RCliff Posted March 10, 2015 ID:946503 Share Posted March 10, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01Ran by Ryan (administrator) on ATTICUS on 09-03-2015 18:25:47Running from C:\Users\Ryan\DesktopLoaded Profiles: Ryan (Available profiles: Ryan)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe(AMD) C:\Windows\System32\atiesrxx.exe(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe() C:\Program Files\CyberLink\Shared files\RichVideo64.exe() C:\Program Files (x86)\Products\Time Service\svctimehpc.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-07-02] (Realtek Semiconductor)HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2825456 2014-05-15] (Synaptics Incorporated)HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239328 2013-12-18] (McAfee, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [256272 2015-02-19] (Client Connect LTD)AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [218384 2015-02-19] (Client Connect LTD)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1HKU\S-1-5-21-2438244625-571432445-4229052489-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-2438244625-571432445-4229052489-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1HKU\S-1-5-21-2438244625-571432445-4229052489-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehomeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {8EC2B703-04CA-4D47-B09F-C1094D3D36C4} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-2438244625-571432445-4229052489-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M5F16236D-C308-455E-BEE9-D82BF3BC611F&SearchSource=58&CUI=&UM=8&UP=SP6290F7C6-FE9E-48C6-9E04-BF256BC3B4F1&q={searchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-2438244625-571432445-4229052489-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M5F16236D-C308-455E-BEE9-D82BF3BC611F&SearchSource=58&CUI=&UM=8&UP=SP6290F7C6-FE9E-48C6-9E04-BF256BC3B4F1&q={searchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-2438244625-571432445-4229052489-1002 -> {8EC2B703-04CA-4D47-B09F-C1094D3D36C4} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150215183547.dll [2015-02-15] (McAfee, Inc.)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150215183548.dll [2015-02-15] (McAfee, Inc.)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Cyti Web 1.0.0.7 -> {aa2fac44-d24d-4fed-9e32-397d138365f1} -> C:\Program Files (x86)\Cyti Web\CytiWebbho.dll No FileBHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-30]FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCoreFF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-02-15] Chrome: =======CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M5F16236D-C308-455E-BEE9-D82BF3BC611F&SearchSource=55&CUI=&UM=8&UP=SP6290F7C6-FE9E-48C6-9E04-BF256BC3B4F1&SSPV=CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M5F16236D-C308-455E-BEE9-D82BF3BC611F&SearchSource=55&CUI=&UM=8&UP=SP6290F7C6-FE9E-48C6-9E04-BF256BC3B4F1&SSPV=", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-25]CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]CHR Extension: (Cyti Web) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dckoiijbfmmlaaajifhilhncpmdjjogn [2015-02-02]CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-25]CHR Extension: (Google Calendar) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-01]CHR Extension: (Google Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-06] () [File not signed]R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-06] (Advanced Micro Devices, Inc.) [File not signed]R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2948880 2015-02-19] (Client Connect LTD)R2 cozwdhost; C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe [245744 2015-02-02] ()R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [610640 2014-03-21] (McAfee, Inc.)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)R2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153352 2013-06-12] (McAfee, Inc.)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2015-02-15] (McAfee, Inc.)R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-18] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2015-02-15] (McAfee, Inc.)R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)R2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-05-15] (Synaptics Incorporated)R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)S2 cozaghost; "C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe" /ts2=1 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-01-20] (Advanced Micro Devices, Inc. )R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264392 2015-01-20] (Advanced Micro Devices, Inc. )R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)R3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [53728 2014-08-12] (McAfee, Inc.)R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [200616 2013-12-18] (McAfee, Inc.)R3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2015-02-15] ()R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2015-02-15] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2015-02-15] (McAfee, Inc.)U3 mfeavfk01; No ImagePathS0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2015-02-15] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520056 2013-12-18] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2015-02-15] (McAfee, Inc.)R1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [78960 2013-12-18] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2015-02-15] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2015-02-15] (McAfee, Inc.)R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-29] (Realtek Semiconductor Corp.)