Jump to content

Winmgr.exe and "microsoft.com"


yenark

Recommended Posts

Thanks in advance!

FRST.txt:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kenley_2 (administrator) on KRANEY-PC on 20-01-2015 16:20:18
Running from C:\Users\Kenley_2\Downloads
Loaded Profiles: Kenley_2 (Available profiles: Kenley_2)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Wondershare Software Co.,Ltd.                               ) C:\Program Files (x86)\Windows Manager\winmgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Wondershare Software Co.,Ltd.                               ) C:\Users\Kenley_2\AppData\Local\Temp\WondersharePDFEditor3.6.2.exe
() C:\Users\Kenley_2\AppData\Local\Temp\is-UBOCJ.tmp\WondersharePDFEditor3.6.2.tmp
(Kaspersky Lab ZAO) C:\Users\Kenley_2\Desktop\tdsskiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation                                    ) C:\Users\Kenley_2\Downloads\mbam-setup-2.0.4.1028.exe
() C:\Users\Kenley_2\AppData\Local\Temp\is-N8VVU.tmp\mbam-setup-2.0.4.1028.tmp
(Malwarebytes Corporation                                    ) C:\Users\Kenley_2\Downloads\mbam-setup-2.0.4.1028.exe
() C:\Users\Kenley_2\AppData\Local\Temp\is-VS7AB.tmp\mbam-setup-2.0.4.1028.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [0 ] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\Run: [DellSystemDetect] => C:\Users\Kenley_2\AppData\Local\Apps\2.0\KKHOZ808.ZW5\K464BGXM.KM6\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-07-21] (Dell)
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\RunOnce: [WindowsUpdate] => C:\Program Files (x86)\Windows Manager\winmgr.exe [41604096 2014-05-03] (Wondershare Software Co.,Ltd.                               )
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\MountPoints2: {65418143-3099-11e4-825d-00dbdf2746a5} - "D:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-12] (NVIDIA Corporation)
IFEO\AvastSvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140717180718.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140717180718.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kenley_2\AppData\Roaming\Mozilla\Firefox\Profiles\wi4ff9g4.default
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-4287402215-2210130391-829758003-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kenley_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-07-17]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://mededu.miami.edu/MedEd"
CHR Profile: C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-19]
CHR Extension: (Google Drive) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-19]
CHR Extension: (YouTube) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-19]
CHR Extension: (Google Search) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-19]
CHR Extension: (iCloud Bookmarks) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-08-11]
CHR Extension: (Synergyse Training for Google Apps™) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhlpceomllmafbnliifodknahnpjppn [2014-09-10]
CHR Extension: (Collusion for Chrome) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2015-01-20]
CHR Extension: (Synergyse Training for Google Apps™) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2014-09-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-16]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-19]
CHR Extension: (Gmail) - C:\Users\Kenley_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-19]
CHR HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2014-07-17] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [170440 2014-07-17] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-01-20] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2014-07-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2014-07-17] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2014-07-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2014-07-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2014-07-17] (McAfee, Inc.)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300352 2014-11-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 16:20 - 2015-01-20 16:21 - 00020740 _____ () C:\Users\Kenley_2\Downloads\FRST.txt
2015-01-20 16:20 - 2015-01-20 16:20 - 00000000 ____D () C:\FRST
2015-01-20 16:19 - 2015-01-20 16:19 - 02126848 _____ (Farbar) C:\Users\Kenley_2\Downloads\FRST64.exe
2015-01-20 16:17 - 2015-01-20 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kenley_2\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-20 16:15 - 2015-01-20 16:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kenley_2\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-20 16:12 - 2015-01-20 16:12 - 02186752 _____ () C:\Users\Kenley_2\Downloads\AdwCleaner (1).exe
2015-01-20 16:04 - 2015-01-20 16:06 - 00000000 ____D () C:\AdwCleaner
