015-09-05 18:12 - 2015-09-05 18:13 - 00000000 ____D C:\sh4ldr
2015-09-05 18:13 - 2015-09-05 18:13 - 00003374 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-09-05 18:13 - 2015-09-05 18:13 - 00001110 _____ C:\Users\michelle cooley\Desktop\SpyHunter.lnk
2015-09-05 18:13 - 2015-09-05 18:13 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
C:\Users\michelle cooley\MetricCollection.dll
CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ieapfltr.dll ( froosMtiinrooCtopcar) <==== ATTENTION
C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\michelle cooley\OneDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Program Files\Enigma Software Group\SpyHunter
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-09-05] (Enigma Software Group USA, LLC.)
S2 0109631412269381mcinstcleanup; C:\Users\MICHEL~1\AppData\Local\Temp\010963~1.EXE -cleanup -nolog [X]
S2 Winmgmt; C:\PROGRA~3\575A75D2E.zot [X]
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-09-05] (Enigma Software Group USA, LLC.)
FirewallRules: [{7E73DC06-0488-4641-A105-E69943F6B418}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C39685CF-DF32-43AC-BFD9-7D2F2FCB91ED}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{25082DBE-8ED9-4971-9FE1-D0F48F1F854F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{580793A0-021A-46EA-9A57-AD04719573D2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\mcafee
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Downloads folder(Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log in your downloads folder (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
 

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "C"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log






  • 0

#6
mcooley
Posted 07 September 2015 - 07:00 AM

mcooley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Here are the logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by michelle cooley on Mon 09/07/2015 at  7:35:52.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\coupons
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coupons