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3636440 2014-12-30] (Realtek Semiconductor Corporation )S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-05-15] (Synaptics Incorporated)S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-05-15] (Synaptics Incorporated)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)R1 {34789ec0-129d-4a2d-b089-9977cdae65db}Gw64; C:\Windows\System32\drivers\{34789ec0-129d-4a2d-b089-9977cdae65db}Gw64.sys [48832 2015-02-15] (StdLib)R1 {4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64; C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys [48832 2015-02-02] (StdLib)S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftDEB0.tmp\amifldrv64.sys [X]U3 McMPFSvc; No ImagePathU3 McNaiAnn; No ImagePathU3 mcpltsvc; No ImagePathU3 McProxy; No ImagePathU3 mfecore; No ImagePathU3 MSK80Service; No ImagePathR3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-09 18:25 - 2015-03-09 18:26 - 00025306 _____ () C:\Users\Ryan\Desktop\FRST.txt2015-03-09 18:25 - 2015-03-09 18:25 - 00000000 ____D () C:\FRST2015-03-09 18:19 - 2015-03-09 18:19 - 02095104 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe2015-03-04 02:40 - 2015-03-04 02:40 - 53898704 _____ () C:\Users\Ryan\Downloads\Capture_20131012.wmv2015-03-04 02:40 - 2015-03-04 02:40 - 22239386 _____ () C:\Users\Ryan\Downloads\Capture_20131012_2.wmv2015-03-02 05:29 - 2015-03-04 02:45 - 00065536 ___SH () C:\Users\Ryan\Downloads\Thumbs.db2015-03-02 05:20 - 2015-03-02 05:20 - 25769567 _____ () C:\Users\Ryan\Downloads\ForRyan69.wmv2015-03-02 05:18 - 2015-03-02 05:18 - 04909977 _____ () C:\Users\Ryan\Downloads\ForRyanHeels.wmv2015-03-02 05:12 - 2015-03-02 05:13 - 269801729 _____ () C:\Users\Ryan\Downloads\RyanCouch.wmv2015-03-02 05:09 - 2015-03-02 05:09 - 12255946 _____ () C:\Users\Ryan\Downloads\ForRyanHeelsBj.wmv2015-03-02 05:08 - 2015-03-02 05:08 - 00002287 _____ () C:\Users\Ryan\Downloads\ForRyanHeelsBj.wlmp2015-02-25 15:29 - 2015-02-25 15:29 - 00003456 _____ () C:\Windows\System32\Tasks\avayvaxvaa2015-02-25 15:29 - 2015-02-25 15:29 - 00000000 ____D () C:\Users\Ryan\AppData\Local\avayvaxvaa2015-02-16 20:05 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-02-16 20:05 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-02-16 15:26 - 2013-12-18 15:19 - 00520056 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys2015-02-16 15:26 - 2013-12-18 15:19 - 00078960 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfenlfk.sys2015-02-15 22:08 - 2015-02-26 20:28 - 00002151 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk2015-02-15 21:19 - 2015-03-02 19:43 - 00000000 ____D () C:\ProgramData\Time Service2015-02-15 21:19 - 2015-02-15 21:19 - 00000000 ____D () C:\Program Files (x86)\Products2015-02-15 19:38 - 2013-12-18 15:18 - 00200616 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys2015-02-15 19:37 - 2015-02-15 19:37 - 00000000 ____D () C:\Program Files\McAfee2015-02-15 19:37 - 2014-08-12 01:17 - 00053728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\FireNfcp.sys2015-02-15 19:35 - 2015-02-15 19:34 - 00069344 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeelamk.sys2015-02-15 19:34 - 2015-02-15 19:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\McAfee2015-02-15 19:34 - 2015-02-15 19:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\McAfee2015-02-15 19:24 - 2015-03-08 16:40 - 00000000 ____D () C:\Quarantine2015-02-15 19:12 - 2015-02-15 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2015-02-15 19:12 - 2015-02-15 19:34 - 00782968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys2015-02-15 19:12 - 2015-02-15 19:34 - 00344176 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys2015-02-15 19:12 - 2015-02-15 19:34 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys2015-02-15 19:12 - 2015-02-15 19:34 - 00185280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe2015-02-15 19:12 - 2015-02-15 19:34 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys2015-02-15 19:12 - 2015-02-15 19:34 - 00121896 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll2015-02-15 19:12 - 2015-02-15 19:34 - 00107032 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys2015-02-15 19:12 - 2015-02-15 19:34 - 00094080 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll2015-02-15 19:12 - 2015-02-15 19:34 - 00025088 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll2015-02-15 19:12 - 2015-02-15 19:34 - 00011208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys2015-02-15 19:12 - 2015-02-15 19:12 - 00000000 ____D () C:\Program Files\Common Files\McAfee2015-02-15 19:11 - 2015-02-15 19:37 - 00000000 ____D () C:\Program Files (x86)\McAfee2015-02-15 19:11 - 2015-02-15 19:11 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\McAfee2015-02-15 19:10 - 2015-02-15 19:10 - 00000000 ____D () C:\Temp2015-02-15 19:08 - 2015-02-15 19:08 - 00000258 __RSH () C:\ProgramData\ntuser.pol2015-02-15 19:05 - 2015-02-15 04:33 - 00048832 _____ (StdLib) C:\Windows\system32\Drivers\{34789ec0-129d-4a2d-b089-9977cdae65db}Gw64.sys2015-02-15 11:22 - 2015-02-15 11:22 - 00003088 _____ () C:\Windows\System32\Tasks\{B61B4B52-7145-4A7D-B90B-B54CF396EF92}2015-02-13 15:16 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll2015-02-13 15:16 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-02-13 15:16 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-02-13 15:16 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-02-13 15:16 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-02-13 15:16 - 2015-01-13 18:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-02-13 15:16 - 2015-01-13 18:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2015-02-13 15:16 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-02-13 15:16 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-02-13 15:16 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-02-13 15:16 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-02-13 15:16 - 2015-01-11 22:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-02-13 15:16 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-02-13 15:16 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-13 15:16 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-02-13 15:16 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-02-13 15:16 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-02-13 15:16 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-02-13 15:16 - 2015-01-11 21:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-02-13 15:16 - 2015-01-11 21:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-02-13 15:16 - 2015-01-11 21:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-02-13 15:16 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-02-13 15:16 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-02-13 15:16 - 2015-01-11 21:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-02-13 15:16 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-02-13 15:16 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-02-13 15:16 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-02-13 15:16 - 2015-01-11 21:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-02-13 15:16 - 2015-01-11 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-02-13 15:16 - 2015-01-11 21:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-02-13 15:16 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-02-13 15:16 - 2015-01-11 21:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-02-13 15:16 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-02-13 15:16 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-02-13 15:16 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-02-13 15:16 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-02-13 15:16 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-02-13 15:16 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-02-13 15:16 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-02-13 15:16 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-02-13 15:16 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-02-13 15:16 - 2015-01-10 05:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-02-13 15:16 - 2015-01-10 05:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-02-13 15:16 - 2015-01-10 04:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-02-13 15:16 - 2015-01-10 03:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-02-13 15:16 - 2015-01-10 02:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-02-13 15:16 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-02-13 15:16 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2015-02-13 15:16 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll2015-02-13 15:16 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-02-13 15:16 - 2014-12-08 19:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml2015-02-13 15:15 - 2015-01-10 04:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-09 18:23 - 2014-12-30 14:59 - 01962822 _____ () C:\Windows\WindowsUpdate.log2015-03-09 18:14 - 2015-01-25 22:04 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-09 18:14 - 2015-01-25 22:04 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-09 18:05 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp2015-03-09 18:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru2015-03-09 17:11 - 2015-01-08 12:01 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E4B095C4-59F5-4002-8DD5-1A1CFB2AE42B}2015-03-08 20:34 - 2015-01-08 11:58 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyan2015-03-08 20:34 - 2015-01-08 11:58 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForRyan.job2015-03-08 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness2015-03-08 16:26 - 2014-12-30 15:30 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2438244625-571432445-4229052489-10022015-02-26 20:41 - 2014-03-18 05:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-25 22:01 - 2014-12-30 19:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2015-02-25 15:29 - 2015-02-02 21:15 - 00000000 ____D () C:\Program Files (x86)\SearchProtect2015-02-22 16:03 - 2014-12-30 15:31 - 00000000 ___DO () C:\Users\Ryan\OneDrive2015-02-22 16:02 - 2014-12-30 15:27 - 00000000 ____D () C:\Users\Ryan\Documents\Youcam2015-02-22 15:50 - 2014-10-09 16:42 - 00544462 _____ () C:\Windows\SysWOW64\rootpa.e2e2015-02-22 15:49 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-22 15:48 - 2014-03-18 05:44 - 00058460 _____ () C:\Windows\PFRO.log2015-02-22 15:48 - 2013-08-22 10:46 - 00023427 _____ () C:\Windows\setupact.log2015-02-22 15:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI2015-02-22 15:47 - 2014-10-09 16:33 - 00065536 _____ () C:\Windows\system32\spu_storage.bin2015-02-21 