2015-01-20 16:04 - 2015-01-20 16:04 - 02186752 _____ () C:\Users\Kenley_2\Downloads\AdwCleaner.exe
2015-01-20 16:03 - 2015-01-20 16:03 - 00002861 _____ () C:\RKreport_DEL_01202015_160302.log
2015-01-20 16:03 - 2015-01-20 16:03 - 00000394 _____ () C:\E91453C58DCA8861.reg
2015-01-20 16:03 - 2015-01-20 16:03 - 00000394 _____ () C:\E4017CCA115530D7.reg
2015-01-20 16:03 - 2015-01-20 16:03 - 00000267 _____ () C:\E91453C58DCA8861.meta
2015-01-20 16:03 - 2015-01-20 16:03 - 00000267 _____ () C:\E4017CCA115530D7.meta
2015-01-20 16:00 - 2015-01-20 16:00 - 00002728 _____ () C:\RKreport_SCN_01202015_160042.log
2015-01-20 15:56 - 2015-01-20 15:56 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-20 15:29 - 2015-01-20 15:29 - 37987520 _____ (Microsoft Corporation) C:\Users\Kenley_2\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-20 15:28 - 2015-01-20 16:08 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\CrashDumps
2015-01-20 15:24 - 2015-01-20 15:42 - 00000000 ____D () C:\MGtools
2015-01-20 15:18 - 2015-01-20 15:18 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-01-20 15:17 - 2015-01-20 15:17 - 00007122 _____ () C:\WINDOWS\system32\.crusader
2015-01-20 14:26 - 2015-01-20 15:57 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2015-01-20 14:25 - 2015-01-20 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-20 14:25 - 2015-01-20 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 14:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-20 14:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-20 14:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-20 14:23 - 2015-01-20 14:51 - 00003294 _____ () C:\Users\Kenley_2\Desktop\rogue killer report.txt
2015-01-20 14:02 - 2015-01-20 15:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-20 14:02 - 2015-01-20 14:02 - 15431256 _____ () C:\Users\Kenley_2\Downloads\RogueKiller.exe
2015-01-20 14:02 - 2015-01-20 14:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-20 13:59 - 2015-01-20 15:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-20 13:58 - 2015-01-20 13:58 - 15431256 _____ () C:\Users\Kenley_2\Desktop\RogueKiller.exe
2015-01-20 13:47 - 2015-01-20 13:47 - 18570328 _____ () C:\Users\Kenley_2\Desktop\RogueKillerX64.exe
2015-01-20 13:45 - 2015-01-20 13:46 - 11225840 _____ (SurfRight B.V.) C:\Users\Kenley_2\Desktop\HitmanPro_x64.exe
2015-01-20 13:45 - 2015-01-20 13:45 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\Kenley_2\Desktop\tdsskiller.exe
2015-01-20 13:43 - 2015-01-20 13:43 - 01990720 _____ () C:\MGtools.exe
2015-01-20 11:15 - 2014-05-03 18:20 - 41604096 __RSH (Wondershare Software Co.,Ltd. ) C:\WINDOWS\SysWOW64\Microsoft.com
2015-01-20 11:15 - 2014-05-03 18:20 - 41604096 __RSH (Wondershare Software Co.,Ltd. ) C:\ProgramData\Microsoft.com
2015-01-20 11:14 - 2015-01-20 15:50 - 00000000 __SHD () C:\ProgramData\Windows Manager
2015-01-19 14:58 - 2015-01-19 15:04 - 00000000 ____D () C:\Users\Kenley_2\Desktop\vision board
2015-01-18 21:31 - 2015-01-18 21:52 - 00000000 ____D () C:\Program Files\Recuva
2015-01-18 21:31 - 2015-01-18 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-18 21:27 - 2015-01-18 21:27 - 00040960 _____ () C:\WINDOWS\SysWOW64\photorec.ses
2015-01-18 12:47 - 2015-01-18 12:47 - 00000000 ____D () C:\Users\Kenley_2\Documents\testdisk-7.0-WIP.win
2015-01-17 19:26 - 2015-01-17 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-01-17 19:26 - 2015-01-17 19:26 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-17 14:38 - 2015-01-17 18:20 - 00000000 ____D () C:\Users\Kenley_2\AppData\Roaming\Mp3tag
2015-01-17 14:37 - 2015-01-17 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-01-17 14:37 - 2015-01-17 14:37 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-01-17 12:58 - 2015-01-17 18:41 - 00001696 _____ () C:\Users\Kenley_2\Desktop\Google Drive.lnk
2015-01-16 18:45 - 2015-01-20 16:08 - 00000000 ___RD () C:\Users\Kenley_2\Google Drive
2015-01-16 18:44 - 2015-01-16 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-15 07:18 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 07:18 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 07:18 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 07:18 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 07:18 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 07:18 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 07:18 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 07:18 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 07:18 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 07:18 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 07:18 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 07:18 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 07:18 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 07:18 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 07:18 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 07:18 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 07:18 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 07:18 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 07:18 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 07:18 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 07:18 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 07:18 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 07:18 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 07:18 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 07:18 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 07:18 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 07:18 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 07:18 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 07:18 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 07:18 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 07:18 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 16:13 - 2014-03-18 05:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-20 16:12 - 2014-07-19 17:14 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4287402215-2210130391-829758003-1006
2015-01-20 16:09 - 2014-08-14 08:14 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for KRANEY-PC-Kenley_2 Kraney-PC
2015-01-20 16:09 - 2014-07-17 19:28 - 01099571 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-20 16:08 - 2014-07-19 17:10 - 00000000 ___DO () C:\Users\Kenley_2\OneDrive
2015-01-20 16:07 - 2014-11-22 19:00 - 00013136 _____ () C:\WINDOWS\setupact.log
2015-01-20 16:07 - 2014-07-17 19:40 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 16:07 - 2014-07-17 19:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-20 16:07 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-20 16:06 - 2014-03-18 04:54 - 00014922 _____ () C:\WINDOWS\PFRO.log
2015-01-20 16:06 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-20 15:41 - 2014-07-19 17:09 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\VirtualStore
2015-01-20 15:31 - 2014-08-10 09:31 - 00000939 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Update {EBBF8EAA-B98C-4E6D-AD06-72DB7AB93578}.job
2015-01-20 15:31 - 2014-08-10 09:31 - 00000753 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {EBBF8EAA-B98C-4E6D-AD06-72DB7AB93578}.job
2015-01-20 15:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-20 14:56 - 2014-07-17 19:40 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 14:53 - 2014-07-19 17:08 - 00000000 ____D () C:\Users\Kenley_2
2015-01-20 12:23 - 2014-07-17 19:26 - 00000000 ____D () C:\Users\Kraney
2015-01-20 11:13 - 2014-10-01 16:15 - 00000000 ____D () C:\QUARANTINE
2015-01-20 10:27 - 2012-06-15 20:30 - 00000000 ____D () C:\Users\Kenley_2\Documents\Outlook Files
2015-01-20 09:42 - 2014-08-11 08:36 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\7CEE6D04-A277-4E93-84C8-CCBF8733ED16.aplzod
2015-01-20 09:34 - 2014-07-19 17:09 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\Packages
2015-01-19 21:18 - 2014-08-06 18:56 - 00000000 ____D () C:\Users\Kenley_2\AppData\Roaming\vlc
2015-01-19 17:57 - 2014-08-29 08:00 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{30F5C3AC-5C5C-4E5E-B2D1-97AA667A8A27}
2015-01-18 21:38 - 2013-02-17 17:33 - 00000000 ___RD () C:\Users\Kraney\Google Drive
2015-01-18 19:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-18 12:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-17 19:28 - 2014-08-11 20:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 15:09 - 2012-08-03 23:49 - 00000000 ____D () C:\Users\Kenley_2\Documents\Audio books
2015-01-17 11:08 - 2014-08-10 12:38 - 00000000 ____D () C:\Users\Kenley_2\AppData\Roaming\Dropbox
2015-01-17 11:07 - 2014-07-21 10:43 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\Deployment
2015-01-16 18:44 - 2014-07-19 17:09 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\Google
2015-01-16 18:44 - 2014-07-17 19:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-15 11:49 - 2014-07-19 14:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 11:11 - 2013-08-22 10:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-13 10:05 - 2014-08-12 11:51 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\Foxit Reader
2015-01-09 15:25 - 2014-09-20 08:29 - 00000000 ____D () C:\Users\Kenley_2\AppData\Local\Microsoft Help
2015-01-05 19:08 - 2014-12-11 07:45 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-05 19:08 - 2014-12-11 07:45 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-02 11:38 - 2014-08-10 17:30 - 729133338 _____ () C:\Users\Kenley_2\Documents\MAC.plp
2014-12-31 13:12 - 2014-07-19 14:44 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
2015-01-20 11:15 - 2014-05-03 18:20 - 41604096 __RSH (Wondershare Software Co.,Ltd.                               ) C:\ProgramData\Microsoft.com
 