 

~~~ Chrome

[C:\Users\michelle cooley\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\michelle cooley\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\michelle cooley\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\michelle cooley\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/07/2015 at  8:40:08.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix result of Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by michelle cooley (2015-09-06 17:15:28) Run:1
Running from C:\Users\michelle cooley\Downloads
Loaded Profiles: michelle cooley (Available Profiles: michelle cooley)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1344420199-33566695-4287825354-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
2015-09-05 18:12 - 2015-09-05 18:13 - 00000000 ____D C:\sh4ldr
2015-09-05 18:13 - 2015-09-05 18:13 - 00003374 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-09-05 18:13 - 2015-09-05 18:13 - 00001110 _____ C:\Users\michelle cooley\Desktop\SpyHunter.lnk
2015-09-05 18:13 - 2015-09-05 18:13 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
C:\Users\michelle cooley\MetricCollection.dll
CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ieapfltr.dll ( froosMtiinrooCtopcar) <==== ATTENTION
C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\michelle cooley\OneDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Program Files\Enigma Software Group\SpyHunter
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-09-05] (Enigma Software Group USA, LLC.)
S2 0109631412269381mcinstcleanup; C:\Users\MICHEL~1\AppData\Local\Temp\010963~1.EXE -cleanup -nolog [X]
S2 Winmgmt; C:\PROGRA~3\575A75D2E.zot [X]
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-09-05] (Enigma Software Group USA, LLC.)
FirewallRules: [{7E73DC06-0488-4641-A105-E69943F6B418}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C39685CF-DF32-43AC-BFD9-7D2F2FCB91ED}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{25082DBE-8ED9-4971-9FE1-D0F48F1F854F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{580793A0-021A-46EA-9A57-AD04719573D2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\mcafee
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

# AdwCleaner v5.006 - Logfile created 06/09/2015 at 18:05:10
# Updated 06/09/2015 by Xplode
# Database : 2015-08-31.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : michelle cooley - COOLEYMOM-PC
# Running from : C:\Users\michelle cooley\AppData\Local\Microsoft\Windows\INetCache\IE\JST8IUHH\adwcleaner_5.006.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CouponPrinterService

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.9

***** [ Web browsers ] *****

[C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\michelle cooley\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1278 bytes] ##########

 

 

 

# AdwCleaner v5.006 - Logfile created 06/09/2015 at 18:42:08
# Updated 06/09/2015 by Xplode
# Database : 2015-08-31.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : michelle cooley - COOLEYMOM-PC
# Running from : C:\Users\michelle cooley\AppData\Local\Microsoft\Windows\INetCache\IE\JST8IUHH\adwcleaner_5.006.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[x] Service Not Deleted : CouponPrinterService

***** [ Folders ] *****

[x] Folder Not Deleted : C:\Program Files (x86)\Coupons
[x] Folder Not Deleted : C:\Program Files (x86)\Coupons
[x] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[x] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

 


  • 0

#7
zep516
Posted 07 September 2015 - 09:35 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
How is the computer ?

Some of the Fixlog.txt is missing. Could you re-post it. Should be in the downloads folder.
Joe
  • 0

#8
mcooley
Posted 07 September 2015 - 10:15 AM

mcooley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi Joe -

The computer is still extremely slow, often "not responding" the pop-ups are still occurring. Here's the fixlog again:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by michelle cooley (2015-09-06 17:15:28) Run:1
Running from C:\Users\michelle cooley\Downloads
Loaded Profiles: michelle cooley (Available Profiles: michelle cooley)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1344420199-33566695-4287825354-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1344420199-33566695-4287825354-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
2015-09-05 18:12 - 2015-09-05 18:13 - 00000000 ____D C:\sh4ldr
2015-09-05 18:13 - 2015-09-05 18:13 - 00003374 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-09-05 18:13 - 2015-09-05 18:13 - 00001110 _____ C:\Users\michelle cooley\Desktop\SpyHunter.lnk
2015-09-05 18:13 - 2015-09-05 18:13 - 00000000 ____D C:\Users\michelle cooley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
C:\Users\michelle cooley\MetricCollection.dll
CustomCLSID: HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ieapfltr.dll ( froosMtiinrooCtopcar) <==== ATTENTION
C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\michelle cooley\OneDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Program Files\Enigma Software Group\SpyHunter
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-09-05] (Enigma Software Group USA, LLC.)
S2 0109631412269381mcinstcleanup; C:\Users\MICHEL~1\AppData\Local\Temp\010963~1.EXE -cleanup -nolog [X]
S2 Winmgmt; C:\PROGRA~3\575A75D2E.zot [X]
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-09-05] (Enigma Software Group USA, LLC.)
FirewallRules: [{7E73DC06-0488-4641-A105-E69943F6B418}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C39685CF-DF32-43AC-BFD9-7D2F2FCB91ED}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{25082DBE-8ED9-4971-9FE1-D0F48F1F854F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{580793A0-021A-46EA-9A57-AD04719573D2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\mcafee
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.


  • 0

#9
zep516
Posted 07 September 2015 - 10:31 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,
See at the very end of the log you posted

Emptytemp:
*****************
Processes closed successfully.

There should be more data below the stars it will actually show the files being moved, processes closed successfully is the first thing it did, it should show more data then that. If we can't find it or it's not present we will run the fix again.
  • 0

#10
mcooley
Posted 07 September 2015 - 11:10 AM

mcooley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

That's all that is in the log. Should I redo the fix steps or do you have other instructions for me?

- Michelle


  • 0

Advertisements

#11
zep516
Posted 07 September 2015 - 11:16 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,
 
I'm having problems myself with my computer :)
 
Lets skip FRST for now and run a Malwarebytes scan...
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#12
mcooley
Posted 07 September 2015 - 01:25 PM

mcooley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi Joe -

 

So far, so good. Performance & speed have improved and no pop-ups yet. Here's the log:

 

- Michelle

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/7/2015
Scan Time: 2:05 PM
Logfile: mbamlog9.7.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.07.03
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: michelle cooley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366340
Time Elapsed: 1 hr, 4 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Bedep.64, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 5060, Delete-on-Reboot, [c54ad5587f0c989e7dcff1d49b6605fb]

Modules: 0
(No malicious items detected)

Registry Keys: 3
Trojan.Bedep.64, HKLM\SOFTWARE\CLASSES\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}, Delete-on-Reboot, [c54ad5587f0c989e7dcff1d49b6605fb],
Trojan.Bedep.64, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [c54ad5587f0c989e7dcff1d49b6605fb],
Trojan.Bedep.64, HKU\S-1-5-21-1344420199-33566695-4287825354-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}, Delete-on-Reboot, [c54ad5587f0c989e7dcff1d49b6605fb],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Hijack.WMI, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT\PARAMETERS|ServiceDll, C:\PROGRA~3\575A75D2E.zot, Good: (%SystemRoot%\system32\wbem\WMIsvc.dll), Bad: (C:\PROGRA~3\575A75D2E.zot),Replaced,[4dc2c568eaa1f244a3ca0f4abe47b050]

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Bedep.64, C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ieapfltr.dll, Delete-on-Reboot, [c54ad5587f0c989e7dcff1d49b6605fb],
Trojan.Bedep.64, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Delete-on-Reboot, [c54ad5587f0c989e7dcff1d49b6605fb],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#13
zep516
Posted 07 September 2015 - 01:34 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Stick with me

Clean out your temporary internet files and temp files.

Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Let me know what that is done
  • 0

#14
mcooley
Posted 07 September 2015 - 02:11 PM

mcooley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi Joe -

 

I ran the TFC & restarted my computer. Is there anything else I need to do or should I consider myself safe for now? Then of course, after thanking you a thousand times over, I'll ask the obvious question, what to you recommend I do and/or what antivirus software do you recommend since Norton missed this one?

 

Thanks again!

 

Michelle


  • 0

#15
zep516
Posted 07 September 2015 - 02:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,
A few things to do yet. Nothing wrong with Norton. They all let the adware through it becomes a matter of safe surfing habits and watch what you download.

Copy and paste the text in the code box below into Notepad.
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop.
Right-click flush.bat and select "Run as Administrator" to run it. Your computer will reboot.

Let me know when that is done
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP