Noelz Posted January 5, 2015 ID:926702 Share Posted January 5, 2015 Recently I've been having problems with the Bluescreen or 'Bluescreen of Death', I was wondering how I could combat this issue. Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2015 ID:926963 Share Posted January 6, 2015 Hello and welome, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Next, Zip and attach this folder: C:\Windows\Minidump Thanks, Kevin... Link to post Share on other sites More sharing options...
Noelz Posted January 25, 2015 Author ID:932783 Share Posted January 25, 2015 FRST.txt Log:==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(McAfee Inc.) C:\Program Files\McAfee\Raptor\Raptor.exe() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_287_ActiveX.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-23] (Realtek Semiconductor)HKLM-x32\...\Run: [NPSStartup] => [X]HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM\...\RunOnce: [Raptor] => C:\Program Files\McAfee\Raptor\Raptor.exe [1814896 2014-12-25] (McAfee Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [Facebook Update] => C:\Users\Noel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-20] (Facebook Inc.)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [GoogleChromeAutoLaunch_7A46018675C6620EF34A549934EA8E2B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-21] (Google Inc.)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-25] ()HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-06] (Google Inc.)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Policies\system: [DisableChangePassword] 0Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnkShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)Startup: C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1843119849-658739943-1546731566-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.bt.com/login/loginform?TYPE=33554433&REALMOID=06-f1aca0f0-9277-1028-a2aa-843bdb4e0000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$5Gg1tpXNy2tkpsuareMacnNJlmbms7qMbEfHeTFUSfxbnorYfstClnjFgNuaYWY49uhw6yBYI0xa%2fbgLX1YKkzEsusDGzpbC&TARGET=$SM$HTTP%3a%2f%2fhome.bt.com%2fss%2fSatellite%2fsecure%2floginforward%3fsite%3dbtcom%26redirectURL%3dhttps%3a%2f%2fwww.bt.com%2fappsconsumeraccount%2fsecure%2fenhancedMyBT.do%3fsiteArea%3dcon.mya%26SearchScopes: HKLM -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =SearchScopes: HKLM-x32 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-1843119849-658739943-1546731566-1001 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL =SearchScopes: HKU\S-1-5-21-1843119849-658739943-1546731566-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB691D20140925&p={SearchTerms}BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKU\S-1-5-21-1843119849-658739943-1546731566-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-12-05] (EasyBits Software Corp.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1843119849-658739943-1546731566-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Noel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKU\S-1-5-21-1843119849-658739943-1546731566-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Noel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xmlFF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2012-09-24]FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgnFF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-16]FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.comFF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-02-13]FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.comFF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-02-13]FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-16]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-09-25]Chrome:=======CHR HomePage: Default -> https://www.google.com/CHR StartupUrls: Default -> "https://www.google.com/"CHR DefaultSearchKeyword: Default -> astromenda.comCHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_43_ie&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyE0CyC0C0E0BtB0FtC0DtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyD0CyB0E0A0D0BtG0Czy0BzztGyB0F0A0BtGtB0A0EtCtGyB0F0BtDyCyCtAtD0B0AyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDtDtCzzyDtCyDtGyB0Fzy0DtGyE0ByByEtG0AyByEyDtG0AzztDtA0CyB0AtC0B0AyDyB2Q&cr=752526412&ir=CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}CHR Profile: C:\Users\Noel\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-02]CHR Extension: (Google Docs) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-02]CHR Extension: (Google Drive) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]CHR Extension: (YouTube) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-02]CHR Extension: (Google Search) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-02]CHR Extension: (BT DesktopHelp extension) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-09-02]CHR Extension: (ZenMate) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-10-25]CHR Extension: (Google Sheets) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-02]CHR Extension: (SiteAdvisor) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-02]CHR Extension: (Webproxy.net - Unblock any website) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmikmnnnoacchojfpdgfdgpkfgajhim [2014-10-05]CHR Extension: (Google Wallet) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-09-02]CHR Extension: (Gmail) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-02]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-16]CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No PathCHR HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No PathCHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2012-12-14]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-16]CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 0020011422180585mcinstcleanup; C:\Windows\TEMP\002001~1.EXE [836168 2014-03-13] (McAfee, Inc.)R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.) [File not signed]S4 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2010-02-19] (NOS Microsystems Ltd.)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-06] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-12-23] (Realtek Semiconductor)R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-25 10:28 - 2015-01-25 10:28 - 00031041 _____ () C:\Users\Noel\Desktop\FRST.txt2015-01-25 10:26 - 2015-01-25 10:28 - 00000000 ____D () C:\FRST2015-01-25 10:25 - 2015-01-25 10:25 - 02129920 _____ (Farbar) C:\Users\Noel\Desktop\FRST64.exe2015-01-25 10:01 - 2015-01-25 10:01 - 00771920 _____ () C:\Windows\Minidump\012515-18408-01.dmp2015-01-23 22:33 - 2015-01-23 22:33 - 00727328 _____ () C:\Windows\Minidump\012315-19375-01.dmp2015-01-22 19:36 - 2015-01-22 19:36 - 00000000 ____D () C:\Users\Noel\Documents\Lil_Wayne-Sorry_4_The_Wait_22015-01-22 19:14 - 2015-01-22 19:28 - 168915171 _____ () C:\Users\Noel\Downloads\Lil_Wayne-Sorry_4_The_Wait_2.zip2015-01-22 19:04 - 2015-01-22 19:06 - 101640928 _____ () C:\Users\Noel\Downloads\Lil Wayne - Sorry 4 The Wait 2.zip2015-01-17 22:36 - 2015-01-17 22:36 - 00000000 ____D () C:\Users\Noel\Documents\NoDJ-Logic-Young_Sinatra_Undeniable2015-01-17 22:04 - 2015-01-17 22:21 - 201974437 _____ () C:\Users\Noel\Downloads\NoDJ-Logic-Young_Sinatra_Undeniable.zip2015-01-14 00:33 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-14 00:33 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-14 00:33 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-14 00:33 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-14 