Some content of TEMP:
====================
C:\Users\Kenley_2\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kenley_2\AppData\Local\Temp\Quarantine.exe
C:\Users\Kenley_2\AppData\Local\Temp\sqlite3.dll
C:\Users\Kenley_2\AppData\Local\Temp\WondersharePDFEditor3.6.2.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 19:03
 
==================== End Of Log ============================
 
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Kenley_2 at 2015-01-20 16:22:34
Running from C:\Users\Kenley_2\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\BitTorrent) (Version: 7.9.2.33498 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dell System Detect (HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
McAfee Agent (HKLM-x32\...\{DE91C193-2611-4BD3-A9F9-DF589C572565}) (Version: 4.6.0.2292 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Unity Web Player (HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4287402215-2210130391-829758003-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kenley_2\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
 
==================== Restore Points  =========================
 
05-01-2015 12:15:11 Scheduled Checkpoint
13-01-2015 08:54:17 Scheduled Checkpoint
17-01-2015 19:26:52 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
20-01-2015 15:14:54 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {472595F8-54A8-4398-B297-056975E8F180} - System32\Tasks\EPSON XP-410 Series Update {EBBF8EAA-B98C-4E6D-AD06-72DB7AB93578} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {50FF60F6-EDD3-418C-8A5F-1F7ACCD86770} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KRANEY-PC-Kenley_2 Kraney-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {64C33D81-75D5-4B61-8649-8FB320EFB630} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {71D4E194-1378-40EC-8E40-6062E4966BA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {84CC2F00-2DD8-45C0-941D-67AA259E9447} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {87B7890B-EF3F-4ED1-B3D5-C11B8C3F7832} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {AC9DB826-0BC6-406B-99A3-3ACB618C0068} - System32\Tasks\EPSON XP-410 Series Invitation {EBBF8EAA-B98C-4E6D-AD06-72DB7AB93578} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DB2A1C9D-8E83-4563-B48E-F38092C83D36} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {EAC38873-0A5D-437A-A752-447D38E9031F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {F40539CF-75E8-445D-983A-99FC4EB7D001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F6B22934-CB8C-4707-A8E0-C68636A16E32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {EBBF8EAA-B98C-4E6D-AD06-72DB7AB93578}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Update {EBBF8EAA-B98C-4E6D-AD06-72DB7AB93578}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-17 19:37 - 2014-11-12 16:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-30 01:02 - 2014-01-30 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-20 16:08 - 2015-01-20 16:08 - 01497088 _____ () C:\Users\Kenley_2\AppData\Local\Temp\is-UBOCJ.tmp\WondersharePDFEditor3.6.2.tmp
2015-01-20 16:16 - 2015-01-20 16:16 - 00706560 _____ () C:\Users\Kenley_2\AppData\Local\Temp\is-N8VVU.tmp\mbam-setup-2.0.4.1028.tmp
2015-01-20 16:16 - 2015-01-20 16:16 - 00706560 _____ () C:\Users\Kenley_2\AppData\Local\Temp\is-VS7AB.tmp\mbam-setup-2.0.4.1028.tmp
2014-07-03 15:20 - 2014-07-03 15:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 21:30 - 2007-04-18 21:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 21:30 - 2007-04-18 21:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2015-01-20 16:07 - 2015-01-20 16:07 - 00098816 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32api.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00110080 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\pywintypes27.dll
2015-01-20 16:07 - 2015-01-20 16:07 - 00364544 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\pythoncom27.dll
2015-01-20 16:07 - 2015-01-20 16:07 - 00045568 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\_socket.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 01160704 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\_ssl.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00320512 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32com.shell.shell.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00713216 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\_hashlib.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 01175040 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._core_.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00805888 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._gdi_.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00811008 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._windows_.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 01062400 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._controls_.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00735232 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._misc_.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00557056 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\pysqlite2._sqlite.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00128512 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\_elementtree.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00127488 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\pyexpat.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00087552 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\_ctypes.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00119808 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32file.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00108544 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32security.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00007168 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\hashobjs_ext.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00167936 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32gui.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00018432 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32event.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00038912 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32inet.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00011264 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32crypt.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00070656 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._html2.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00027136 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\_multiprocessing.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00035840 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32process.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00686080 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\unicodedata.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00122368 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._wizard.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00024064 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32pipe.pyd
2015-01-20 16:08 - 2015-01-20 16:08 - 00025600 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32pdh.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00525640 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\windows._lib_cacheinvalidation.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00010240 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\select.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00017408 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32profile.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00022528 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\win32ts.pyd
2015-01-20 16:07 - 2015-01-20 16:07 - 00078336 _____ () C:\Users\Kenley_2\AppData\Local\Temp\_MEI44562\wx._animate.pyd
2015-01-20 16:08 - 2014-04-02 19:42 - 00071752 _____ () C:\Users\Kenley_2\AppData\Local\Temp\is-H2D9M.tmp\WSOverlay.dll
2015-01-13 18:58 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-13 18:58 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-13 18:58 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-13 18:58 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Kenley_2\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-4287402215-2210130391-829758003-1006\...\StartupApproved\Run: => "ApplePhotoStreams"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4287402215-2210130391-829758003-500 - Administrator - Disabled)
Guest (S-1-5-21-4287402215-2210130391-829758003-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4287402215-2210130391-829758003-1003 - Limited - Enabled)
Kenley_2 (S-1-5-21-4287402215-2210130391-829758003-1006 - Administrator - Enabled) => C:\Users\Kenley_2
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/20/2015 04:08:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SHSTAT.EXE, version: 8.8.0.975, time stamp: 0x4fcfd843
Faulting module name: ftcfg.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000135
Fault offset: 0x00098f05
Faulting process id: 0x1224
Faulting application start time: 0xSHSTAT.EXE0
Faulting application path: SHSTAT.EXE1
Faulting module path: SHSTAT.EXE2
Report Id: SHSTAT.EXE3
Faulting package full name: SHSTAT.EXE4
Faulting package-relative application ID: SHSTAT.EXE5
 
Error: (01/20/2015 03:54:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 3.1.100.0, time stamp: 0x53d25804
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000142
Fault offset: 0x00000000000ec0b4
Faulting process id: 0x1508
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5
 
Error: (01/20/2015 03:45:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/20/2015 03:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swwhoami.exe, version: 1.0.0.1, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000005
Fault offset: 0x0003e4e9
Faulting process id: 0x9ec
Faulting application start time: 0xswwhoami.exe0
Faulting application path: swwhoami.exe1
Faulting module path: swwhoami.exe2
Report Id: swwhoami.exe3
Faulting package full name: swwhoami.exe4
Faulting package-relative application ID: swwhoami.exe5
 
Error: (01/20/2015 03:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 3.1.100.0, time stamp: 0x53d25804
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000142
Fault offset: 0x00000000000ec0b4
Faulting process id: 0x100c
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5
 
Error: (01/20/2015 03:14:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dabd8213-f64b-46fd-ba11-42370d3e9958}
 
Error: (01/20/2015 02:13:59 PM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
 
The process will be terminated.
Thread id : 2988 (0xbac)
 
Thread address : 0x0000000060B1A097
 
Thread message : 
 
 Build VSCORE.15.0.0.466 / 5600.1067
 Object being scanned = \Device\HarddiskVolume3\WINDOWS\SYSTEM32\en-US\ntdll.dll.mui
 by C:\WINDOWS\system32\csrss.exe
 4(1235)(0)
 4(1235)(0)
 7200(94)(0)
 7595(94)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (01/20/2015 01:34:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1034
 
Start Time: 01d034def41f159d
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ebdf1cee-a0d2-11e4-827e-00dbdf2746a5
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/20/2015 01:04:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1010
 