16:16 - 2015-01-25 22:04 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-16 15:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache2015-02-15 23:54 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM2015-02-15 23:50 - 2014-07-11 04:00 - 00000000 ____D () C:\ProgramData\Package Cache2015-02-15 22:27 - 2014-12-30 19:13 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-02-15 22:27 - 2013-08-22 09:25 - 00000301 _____ () C:\Windows\win.ini2015-02-15 22:05 - 2013-08-22 10:44 - 00491808 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-15 21:18 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData2015-02-15 21:18 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel2015-02-15 21:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup2015-02-15 21:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv2015-02-15 21:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup2015-02-15 21:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\inetsrv2015-02-15 21:16 - 2015-01-08 13:10 - 00000000 ____D () C:\Windows\system32\MRT2015-02-15 19:38 - 2014-10-09 17:02 - 00000000 ____D () C:\ProgramData\McAfee2015-02-15 19:36 - 2015-01-08 13:10 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-02-15 19:35 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP2015-02-15 19:25 - 2015-02-02 21:14 - 00000000 ____D () C:\Program Files (x86)\Cyti Web2015-02-15 19:10 - 2014-12-30 19:02 - 00000000 ____D () C:\Users\Ryan\Documents\kits2015-02-15 19:05 - 2014-07-11 03:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection2015-02-15 14:47 - 2014-12-30 15:24 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Packages ==================== Files in the root of some directories ======= 2015-02-02 21:16 - 2015-02-02 21:16 - 0000064 _____ () C:\Users\Ryan\AppData\Local\3679ca963d69910cfe20b524eda3f024 Some content of TEMP:====================C:\Users\Ryan\AppData\Local\Temp\1.tmp.exeC:\Users\Ryan\AppData\Local\Temp\Extract.exeC:\Users\Ryan\AppData\Local\Temp\FoxitUpdater.exeC:\Users\Ryan\AppData\Local\Temp\GL_85FA.EXEC:\Users\Ryan\AppData\Local\Temp\Setup.exeC:\Users\Ryan\AppData\Local\Temp\SP67335.exeC:\Users\Ryan\AppData\Local\Temp\SP68055.exeC:\Users\Ryan\AppData\Local\Temp\SP69143.exeC:\Users\Ryan\AppData\Local\Temp\SP69229.exeC:\Users\Ryan\AppData\Local\Temp\SP69386.exeC:\Users\Ryan\AppData\Local\Temp\SP69401.exeC:\Users\Ryan\AppData\Local\Temp\SP69416.exeC:\Users\Ryan\AppData\Local\Temp\SP69888.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-09 17:19 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01Ran by Ryan at 2015-03-09 18:27:20Running from C:\Users\Ryan\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Host Intrusion Prevention Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)AMD Catalyst Install Manager (HKLM\...\{89D9FBD5-7D44-509B-D17D-71FF2B2E7BDD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) HiddenBarn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) HiddenBejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) HiddenCyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)Cyberlink PhotoDirector (Version: 5.0.3.5715 - CyberLink Corp.) HiddenCyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.)CyberLink PowerDirector 12 (Version: 12.0.2.3324 - CyberLink Corp.) HiddenCyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) HiddenDisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenDummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) HiddenFarmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) HiddenFishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) HiddenFort Defense (x32 Version: 3.0.2.51 - WildTangent) HiddenFoxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)HP Timing Service (HKLM-x32\...\{C74C286B-67D8-453B-A639-9C99053E76A2}) (Version: 2.2.1503 - Hewlett-Packard)HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)Inst5675 (Version: 8.01.11 - Softex Inc.) HiddenInst5676 (Version: 8.01.11 - Softex Inc.) HiddenJewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) HiddenJoining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) HiddenJo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) HiddenLost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) HiddenLUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMcAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)McAfee Host Intrusion Prevention (HKLM\...\{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst) (Version: 8.00.0402 - McAfee, Inc.)McAfee Host Intrusion Prevention (Version: 8.00.0402 - McAfee, Inc.) HiddenMcAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) HiddenOEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPenguins! (x32 Version: 3.0.2.59 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) HiddenPolar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) HiddenRealtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenSearch Protect (HKLM-x32\...