00:33 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-14 00:33 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-14 00:32 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-14 00:32 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-14 00:32 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-14 00:32 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-14 00:32 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-14 00:32 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-14 00:32 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-10 15:46 - 2015-01-10 15:46 - 00000000 ____D () C:\Users\Noel\Documents\Outkast - Aquemini [iTunes][GangstaRapTalk.com]2015-01-10 15:35 - 2015-01-10 15:43 - 146633941 _____ () C:\Users\Noel\Downloads\Outkast - Aquemini [iTunes][GangstaRapTalk.com].zip2015-01-04 10:51 - 2015-01-04 10:51 - 00899888 _____ () C:\Windows\Minidump\010415-17737-01.dmp2015-01-03 11:57 - 2015-01-03 11:57 - 00497544 _____ () C:\Windows\Minidump\010315-20061-01.dmp2015-01-02 01:53 - 2015-01-02 01:53 - 00000000 ____D () C:\Users\Noel\Documents\DJ_Drama-Nipsey_Hussle-Mailbox_Money2015-01-02 01:51 - 2015-01-22 18:57 - 00000000 ____D () C:\Users\Noel\AppData\Local\WinZip2015-01-02 01:51 - 2015-01-02 01:51 - 00002285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk2015-01-02 01:51 - 2015-01-02 01:51 - 00002279 _____ () C:\Users\Public\Desktop\WinZip.lnk2015-01-02 01:51 - 2015-01-02 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip2015-01-02 01:51 - 2015-01-02 01:51 - 00000000 ____D () C:\Program Files\WinZip2015-01-02 00:58 - 2015-01-02 01:07 - 107211693 _____ () C:\Users\Noel\Downloads\DJ_Drama-Nipsey_Hussle-Mailbox_Money.zip2014-12-29 20:18 - 2014-12-29 20:18 - 00843352 _____ () C:\Windows\Minidump\122914-18345-01.dmp2014-12-27 08:57 - 2015-01-22 17:03 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNoel2014-12-27 08:57 - 2015-01-22 17:03 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForNoel.job2014-12-26 11:08 - 2014-12-26 11:08 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-25 10:15 - 2014-09-25 00:38 - 00001846 _____ () C:\Users\Public\Desktop\BT NetProtect Plus.lnk2015-01-25 10:15 - 2013-11-23 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2015-01-25 10:10 - 2010-03-06 20:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-25 10:10 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-25 10:10 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-25 10:09 - 2012-08-21 23:45 - 00000000 ____D () C:\Program Files (x86)\McAfee2015-01-25 10:06 - 2010-01-04 04:04 - 01457848 _____ () C:\Windows\WindowsUpdate.log2015-01-25 10:02 - 2014-12-24 00:51 - 00008924 _____ () C:\Windows\setupact.log2015-01-25 10:02 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-01-25 10:01 - 2012-02-11 20:47 - 576405129 _____ () C:\Windows\MEMORY.DMP2015-01-25 10:01 - 2012-02-11 20:47 - 00000000 ____D () C:\Windows\Minidump2015-01-25 09:56 - 2012-04-04 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-01-25 09:56 - 2010-03-06 20:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-24 23:45 - 2012-07-20 22:40 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001UA.job2015-01-24 23:45 - 2012-07-20 22:40 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001Core.job2015-01-24 22:48 - 2010-03-15 19:26 - 00000000 ____D () C:\Users\Noel\AppData\Local\CrashDumps2015-01-24 10:52 - 2014-09-01 22:48 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-23 16:52 - 2012-04-04 22:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-01-23 16:52 - 2012-04-04 22:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-01-23 16:52 - 2011-05-15 20:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-19 13:07 - 2014-06-02 19:35 - 00000000 ____D () C:\Users\Noel\AppData\Roaming\HP Support Assistant2015-01-19 13:07 - 2010-03-02 18:16 - 00000000 ____D () C:\Users\Noel\AppData\Roaming\HpUpdate2015-01-17 09:42 - 2014-12-24 01:09 - 00003280 _____ () C:\Windows\PFRO.log2015-01-15 01:19 - 2014-02-28 00:21 - 00766376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-15 01:19 - 2009-07-14 05:13 - 00766376 _____ () C:\Windows\system32\PerfStringBackup.INI2015-01-14 01:28 - 2013-07-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT2015-01-14 01:19 - 2010-03-25 16:50 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-04 10:15 - 2009-07-14 05:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-01-02 01:52 - 2010-07-04 16:18 - 00000000 ____D () C:\ProgramData\WinZip2014-12-27 08:55 - 2010-03-02 18:10 - 00000000 ____D () C:\Users\Noel==================== Files in the root of some directories =======2013-10-11 17:36 - 2013-10-11 17:58 - 0000077 _____ () C:\Users\Noel\AppData\Roaming\Rim.Desktop.Exception.log2013-10-11 17:36 - 2013-10-11 17:58 - 0000077 _____ () C:\Users\Noel\AppData\Roaming\Rim.DesktopHelper.Exception.log2014-06-19 08:14 - 2014-06-19 08:14 - 0000024 _____ () C:\Users\Noel\AppData\Roaming\temp.ini2010-04-29 20:16 - 2010-04-29 20:16 - 0019881 _____ () C:\Users\Noel\AppData\Roaming\UserTile.png2014-09-25 23:29 - 2014-12-23 02:20 - 0000196 _____ () C:\Users\Noel\AppData\Roaming\WB.CFG2010-09-18 14:49 - 2010-09-18 14:49 - 0000258 _____ () C:\Users\Noel\AppData\Roaming\wklnhst.dat2014-10-25 10:21 - 2014-10-25 10:21 - 0022528 _____ () C:\Users\Noel\AppData\Local\8926782dsisetup89596992.exe2010-07-01 19:04 - 2014-05-05 21:39 - 0004608 _____ () C:\Users\Noel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-10-25 10:21 - 2014-12-17 00:20 - 0000001 _____ () C:\Users\Noel\AppData\Local\DSI.DAT2014-12-02 16:20 - 2014-12-02 16:20 - 0022528 _____ () C:\Users\Noel\AppData\Local\dsisetup11875262.exe2014-12-17 00:20 - 2014-12-17 00:20 - 0022528 _____ () C:\Users\Noel\AppData\Local\dsisetup15251902.exe2010-05-05 18:56 - 2010-05-05 18:56 - 0000052 _____ () C:\Users\Noel\AppData\Local\GLFBEE5.tmp2010-02-28 22:28 - 2014-11-23 19:50 - 0004732 _____ () C:\ProgramData\hpzinstall.logSome content of TEMP:====================C:\Users\CRESCENTIA\AppData\Local\Temp\eyplzzfe.dllC:\Users\CRESCENTIA\AppData\Local\Temp\xuzje9c7.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-24 10:26==================== End Of Log ============================ Addition.txt Log:============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation)Bing Bar Platform (x32 Version: 6.3.2322.0 - Microsoft Corporation) HiddenBlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) HiddenBT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )BT NetProtect Plus (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)BTHomeHub (HKLM-x32\...\BTHomeHub) (Version: - British Telecommunications Plc.)BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) HiddenCompatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) HiddenCyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDestinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) HiddenDirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) HiddenDivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenDVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) HiddenEncarta Encyclopedia 99 (HKLM-x32\...\EESInst 99) (Version: - )F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenFacebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.0 - Ellora Assets Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)GoToAssist Corporate (x32 Version: 9.0.570 - Citrix) HiddenGPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) HiddenHPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) HiddenhpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) HiddenhpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) HiddenIntel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) HiddenLightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) HiddenMcAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.175 - McAfee, Inc.)McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)Messenger Plus! (HKLM-x32\...