Start Time: 01d034dac3229f05
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ba4de823-a0ce-11e4-827e-00dbdf2746a5
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/20/2015 00:56:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 324
 
Start Time: 01d034d9afb7570b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a3b0356f-a0cd-11e4-827e-00dbdf2746a5
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (01/20/2015 04:07:32 PM) (Source: DCOM) (EventID: 10016) (User: KRANEY-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Kraney-PCKenley_2S-1-5-21-4287402215-2210130391-829758003-1006LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/20/2015 04:07:32 PM) (Source: DCOM) (EventID: 10016) (User: KRANEY-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Kraney-PCKenley_2S-1-5-21-4287402215-2210130391-829758003-1006LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/20/2015 04:07:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Task Manager service failed to start due to the following error: 
%%5
 
Error: (01/20/2015 04:06:32 PM) (Source: DCOM) (EventID: 10010) (User: KRANEY-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/20/2015 04:06:31 PM) (Source: DCOM) (EventID: 10005) (User: KRANEY-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/20/2015 04:06:18 PM) (Source: DCOM) (EventID: 10005) (User: KRANEY-PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (01/20/2015 04:06:18 PM) (Source: DCOM) (EventID: 10005) (User: KRANEY-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/20/2015 04:05:51 PM) (Source: DCOM) (EventID: 10005) (User: KRANEY-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/20/2015 04:04:43 PM) (Source: DCOM) (EventID: 10005) (User: KRANEY-PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (01/20/2015 04:04:41 PM) (Source: DCOM) (EventID: 10005) (User: KRANEY-PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office Sessions:
=========================
Error: (01/20/2015 04:08:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SHSTAT.EXE8.8.0.9754fcfd843ftcfg.dll6.3.9600.1727853eeb4a3c000013500098f05122401d034f528b9065cC:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXEftcfg.dll6ed9b9e5-a0e8-11e4-8289-00dbdf2746a5
 
Error: (01/20/2015 03:54:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.100.053d25804KERNELBASE.dll6.3.9600.1727853eebd22c000014200000000000ec0b4150801d034f3410de3b6C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll7ec3f92b-a0e6-11e4-8287-00dbdf2746a5
 
Error: (01/20/2015 03:45:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/20/2015 03:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: swwhoami.exe1.0.0.12a425e19ntdll.dll6.3.9600.1727853eeb4a3c00000050003e4e99ec01d034efafa07ae8C:\MGTools\swwhoami.exeC:\WINDOWS\SYSTEM32\ntdll.dlleea64ecf-a0e2-11e4-8284-00dbdf2746a5
 
Error: (01/20/2015 03:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.100.053d25804KERNELBASE.dll6.3.9600.1727853eebd22c000014200000000000ec0b4100c01d034ee1d8204ecC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll5b35b7f5-a0e1-11e4-8283-00dbdf2746a5
 
Error: (01/20/2015 03:14:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dabd8213-f64b-46fd-ba11-42370d3e9958}
 
Error: (01/20/2015 02:13:59 PM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002988 (0xbac)0x0000000060B1A097
 Build VSCORE.15.0.0.466 / 5600.1067
 Object being scanned = \Device\HarddiskVolume3\WINDOWS\SYSTEM32\en-US\ntdll.dll.mui
 by C:\WINDOWS\system32\csrss.exe
 4(1235)(0)
 4(1235)(0)
 7200(94)(0)
 7595(94)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (01/20/2015 01:34:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689103401d034def41f159d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeebdf1cee-a0d2-11e4-827e-00dbdf2746a5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/20/2015 01:04:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689101001d034dac3229f054294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeba4de823-a0ce-11e4-827e-00dbdf2746a5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/20/2015 00:56:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068932401d034d9afb7570b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exea3b0356f-a0cd-11e4-827e-00dbdf2746a5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 48%
Total physical RAM: 4043.86 MB
Available physical RAM: 2072.59 MB
Total Pagefile: 4747.86 MB
Available Pagefile: 2468.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:685.34 GB) (Free:30.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 5B552A42)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=685.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Hello yenark and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate new fresh FRST logs.

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.