\SearchProtect) (Version: 2.21.20.22 - Client Connect LTD) <==== ATTENTIONService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.15.0 - Synaptics Incorporated)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenViking Saga (x32 Version: 3.0.2.48 - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) HiddenYouda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-02-2015 01:15:56 Windows Update24-02-2015 22:23:15 Windows Update04-03-2015 16:42:44 Scheduled Checkpoint09-03-2015 17:52:10 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2BCE7F98-8AE6-401B-B753-E0F31551A893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)Task: {34521AF0-4C57-4621-87A9-6B255145F68C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)Task: {3531767B-8684-4587-8416-47A6B19688A4} - System32\Tasks\HPCeeScheduleForRyan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {38F4D949-16B0-4B6B-8FFD-1866DF73F8BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)Task: {4D5B88FB-C0F2-4B84-8DD1-16734AF09D04} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {4D96F4FA-F637-44A8-B9CB-83A5F657C21F} - System32\Tasks\{B61B4B52-7145-4A7D-B90B-B54CF396EF92} => pcalua.exe -a "F:\mcafee 4.6\McAfeeInst.EXE" -d "F:\mcafee 4.6"Task: {7DC29331-CCD3-49FA-A693-DBF5A835B8F5} - System32\Tasks\avayvaxvaa => C:\Users\Ryan\AppData\Local\avayvaxvaa\avayvaxvaa.exe <==== ATTENTIONTask: {8BA53B30-A7E4-492D-9A36-F1288262D04D} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)Task: {9F6C130D-6DD4-40BC-9A8C-17877E2CFBCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {BAD5B087-8689-479A-932E-CFD635F7AEA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)Task: {CE394396-4FDC-4F7F-B772-FE707E063335} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTIONTask: {E2D208C4-4C64-4B7B-9992-DE4E11DE81E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)Task: {EE8E79D1-528B-4CC4-B676-C5C51AA3A385} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)Task: {F7645A27-08FD-4F94-B7E6-4535456AAF11} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll2014-06-06 01:42 - 2014-06-06 01:42 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe2014-06-06 01:40 - 2014-06-06 01:40 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2015-02-02 09:35 - 2015-02-02 09:35 - 00245744 _____ () C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe2014-12-30 19:59 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe2012-09-11 20:55 - 2012-09-11 20:55 - 13387128 _____ () C:\Program Files (x86)\Products\Time Service\svctimehpc.exe2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe2015-02-01 20:40 - 2015-02-01 20:40 - 00045568 _____ () C:\Users\Ryan\AppData\Local\Packages\AD2F1837.HPConnectedPhotopoweredbySnapfish_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\HP.ASG.RLog\cf625f8f018ca0093da61d09e2d3bb77\HP.ASG.RLog.ni.dll2015-01-25 22:26 - 2015-01-25 22:26 - 01278464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll2015-01-25 22:27 - 2015-01-25 22:27 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll2015-01-25 22:26 - 2015-01-25 22:26 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll2015-01-25 22:26 - 2015-01-25 22:26 - 00347136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll2015-02-01 20:40 - 2015-02-01 20:40 - 00050688 _____ () C:\Users\Ryan\AppData\Local\Packages\AD2F1837.HPConnectedPhotopoweredbySnapfish_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\TitoPCL\3f5eb226662c5156dedb7d2b9723ed8d\TitoPCL.ni.dll2015-02-01 20:38 - 2015-02-01 20:38 - 00632320 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll2015-01-25 22:27 - 2015-01-25 22:27 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll2015-02-01 20:38 - 2015-02-01 20:38 - 02019840 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll2015-02-01 20:38 - 2015-02-01 20:38 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll2015-01-25 22:25 - 2015-01-25 22:25 - 01259520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll2014-10-09 17:06 - 2014-10-09 17:06 - 00044320 _____ () C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_2.5.6.4614_neutral__v10z8vjag6ke6\Dragon.Effects.winmd2014-10-09 17:06 - 2014-10-09 17:06 - 00053536 _____ () C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_2.5.6.4614_neutral__v10z8vjag6ke6\DImageProcessing.DLL2014-10-09 17:06 - 2014-10-09 17:06 - 00016160 _____ () C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_2.5.6.4614_neutral__v10z8vjag6ke6\Dragon.Log.winmd2013-08-22 03:19 - 2013-08-22 02:54 - 00049664 _____ () C:\Windows\system32\WinMetadata\Windows.Graphics.winmd2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2015-02-21 16:16 - 2015-02-17 18:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll2015-02-21 16:16 - 2015-02-17 18:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll2015-02-21 16:16 - 2015-02-17 18:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll2015-02-21 16:16 - 2015-02-17 18:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Ryan\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2438244625-571432445-4229052489-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpgDNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2438244625-571432445-4229052489-500 - Administrator - Disabled)Guest (S-1-5-21-2438244625-571432445-4229052489-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2438244625-571432445-4229052489-1004 - Limited - Enabled)Ryan (S-1-5-21-2438244625-571432445-4229052489-1002 - Administrator - Enabled) => C:\Users\Ryan ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (03/09/2015 06:07:43 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 27e0 Start Time: 01d05ab4c0943933 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: b42d6032-c6a8-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/09/2015 05:40:36 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2e30 Start Time: 01d05ab0f6d37034 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: ea878544-c6a4-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/09/2015 05:21:21 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (03/09/2015 05:21:20 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (03/09/2015 05:16:14 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b0c Start Time: 01d05aad34c71a7a Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 835fc425-c6a1-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 11:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 27c0 Start Time: 01d05a1adc2bf595 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: d0152eb0-c60e-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 11:16:06 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 132c Start Time: 01d05a16ab43be9f Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 9ed4113d-c60a-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 10:46:06 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f28 Start Time: 01d05a127a65e83c Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 6df67f86-c606-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 10:11:43 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3694 Start Time: 01d05a0dac778ac6 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: a003639b-c601-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 09:46:06 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10d8 Start Time: 01d05a0a18961c08 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 0c298e1c-c5fe-11e4-826a-3863bba20471 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 System errors:=============Error: (03/09/2015 06:28:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Error: (03/09/2015 06:28:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cozaghost service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (03/09/2015 06:07:43 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.2068927e001d05ab4c09439334294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeb42d6032-c6a8-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/09/2015 05:40:36 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.206892e3001d05ab0f6d370344294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeea878544-c6a4-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/09/2015 05:21:21 PM) (Source: SideBySide) (EventID: 33) (User: )Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_CacheAgent.exe.Manifest Error: (03/09/2015 05:21:20 PM) (Source: SideBySide) (EventID: 33) (User: )Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest Error: (03/09/2015 05:16:14 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.206891b0c01d05aad34c71a7a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe835fc425-c6a1-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 11:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.2068927c001d05a1adc2bf5954294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed0152eb0-c60e-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 11:16:06 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.20689132c01d05a16ab43be9f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe9ed4113d-c60a-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 10:46:06 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.20689f2801d05a127a65e83c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6df67f86-c606-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 10:11:43 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.20689369401d05a0dac778ac64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exea003639b-c601-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/08/2015 09:46:06 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.2068910d801d05a0a18961c084294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe0c298e1c-c5fe-11e4-826a-3863bba20471microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 ==================== Memory info =========================== Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 43%Total physical RAM: 7105.13 MBAvailable physical RAM: 4015.68 MBTotal Pagefile: 8321.37 MBAvailable Pagefile: 4574.32 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:675.84 GB) (Free:622.69 GB) NTFSDrive d: (RECOVERY) (Fixed) (Total:21.77 GB) (Free:2.45 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 698.6 GB) (Disk ID: 449A93E7) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted March 10, 2015 ID:946504 Share Posted March 10, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop.Install the progam and select update.Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
RCliff Posted March 12, 2015 Author ID:946990 Share Posted March 12, 2015 Scan Log.txt TwinHeadedEagle, I followed the instructions in your reply I have the log attached to this post.Thank you for your help. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted March 12, 2015 ID:947010 Share Posted March 12, 2015 Very good. How is your PC behaving now? Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop.Right-click on icon and select Run as Administrator to start the tool.Wait until the database is updated.Accept the Terms of use and click Scan.When finished, please click Clean.Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.Please upload report in your reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please upload them into your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 19, 2015 Root Admin ID:948963 Share Posted March 19, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts