Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2015 Ran by gle97_000 at 2015-01-10 14:20:53 Running from C:\Users\gle97_000\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 4500_G510af_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.) Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.) Rhapsody (HKU\S-1-5-21-576913787-332086946-380077188-1001\...\8aa854a199af1b36) (Version: 6.5.3.0 - Rhapsody International Inc.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 27-12-2014 20:08:08 Installed Minecraft 30-12-2014 12:32:49 Installed Java 7 Update 60 10-01-2015 11:56:26 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00626BB0-2045-4B40-A492-9A54EC9A4AC7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.) Task: {044DDA86-33F7-4350-9F5E-6545B98EBFF3} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Runner.exe Task: {218C6116-636E-47DF-987B-D6FCDD499D43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {2C1ED89F-C12B-4410-9FC2-02A4EA151417} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {305C9798-0F8B-48BE-9DCE-5136B0C73ED0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {377CF28E-3753-4E67-946C-2089FE2BAEC0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {38CDB457-A9C6-4FC1-8BF8-6A9EFF9D34B4} - System32\Tasks\HPCeeScheduleForgle97_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {3DFEFAEE-FC2E-40B5-8FBE-65C4C3300404} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {3EE4691B-826A-49EF-93D7-4BA6A6FD49B8} - \Voo Update No Task File <==== ATTENTION Task: {651A44AA-C1A5-436A-8A05-A594253FCB0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-02] (Microsoft Corporation) Task: {813E34A8-2957-42FC-90D2-53859C433A4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-02] (Microsoft Corporation) Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {AFF1C77D-2E65-47E2-B279-B40124D06937} - System32\Tasks\Runner IC => %LOCALAPPDATA%\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Runner.exe Task: {C048225C-7585-4BF7-8043-3ED4D1B3A599} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-27] (Microsoft Corporation) Task: {FBEADAAE-A61E-4666-A8B4-9F421001F980} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated) Task: C:\Windows\Tasks\HPCeeScheduleForgle97_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2014-12-31 16:59 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-01-02 09:18 - 2015-01-02 09:18 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-12-28 03:23 - 2014-12-28 03:23 - 00392768 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Runner.exe 2015-01-02 09:14 - 2015-01-02 09:14 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-12-28 03:24 - 2014-12-28 03:24 - 00098368 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Modules\ManXec.dll 2014-12-28 03:24 - 2014-12-28 03:24 - 00078400 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Modules\CmdProc.dll 2014-12-28 03:25 - 2014-12-28 03:25 - 00122432 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Modules\WblSupp.dll 2014-12-28 03:25 - 2014-12-28 03:25 - 00044608 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Modules\PrfIns.dll 2014-12-28 03:25 - 2014-12-28 03:25 - 00054336 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Modules\WbSes.dll 2014-12-28 03:25 - 2014-12-28 03:25 - 00116800 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Modules\WdcMan.dll 2014-12-28 03:24 - 2014-12-28 03:24 - 00101952 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Modules\CmnUtls.dll 2014-08-26 08:12 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-12-30 14:04 - 2014-10-23 03:14 - 01091584 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Chrome-bin\libglesv2.dll 2014-12-30 14:04 - 2014-10-23 03:19 - 00167936 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Chrome-bin\libEGL.dll 2014-12-30 14:04 - 2014-10-23 03:26 - 08569856 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Chrome-bin\pdf.dll 2014-12-30 14:04 - 2014-10-23 03:20 - 00324608 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Chrome-bin\ppGoogleNaClPluginChrome.dll 2014-12-30 14:04 - 2014-10-23 03:23 - 00880128 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Chrome-bin\ffmpegsumo.dll 2014-12-30 14:04 - 2014-09-22 23:07 - 14891848 _____ () C:\Users\gle97_000\AppData\Local\D03EFD4E-0385-6B4C-A498-1E5D5AA97056\Chrome-bin\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\gle97_000\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-576913787-332086946-380077188-500 - Administrator - Disabled) gle97_000 (S-1-5-21-576913787-332086946-380077188-1001 - Administrator - Enabled) => C:\Users\gle97_000 Guest (S-1-5-21-576913787-332086946-380077188-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-576913787-332086946-380077188-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: HID-compliant touch screen Description: HID-compliant touch screen Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/10/2015 00:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10bc Start Time: 01d02cfb6c68a02f Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 5ff4a6d2-98ef-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 00:29:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a78 Start Time: 01d02cfa509340a5 Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 475e5b29-98ee-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 00:20:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f9c Start Time: 01d02cf90fc32e57 Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 03fd6c26-98ed-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 00:00:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c58 Start Time: 01d02cf6319988b2 Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 2b86e909-98ea-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 11:35:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1204 Start Time: 01d02cf2c0fdfd2d Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: b7a1b674-98e6-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 11:21:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 6b0 Start Time: 01d02cf011ab1f71 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: bd79647f-98e4-11e4-8263-8cdcd48c7f65 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/10/2015 11:16:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1598 Start Time: 01d02cf011a8bd17 Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 0644168b-98e4-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 11:05:40 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a34 Start Time: 01d02cee9073d36f Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 83e72777-98e2-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 10:50:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1318 Start Time: 01d02cec77d755a8 Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 6c5fce76-98e0-11e4-8263-8cdcd48c7f65 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (01/10/2015 10:50:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 270 Start Time: 01d02cec77a28f81 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 6c77e51c-98e0-11e4-8263-8cdcd48c7f65 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (01/10/2015 02:07:38 PM) (Source: DCOM) (EventID: 10016) (User: WORK) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Workgle97_000S-1-5-21-576913787-332086946-380077188-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/10/2015 01:55:04 PM) (Source: DCOM) (EventID: 10016) (User: WORK) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Workgle97_000S-1-5-21-576913787-332086946-380077188-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/10/2015 01:45:07 PM) (Source: DCOM) (EventID: 10016) (User: WORK) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Workgle97_000S-1-5-21-576913787-332086946-380077188-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/10/2015 01:26:24 PM) (Source: DCOM) (EventID: 10016) (User: WORK) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Workgle97_000S-1-5-21-576913787-332086946-380077188-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/10/2015 01:13:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: %%1062 Error: (01/10/2015 00:48:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C} Error: (01/10/2015 00:26:54 PM) (Source: DCOM) (EventID: 10029) (User: WORK) Description: {4991D34B-80A1-4291-83B6-3328366B9097}BITS Error: (01/10/2015 11:50:49 AM) (Source: DCOM) (EventID: 10016) (User: WORK) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Workgle97_000S-1-5-21-576913787-332086946-380077188-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/10/2015 11:25:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (01/10/2015 11:02:55 AM) (Source: DCOM) (EventID: 10010) (User: WORK) Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82} Microsoft Office Sessions: ========================= Error: (01/10/2015 00:38:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.1638410bc01d02cfb6c68a02f4294967295C:\Windows\system32\backgroundTaskHost.exe5ff4a6d2-98ef-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 00:29:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.163841a7801d02cfa509340a54294967295C:\Windows\system32\backgroundTaskHost.exe475e5b29-98ee-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 00:20:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.163841f9c01d02cf90fc32e574294967295C:\Windows\system32\backgroundTaskHost.exe03fd6c26-98ed-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 00:00:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.16384c5801d02cf6319988b24294967295C:\Windows\system32\backgroundTaskHost.exe2b86e909-98ea-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 11:35:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.16384120401d02cf2c0fdfd2d4294967295C:\Windows\system32\backgroundTaskHost.exeb7a1b674-98e6-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 11:21:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.206896b001d02cf011ab1f714294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exebd79647f-98e4-11e4-8263-8cdcd48c7f65microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/10/2015 11:16:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.16384159801d02cf011a8bd174294967295C:\Windows\system32\backgroundTaskHost.exe0644168b-98e4-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 11:05:40 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.163841a3401d02cee9073d36f4294967295C:\Windows\system32\backgroundTaskHost.exe83e72777-98e2-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 10:50:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.16384131801d02cec77d755a84294967295C:\Windows\system32\backgroundTaskHost.exe6c5fce76-98e0-11e4-8263-8cdcd48c7f65Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (01/10/2015 10:50:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.2068927001d02cec77a28f814294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6c77e51c-98e0-11e4-8263-8cdcd48c7f65microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz Percentage of memory in use: 58% Total physical RAM: 4026.15 MB Available physical RAM: 1685.01 MB Total Pagefile: 6586.15 MB Available Pagefile: 3809 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:444.63 GB) (Free:397.75 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:20.12 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB) Partition: GPT Partition Type. ==================== End Of Log ============================