\Messenger Plus!) (Version: 6.00.0.774 - Yuna Software)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SkyDrive (HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMovie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Node.js (HKLM-x32\...\{CC272FC2-82D8-41BC-A670-878B0BE1A5FC}) (Version: 0.10.31 - Joyent, Inc. and other Node contributors)Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) HiddenPowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) HiddenSAGEM F@st 800-840 (HKLM-x32\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version: - )SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenSecunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenStatus (x32 Version: 130.0.373.000 - Hewlett-Packard) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenToolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) HiddenUnity Web Player (HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenVisual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-1843119849-658739943-1546731566-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Noel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1843119849-658739943-1546731566-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Noel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1843119849-658739943-1546731566-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Noel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1843119849-658739943-1546731566-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Noel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)==================== Restore Points =========================02-01-2015 01:39:19 Removed WinZip 18.504-01-2015 19:00:31 Windows Backup11-01-2015 23:44:34 Windows Backup14-01-2015 01:18:13 Windows Update15-01-2015 01:12:28 Windows Update18-01-2015 19:01:22 Windows Backup==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {109CB62A-9572-4DAD-A1F7-C5A05E70FB74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)Task: {18C69125-C372-4E15-8185-04C362A9D867} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: {1D924C94-9666-4473-82D8-77D27B1C74EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {22B31E85-34A7-4BD7-8D39-415C3CD1AA0B} - System32\Tasks\{9C00AF57-8458-4250-A335-891DD3E84F6F} => pcalua.exe -a "C:\Users\Noel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8C33HRX\win64_152822.exe" -d C:\Users\Noel\DesktopTask: {2BC8014B-F3D5-48C0-91DF-190186047A15} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1843119849-658739943-1546731566-1000Task: {3BC7970E-9811-48B2-8D8F-C1C4D4DC25F7} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exeTask: {3EF4CACB-EF9F-44CD-B4B7-0F05AE5589BF} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeTask: {4658ED45-39E7-4BD0-981B-760980E83CD1} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)Task: {482EC35C-2BE9-4726-A522-F4E815AA8674} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001UA => C:\Users\Noel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)Task: {5A50AFF3-EB5E-4014-9621-88D59C3E4BDA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()Task: {80D49223-28FE-45E3-8C41-88267F354114} - System32\Tasks\{84B979F1-5C29-448A-B7F7-EFDDDE151A94} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -c -runfromtemp -l0x0809 -removeonlyTask: {8D0B07C4-90D7-4BFA-8E76-4BF14295BFB4} - System32\Tasks\HPCeeScheduleForNoel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)Task: {902453B9-5B67-41C8-B539-5121212B0D14} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()Task: {A31447C6-4080-4B36-8DB9-B30750F6FA77} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()Task: {A36A9250-546E-468A-A788-23DDAA1FC7E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2013-02-19] (Hewlett-Packard)Task: {A6149C30-E0A7-4C8A-8D61-D2F9DAEEE2F3} - System32\Tasks\Driver Booster SkipUAC (Noel) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeTask: {AA31C044-A017-4D73-94EC-B45FA73B8C24} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001Core => C:\Users\Noel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)Task: {BA633B0F-6059-49D2-9988-FE982B5C1DE1} - System32\Tasks\{F10DA409-C3A9-4E4F-9A77-E6332296FBDA} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /UninstallTask: {BBA0FF04-EEC0-439F-BA49-29647E76AC7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {C3590A86-709E-4C26-963C-9E60E42E0B2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-01-31] (Microsoft)Task: {CEF23AFD-B5A1-442C-A37C-004521E8E6DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {DC013B9E-14B5-4035-9FD7-0B5C3F9FC7A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)Task: {E43D5221-9CBD-49D4-9D5E-3FBC8FA7AE7B} - System32\Tasks\{CE3DD58F-8354-4210-AF79-2C64FBC834C2} => pcalua.exe -a E:\Tiscali.exe -d E:\Task: {E852002C-6365-4164-9CB4-0C3AD890A7C2} - System32\Tasks\{4A85A5DF-20D3-4834-8372-7F3CA00BF15C} => Chrome.exeTask: {EEEC6324-DA11-4837-ACA8-C35CFCB95400} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)Task: {EF966303-A8F4-496F-A727-1B7FC4B1868A} - System32\Tasks\{4AA345C7-B3ED-4155-B798-3A59A17DDF51} => Chrome.exeTask: {F5DB42E5-3BF5-4F64-853F-90C375E47DE4} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)Task: {FC19C636-1A27-4F31-A2ED-0FFBB60EDCCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001Core.job => C:\Users\Noel\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001UA.job => C:\Users\Noel\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForNoel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe==================== Loaded Modules (whitelisted) =============2009-09-14 16:17 - 2009-09-14 16:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe2014-10-25 09:19 - 2014-10-25 09:19 - 01043968 _____ () C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe2013-02-13 02:37 - 2013-02-13 02:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node2009-09-29 15:25 - 2009-09-29 15:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll2009-09-29 15:25 - 2009-09-29 15:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll2009-09-29 15:25 - 2009-09-29 15:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll2009-09-29 15:25 - 2009-09-29 15:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll2009-09-29 15:25 - 2009-09-29 15:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll2009-09-29 15:25 - 2009-09-29 15:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll2009-09-29 15:25 - 2009-09-29 15:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll2009-09-29 15:25 - 2009-09-29 15:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll2013-02-13 02:38 - 2013-02-13 02:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll2015-01-24 10:52 - 2015-01-21 03:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll2015-01-24 10:52 - 2015-01-21 03:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll2009-10-22 18:50 - 2009-10-22 18:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll2015-01-24 10:52 - 2015-01-21 03:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\Users\Noel\Documents\Auntie 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Auntie 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Auntie 3.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Auntie 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Auntie.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Auntie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Council Tax 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Council Tax 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Council Tax.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Council Tax.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\CTax1.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\CTax1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\CTax2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\CTax2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\CTax3.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\CTax3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License 3.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License 4.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Garage.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Garage.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Parents Evening 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Parents Evening 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Parents Evening.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Parents Evening.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Passport Photos.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Passport Photos.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13494093.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13494093.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"========================= Accounts: ==========================Administrator (S-1-5-21-1843119849-658739943-1546731566-500 - Administrator - Disabled)CRESCENTIA (S-1-5-21-1843119849-658739943-1546731566-1000 - Administrator - Enabled) => C:\Users\CRESCENTIAGuest (S-1-5-21-1843119849-658739943-1546731566-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1843119849-658739943-1546731566-1005 - Limited - Enabled)Noel (S-1-5-21-1843119849-658739943-1546731566-1001 - Administrator - Enabled) => C:\Users\Noel==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (01/24/2015 10:46:20 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86Exception code: 0xe06d7363Fault offset: 0x0000c42dFaulting process id: 0x49c4Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (01/24/2015 08:47:25 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 2998Start Time: 01d038055118285eTermination Time: 1452Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEReport Id:Error: (01/24/2015 06:41:07 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 2558Start Time: 01d03803f311496fTermination Time: 360Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEReport Id:Error: (01/24/2015 01:07:35 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 2cdcStart Time: 01d037c31435c80cTermination Time: 0Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEReport Id:Error: (01/24/2015 00:35:54 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1208Start Time: 01d037bc02c2b594Termination Time: 1123Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEReport Id:Error: (01/23/2015 11:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: Flash32_16_0_0_287.ocx, version: 16.0.0.287, time stamp: 0x54bb1885Exception code: 0xc0000005Fault offset: 0x00654e8dFaulting process id: 0x7f8Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (01/23/2015 03:52:13 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Raptor.exe, version: 1.0.0.288, time stamp: 0x54940703Faulting module name: Raptor.exe, version: 1.0.0.288, time stamp: 0x54940703Exception code: 0xc0000005Fault offset: 0x0000000000216848Faulting process id: 0xca8Faulting application start time: 0xRaptor.exe0Faulting application path: Raptor.exe1Faulting module path: Raptor.exe2Report Id: Raptor.exe3Error: (01/23/2015 03:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: PSIA.exe, version: 3.0.0.9016, time stamp: 0x52a1d50fFaulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96fException code: 0xc0000005Fault offset: 0x0002d7f1Faulting process id: 0x45cFaulting application start time: 0xPSIA.exe0Faulting application path: PSIA.exe1Faulting module path: PSIA.exe2Report Id: PSIA.exe3Error: (01/22/2015 11:36:33 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 8a98Start Time: 01d0369926970815Termination Time: 0Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEReport Id:Error: (01/22/2015 11:14:20 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 38c0Start Time: 01d0367f329f3bd9Termination Time: 2238Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEReport Id:System errors:=============Error: (01/25/2015 10:05:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The HP Support Assistant Service service failed to start due to the following error:%%1053Error: (01/25/2015 10:05:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.Error: (01/25/2015 10:01:59 AM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x00000116 (0xfffffa80179e74e0, 0xfffff8800482d500, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP012515-18408-01Error: (01/25/2015 10:01:47 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 09:58:50 on 25/01/2015 was unexpected.Error: (01/25/2015 09:44:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Error: (01/25/2015 09:44:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Error: (01/25/2015 09:44:12 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Error: (01/25/2015 09:44:12 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Error: (01/25/2015 09:44:12 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Error: (01/25/2015 09:44:12 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Microsoft Office Sessions:============================================= Memory info ===========================Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHzPercentage of memory in use: 67%Total physical RAM: 3037.24 MBAvailable physical RAM: 981.25 MBTotal Pagefile: 6072.67 MBAvailable Pagefile: 3790.83 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB==================== Drives ================================Drive c: (HP) (Fixed) (Total:583.97 GB) (Free:515.45 GB) NTFSDrive d: (FACTORY_IMAGE) (Fixed) (Total:12.1 GB) (Free:1.69 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive g: () (Removable) (Total:14.9 GB) (Free:0.34 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)==================== End Of Log ============================ How do I zip and attach the Minidump file? Link to post Share on other sites More sharing options...
kevinf80 Posted January 25, 2015 ID:932903 Share Posted January 25, 2015 The top section of the log FRST.txt is missing, I need to see that. LOgs are saved here: C:\FRST\Logs To compress (or zip) a file or folder Locate the file or folder that you want to compress. Navigate to C:\Windows Scroll to and Right-click the "minidump" folder, point to Send to, and then click Compressed (zipped) folder. An alert will say "Windows cannot copy the Compressed (zipped) folder here, do you want to save to the Desktop? select "Yes" The zipped folder will be save to your DesktopTo attach, Select "More reply Options" under the reply box, the reply box will change and add more options... Select "Browse" and navigate to the folder you want to attach via Explorer, either double click on the folder or single click then select "Open" Select "Attach this File" option to do just that.... Thanks, Kevin... Link to post Share on other sites More sharing options...
Noelz Posted January 26, 2015 Author ID:932960 Share Posted January 26, 2015 FRST.txt Log:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01Ran by Noel (administrator) on CRESCENTIA-PC on 25-01-2015 10:28:06Running from C:\Users\Noel\DesktopLoaded Profiles: Noel (Available profiles: CRESCENTIA & Noel)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(McAfee Inc.) C:\Program Files\McAfee\Raptor\Raptor.exe() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_287_ActiveX.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-23] (Realtek Semiconductor)HKLM-x32\...\Run: [NPSStartup] => [X]HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM\...\RunOnce: [Raptor] => C:\Program Files\McAfee\Raptor\Raptor.exe [1814896 2014-12-25] (McAfee Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [Facebook Update] => C:\Users\Noel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-20] (Facebook Inc.)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [GoogleChromeAutoLaunch_7A46018675C6620EF34A549934EA8E2B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-21] (Google Inc.)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-25] ()HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-06] (Google Inc.)HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Policies\system: [DisableChangePassword] 0Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnkShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)Startup: C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1843119849-658739943-1546731566-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.bt.com/login/loginform?TYPE=33554433&REALMOID=06-f1aca0f0-9277-1028-a2aa-843bdb4e0000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$5Gg1tpXNy2tkpsuareMacnNJlmbms7qMbEfHeTFUSfxbnorYfstClnjFgNuaYWY49uhw6yBYI0xa%2fbgLX1YKkzEsusDGzpbC&TARGET=$SM$HTTP%3a%2f%2fhome%2ebt%2ecom%2fss%2fSatellite%2fsecure%2floginforward%3fsite%3dbtcom%26redirectURL%3dhttps%3a%2f%2fwww%2ebt%2ecom%2fappsconsumeraccount%2fsecure%2fenhancedMyBT%2edo%3fsiteArea%3dcon%2emya%26SearchScopes: HKLM -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =SearchScopes: HKLM-x32 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-1843119849-658739943-1546731566-1001 -> {0988E493-3507-4521-B1DD-B3873A22AB12} URL =SearchScopes: HKU\S-1-5-21-1843119849-658739943-1546731566-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB691D20140925&p={SearchTerms}BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKU\S-1-5-21-1843119849-658739943-1546731566-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-12-05] (EasyBits Software Corp.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1843119849-658739943-1546731566-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Noel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKU\S-1-5-21-1843119849-658739943-1546731566-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Noel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xmlFF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2012-09-24]FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgnFF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-16]FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.comFF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-02-13]FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.comFF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-02-13]FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-16]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-09-25]Chrome:=======CHR HomePage: Default -> https://www.google.com/CHR StartupUrls: Default -> "https://www.google.com/"CHR DefaultSearchKeyword: Default -> astromenda.comCHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_43_ie&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyE0CyC0C0E0BtB0FtC0DtN0D0Tzu0StCtDtBzztN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyD0CyB0E0A0D0BtG0Czy0BzztGyB0F0A0BtGtB0A0EtCtGyB0F0BtDyCyCtAtD0B0AyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDtDtCzzyDtCyDtGyB0Fzy0DtGyE0ByByEtG0AyByEyDtG0AzztDtA0CyB0AtC0B0AyDyB2Q&cr=752526412&ir=CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}CHR Profile: C:\Users\Noel\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-02]CHR Extension: (Google Docs) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-02]CHR Extension: (Google Drive) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]CHR Extension: (YouTube) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-02]CHR Extension: (Google Search) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-02]CHR Extension: (BT DesktopHelp extension) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-09-02]CHR Extension: (ZenMate) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-10-25]CHR Extension: (Google Sheets) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-02]CHR Extension: (SiteAdvisor) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-02]CHR Extension: (Webproxy.net - Unblock any website) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmikmnnnoacchojfpdgfdgpkfgajhim [2014-10-05]CHR Extension: (Google Wallet) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-09-02]CHR Extension: (Gmail) - C:\Users\Noel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-02]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-16]CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No PathCHR HKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No PathCHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2012-12-14]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-16]CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 0020011422180585mcinstcleanup; C:\Windows\TEMP\002001~1.EXE [836168 2014-03-13] (McAfee, Inc.)R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.) [File not signed]S4 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2010-02-19] (NOS Microsystems Ltd.)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-06] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-12-23] (Realtek Semiconductor)R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-25 10:28 - 2015-01-25 10:28 - 00031041 _____ () C:\Users\Noel\Desktop\FRST.txt2015-01-25 10:26 - 2015-01-25 10:28 - 00000000 ____D () C:\FRST2015-01-25 10:25 - 2015-01-25 10:25 - 02129920 _____ (Farbar) C:\Users\Noel\Desktop\FRST64.exe2015-01-25 10:01 - 2015-01-25 10:01 - 00771920 _____ () C:\Windows\Minidump\012515-18408-01.dmp2015-01-23 22:33 - 2015-01-23 22:33 - 00727328 _____ () C:\Windows\Minidump\012315-19375-01.dmp2015-01-22 19:36 - 2015-01-22 19:36 - 00000000 ____D () C:\Users\Noel\Documents\Lil_Wayne-Sorry_4_The_Wait_22015-01-22 19:14 - 2015-01-22 19:28 - 168915171 _____ () C:\Users\Noel\Downloads\Lil_Wayne-Sorry_4_The_Wait_2.zip2015-01-22 19:04 - 2015-01-22 19:06 - 101640928 _____ () C:\Users\Noel\Downloads\Lil Wayne - Sorry 4 The Wait 2.zip2015-01-17 22:36 - 2015-01-17 22:36 - 00000000 ____D () C:\Users\Noel\Documents\NoDJ-Logic-Young_Sinatra_Undeniable2015-01-17 22:04 - 2015-01-17 22:21 - 201974437 _____ () C:\Users\Noel\Downloads\NoDJ-Logic-Young_Sinatra_Undeniable.zip2015-01-14 00:33 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-14 00:33 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-14 00:33 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-14 00:33 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-14 00:33 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-14 00:33 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-14 00:32 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-14 00:32 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-14 00:32 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-14 00:32 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-14 00:32 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-14 00:32 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-14 00:32 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-10 15:46 - 2015-01-10 15:46 - 00000000 ____D () C:\Users\Noel\Documents\Outkast - Aquemini [iTunes][GangstaRapTalk.com]2015-01-10 15:35 - 2015-01-10 15:43 - 146633941 _____ () C:\Users\Noel\Downloads\Outkast - Aquemini [iTunes][GangstaRapTalk.com].zip2015-01-04 10:51 - 2015-01-04 10:51 - 00899888 _____ () C:\Windows\Minidump\010415-17737-01.dmp2015-01-03 11:57 - 2015-01-03 11:57 - 00497544 _____ () C:\Windows\Minidump\010315-20061-01.dmp2015-01-02 01:53 - 2015-01-02 01:53 - 00000000 ____D () C:\Users\Noel\Documents\DJ_Drama-Nipsey_Hussle-Mailbox_Money2015-01-02 01:51 - 2015-01-22 18:57 - 00000000 ____D () C:\Users\Noel\AppData\Local\WinZip2015-01-02 01:51 - 2015-01-02 01:51 - 00002285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk2015-01-02 01:51 - 2015-01-02 01:51 - 00002279 _____ () C:\Users\Public\Desktop\WinZip.lnk2015-01-02 01:51 - 2015-01-02 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip2015-01-02 01:51 - 2015-01-02 01:51 - 00000000 ____D () C:\Program Files\WinZip2015-01-02 00:58 - 2015-01-02 01:07 - 107211693 _____ () C:\Users\Noel\Downloads\DJ_Drama-Nipsey_Hussle-Mailbox_Money.zip2014-12-29 20:18 - 2014-12-29 20:18 - 00843352 _____ () C:\Windows\Minidump\122914-18345-01.dmp2014-12-27 08:57 - 2015-01-22 17:03 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNoel2014-12-27 08:57 - 2015-01-22 17:03 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForNoel.job2014-12-26 11:08 - 2014-12-26 11:08 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-25 10:15 - 2014-09-25 00:38 - 00001846 _____ () C:\Users\Public\Desktop\BT NetProtect Plus.lnk2015-01-25 10:15 - 2013-11-23 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2015-01-25 10:10 - 2010-03-06 20:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-25 10:10 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-25 10:10 - 2009-07-14 04:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-25 10:09 - 2012-08-21 23:45 - 00000000 ____D () C:\Program Files (x86)\McAfee2015-01-25 10:06 - 2010-01-04 04:04 - 01457848 _____ () C:\Windows\WindowsUpdate.log2015-01-25 10:02 - 2014-12-24 00:51 - 00008924 _____ () C:\Windows\setupact.log2015-01-25 10:02 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-01-25 10:01 - 2012-02-11 20:47 - 576405129 _____ () C:\Windows\MEMORY.DMP2015-01-25 10:01 - 2012-02-11 20:47 - 00000000 ____D () C:\Windows\Minidump2015-01-25 09:56 - 2012-04-04 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-01-25 09:56 - 2010-03-06 20:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-24 23:45 - 2012-07-20 22:40 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001UA.job2015-01-24 23:45 - 2012-07-20 22:40 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843119849-658739943-1546731566-1001Core.job2015-01-24 22:48 - 2010-03-15 19:26 - 00000000 ____D () C:\Users\Noel\AppData\Local\CrashDumps2015-01-24 10:52 - 2014-09-01 22:48 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-23 16:52 - 2012-04-04 22:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-01-23 16:52 - 2012-04-04 22:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-01-23 16:52 - 2011-05-15 20:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-19 13:07 - 2014-06-02 19:35 - 00000000 ____D () C:\Users\Noel\AppData\Roaming\HP Support Assistant2015-01-19 13:07 - 2010-03-02 18:16 - 00000000 ____D () C:\Users\Noel\AppData\Roaming\HpUpdate2015-01-17 09:42 - 2014-12-24 01:09 - 00003280 _____ () C:\Windows\PFRO.log2015-01-15 01:19 - 2014-02-28 00:21 - 00766376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-15 01:19 - 2009-07-14 05:13 - 00766376 _____ () C:\Windows\system32\PerfStringBackup.INI2015-01-14 01:28 - 2013-07-18 02:01 - 00000000 ____D () C:\Windows\system32\MRT2015-01-14 01:19 - 2010-03-25 16:50 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-04 10:15 - 2009-07-14 05:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-01-02 01:52 - 2010-07-04 16:18 - 00000000 ____D () C:\ProgramData\WinZip2014-12-27 08:55 - 2010-03-02 18:10 - 00000000 ____D () C:\Users\Noel==================== Files in the root of some directories =======2013-10-11 17:36 - 2013-10-11 17:58 - 0000077 _____ () C:\Users\Noel\AppData\Roaming\Rim.Desktop.Exception.log2013-10-11 17:36 - 2013-10-11 17:58 - 0000077 _____ () C:\Users\Noel\AppData\Roaming\Rim.DesktopHelper.Exception.log2014-06-19 08:14 - 2014-06-19 08:14 - 0000024 _____ () C:\Users\Noel\AppData\Roaming\temp.ini2010-04-29 20:16 - 2010-04-29 20:16 - 0019881 _____ () C:\Users\Noel\AppData\Roaming\UserTile.png2014-09-25 23:29 - 2014-12-23 02:20 - 0000196 _____ () C:\Users\Noel\AppData\Roaming\WB.CFG2010-09-18 14:49 - 2010-09-18 14:49 - 0000258 _____ () C:\Users\Noel\AppData\Roaming\wklnhst.dat2014-10-25 10:21 - 2014-10-25 10:21 - 0022528 _____ () C:\Users\Noel\AppData\Local\8926782dsisetup89596992.exe2010-07-01 19:04 - 2014-05-05 21:39 - 0004608 _____ () C:\Users\Noel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-10-25 10:21 - 2014-12-17 00:20 - 0000001 _____ () C:\Users\Noel\AppData\Local\DSI.DAT2014-12-02 16:20 - 2014-12-02 16:20 - 0022528 _____ () C:\Users\Noel\AppData\Local\dsisetup11875262.exe2014-12-17 00:20 - 2014-12-17 00:20 - 0022528 _____ () C:\Users\Noel\AppData\Local\dsisetup15251902.exe2010-05-05 18:56 - 2010-05-05 18:56 - 0000052 _____ () C:\Users\Noel\AppData\Local\GLFBEE5.tmp2010-02-28 22:28 - 2014-11-23 19:50 - 0004732 _____ () C:\ProgramData\hpzinstall.logSome content of TEMP:====================C:\Users\CRESCENTIA\AppData\Local\Temp\eyplzzfe.dllC:\Users\CRESCENTIA\AppData\Local\Temp\xuzje9c7.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-24 10:26==================== End Of Log ============================ However it is not allowing me to compress the file at all Link to post Share on other sites More sharing options...
kevinf80 Posted January 26, 2015 ID:932967 Share Posted January 26, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Now select > Scan > Threat scan > Scan nowWhen the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes. When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export" Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log Next, Please download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.Double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information. Let me see those logs, also give an update on any remaining issues or concerns... Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
Noelz Posted January 29, 2015 Author ID:934219 Share Posted January 29, 2015 Fixlog.txt Log:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015Ran by Noel at 2015-01-28 19:31:40 Run:1Running from C:\Users\Noel\DesktopLoaded Profiles: Noel (Available profiles: CRESCENTIA & Noel)Boot Mode: Normal==============================================Content of fixlist:*****************startHKU\S-1-5-21-1843119849-658739943-1546731566-1001\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-25] ()C:\Program Files (x86)\WSE_AstromendaC:\Users\CRESCENTIA\AppData\Local\Temp\eyplzzfe.dllC:\Users\CRESCENTIA\AppData\Local\Temp\xuzje9c7.dllAlternateDataStreams: C:\Users\Noel\Documents\Auntie 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Auntie 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Auntie 3.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Auntie 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Auntie.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Auntie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Council Tax 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Council Tax 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Council Tax.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Council Tax.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\CTax1.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\CTax1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\CTax2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\CTax2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\CTax3.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\CTax3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License 3.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License 4.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Driving License.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Driving License.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Garage.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Garage.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Parents Evening 2.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Parents Evening 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Parents Evening.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Parents Evening.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Noel\Documents\Passport Photos.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Noel\Documents\Passport Photos.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}Emptytemp:end*****************HKU\S-1-5-21-1843119849-658739943-1546731566-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BRS => value deleted successfully.C:\Program Files (x86)\WSE_Astromenda => Moved successfully.C:\Users\CRESCENTIA\AppData\Local\Temp\eyplzzfe.dll => Moved successfully.C:\Users\CRESCENTIA\AppData\Local\Temp\xuzje9c7.dll => Moved successfully."C:\Users\Noel\Documents\Auntie 2.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Auntie 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Auntie 3.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Auntie 3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Auntie.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Auntie.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Council Tax 2.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Council Tax 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Council Tax.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Council Tax.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\CTax1.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\CTax1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\CTax2.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\CTax2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\CTax3.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\CTax3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Driving License 2.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Driving License 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Driving License 3.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Driving License 3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Driving License 4.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Driving License 4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Driving License.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Driving License.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Garage.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Garage.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Parents Evening 2.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Parents Evening 2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Parents Evening.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Parents Evening.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."C:\Users\Noel\Documents\Passport Photos.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.C:\Users\Noel\Documents\Passport Photos.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.EmptyTemp: => Removed 2.9 GB temporary data.The system needed a reboot.==== End of Fixlog 19:38:46 ==== Malwarebytes Log:Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 28/01/2015Scan Time: 19:58:15Logfile:Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.28.08Rootkit Database: v2015.01.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: NoelScan Type: Threat ScanResult: CompletedObjects Scanned: 412303Time Elapsed: 1 hr, 7 min, 41 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 8PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [f1602ccbe8a16accc1509a64d33138c8],PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [312012e5c6c3999d8d8457a70cf828d8],PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [ada439bef49561d570365b30f80b03fd],PUP.Optional.Softonic.A, HKU\S-1-5-21-1843119849-658739943-1546731566-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [b1a083746623e5512425acd6bd469f61],PUP.Optional.Astromenda.A, HKU\S-1-5-21-1843119849-658739943-1546731566-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, Quarantined, [fa57896e66232b0b8507a5ee946fe21e],PUP.Optional.Astromenda.A, HKU\S-1-5-21-1843119849-658739943-1546731566-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [79d890672c5d270f57bba35ba85c23dd],PUP.Optional.InstallCore.A, HKU\S-1-5-21-1843119849-658739943-1546731566-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [dd7440b714750432813b9e24e221bb45],PUP.Optional.InstallCore.A, HKU\S-1-5-21-1843119849-658739943-1546731566-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [dd74827592f7b97d3898b5231ce8857b],Registry Values: 1PUP.Optional.InstallCore.A, HKU\S-1-5-21-1843119849-658739943-1546731566-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2Y1E2Z1G1J1T1M, Quarantined, [dd74827592f7b97d3898b5231ce8857b]Registry Data: 0(No malicious items detected)Folders: 2PUP.Optional.Astromenda.A, C:\Users\Noel\AppData\Roaming\Astromenda, Quarantined, [c28f4ea9bacfbf7724165b0827dc649c],PUP.Optional.Astromenda.A, C:\Users\Noel\AppData\Roaming\Astromenda\BRS, Quarantined, [c28f4ea9bacfbf7724165b0827dc649c],Files: 2PUP.Optional.Downloader, C:\Users\Noel\Downloads\FLVPlayer-Chrome.exe, Quarantined, [90c1589f6e1b3ff789bb8e5ce41e17e9],PUP.Optional.Astromenda.A, C:\Users\Noel\AppData\Roaming\Astromenda\BRS\stats, Quarantined, [c28f4ea9bacfbf7724165b0827dc649c],Physical Sectors: 0(No malicious items detected)(end) AdwCleaner Log:# AdwCleaner v4.109 - Report created 28/01/2015 at 22:13:19# Updated 24/01/2015 by Xplode# Database : 2015-01-26.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Noel - CRESCENTIA-PC# Running from : C:\Users\Noel\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\Yahoo! CompanionFolder Deleted : C:\Users\CRESCENTIA\AppData\LocalLow\Yahoo! CompanionFolder Deleted : C:\Users\Noel\AppData\LocalLow\Yahoo! Companion***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Deleted : HKCU\Software\BRSKey Deleted : HKCU\Software\IdleCrawlerKey Deleted : HKLM\SOFTWARE\InstallCoreKey Deleted : HKLM\SOFTWARE\IdleCrawlerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! ToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! CompanionKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Google Chrome v40.0.2214.93*************************AdwCleaner[R0].txt - [2743 octets] - [28/01/2015 21:56:04]AdwCleaner[s0].txt - [2620 octets] - [28/01/2015 22:13:19]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2680 octets] ########## JRT.txt Log:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 7 Home Premium x64Ran by Noel on 29/01/2015 at 19:18:48.56~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ FilesSuccessfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf~~~ Folders~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 29/01/2015 at 19:25:46.27End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Malicious Software Removal Tool Log:---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Wed Jan 14 01:19:29 2015Engine: 1.1.11302.0Signatures: 1.191.1276.0Results Summary:----------------No infection found.Failed to submit MAPS report: 0x80072F8FFailed to submit clean hearbeat MAPS report: 0x80072F8FMicrosoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 01:28:40 2015Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Thu Jan 29 19:54:49 2015Engine: 1.1.11302.0Signatures: 1.191.1276.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 29 20:07:44 2015Return code: 0 (0x0) Bluescreen Viewer Report:==================================================Dump File : 012815-19640-01.dmpCrash Time : 28/01/2015 12:09:21Bug Check String :Bug Check Code : 0x00000116Parameter 1 : fffffa80`0f214010Parameter 2 : fffff880`04911500Parameter 3 : 00000000`00000000Parameter 4 : 00000000`00000002Caused By Driver : dxgkrnl.sysCaused By Address : dxgkrnl.sys+5d134File Description :Product Name :Company :File Version :Processor : x64Crash Address : ntoskrnl.exe+76e80Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\012815-19640-01.dmpProcessors Count : 2Major Version : 15Minor Version : 7601Dump File Size : 742,472Dump File Time : 28/01/2015 12:11:10================================================== Link to post Share on other sites More sharing options...
kevinf80 Posted January 29, 2015 ID:934266 Share Posted January 29, 2015 Does the BSOD still happen? Link to post Share on other sites More sharing options...
Noelz Posted January 29, 2015 Author ID:934279 Share Posted January 29, 2015 I can't put a certain pattern on how it occurs, but it happened twice in one day recently. Link to post Share on other sites More sharing options...
kevinf80 Posted January 29, 2015 ID:934281 Share Posted January 29, 2015 It appears to be related to your video card, do you play games or similar, were you running such things when the BSOD occurs Link to post Share on other sites More sharing options...
Noelz Posted January 29, 2015 Author ID:934283 Share Posted January 29, 2015 Don't play a lot of games, but I watch YouTube videos if that is part of it... Link to post Share on other sites More sharing options...
kevinf80 Posted January 29, 2015 ID:934287 Share Posted January 29, 2015 Can you remember what was happening when the BSOD occur, were you watching videos? Link to post Share on other sites More sharing options...
Noelz Posted January 30, 2015 Author ID:934527 Share Posted January 30, 2015 Well...not videos on my computer as such, I only watch online videos. But the latest Bluescreen happened when I was just listening to music from the Media Player. I was inactive on my computer when I left it alone for a bit, and it happened whilst I wasn't using it. So to be honest, I can't really pinpoint a reason or source as to why this is occuring Link to post Share on other sites More sharing options...
kevinf80 Posted January 30, 2015 ID:934563 Share Posted January 30, 2015 Has there been any repeats of BSOD since we run the fixes with the tools you d/l? Link to post Share on other sites More sharing options...
Noelz Posted January 31, 2015 Author ID:934633 Share Posted January 31, 2015 There have been no repeats Link to post Share on other sites More sharing options...
kevinf80 Posted January 31, 2015 ID:934791 Share Posted January 31, 2015 Excellent, run the following to clean up... Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools Create registry backup Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Part of the routine will be to create a registry back up with ERUNT, the back up will be created here: C:\Windows\ERUNT When all is known to be well with your system you can delete that back up folder if you consider it as not needed... Any remnant files/logs from tools we have used can be deleted… Next, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older version of Java components and upgrade the application. Upgrading Java: Go to http://java.com/en/ and click on "Do I have Java"It will check your current version and then offer to update to the latest versionWatch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it. ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important Next, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if we are ok to close out... Thank you, Kevin... Link to post Share on other sites More sharing options...
Noelz Posted January 31, 2015 Author ID:934928 Share Posted January 31, 2015 You've been a great help, but what if the problem resurfaces again, how can I contact you specifically? Link to post Share on other sites More sharing options...
kevinf80 Posted January 31, 2015 ID:934941 Share Posted January 31, 2015 Open a new thread, then send me a PM or mark the thread for my attention... It does not really matter who helps, all the guys who work here a very good. We have no weak links at Malwarebytes.... Link to post Share on other sites More sharing options...
Noelz Posted January 31, 2015 Author ID:934942 Share Posted January 31, 2015 Okay then, that's cool. Let me download the Delfix tool then... Link to post Share on other sites More sharing options...
kevinf80 Posted January 31, 2015 ID:934948 Share Posted January 31, 2015 Let me know when all is complete.... Link to post Share on other sites More sharing options...
Noelz Posted January 31, 2015 Author ID:934954 Share Posted January 31, 2015 Yeah, I've d/l Delfix and updated Java. Thanks for your time Link to post Share on other sites More sharing options...
kevinf80 Posted January 31, 2015 ID:934956 Share Posted January 31, 2015 Comeback anytime, you`ll always be welcome..... Link to post Share on other sites More sharing options...
Noelz Posted January 31, 2015 Author ID:934986 Share Posted January 31, 2015 Ermmm, about that, it just happened again... Link to post Share on other sites More sharing options...
kevinf80 Posted February 1, 2015 ID:934993 Share Posted February 1, 2015 Please download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.Double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information. Link to post Share on other sites More sharing options...
Noelz Posted February 1, 2015 Author ID:934994 Share Posted February 1, 2015 ==================================================Dump File : 013115-23602-01.dmpCrash Time : 31/01/2015 23:43:38Bug Check String :Bug Check Code : 0x00000116Parameter 1 : fffffa80`025d84e0Parameter 2 : fffff880`04889500Parameter 3 : 00000000`00000000Parameter 4 : 00000000`00000002Caused By Driver : dxgkrnl.sysCaused By Address : dxgkrnl.sys+5d134File Description :Product Name :Company :File Version :Processor : x64Crash Address : ntoskrnl.exe+76e80Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\013115-23602-01.dmpProcessors Count : 2Major Version : 15Minor Version : 7601Dump File Size : 1,081,104Dump File Time : 31/01/2015 23:45:37================================================== Link to post Share on other sites More sharing options...
Recommended Posts