Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible malware/spyware - sluggish computer [Solved]


  • This topic is locked This topic is locked

#16
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Thanks for your patience.


This computer has been severely infected and whoever was (ab)using it needs some pointers on computer security, (I’ll include some when we’re finished here).


Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_us_335] => [X]
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\...\MountPoints2: {d537cacd-bb91-11e4-bf86-2016d8c64df9} - "F:\VZW_Software_upgrade_assistant.exe"
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\new\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
2015-03-19 02:40 - 2015-03-19 19:02 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-03-19 02:40 - 2015-03-19 02:40 - 00002802 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-03-19 02:40 - 2015-03-19 02:40 - 00002802 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-03-19 02:35 - 2015-03-19 02:35 - 00613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsj63B8.tmp
2015-03-19 01:59 - 2015-03-20 02:40 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-03-19 01:50 - 2015-03-19 19:02 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-03-19 01:50 - 2015-03-19 02:39 - 00002804 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-03-19 01:44 - 2015-03-19 01:44 - 00628688 _____ (CMI Limited) C:\Users\new\AppData\Local\nsm16EF.tmp
2015-03-19 01:44 - 2015-03-19 01:44 - 00000000 __SHD () C:\Users\new\AppData\Roaming\AnyProtectEx
2015-03-19 00:40 - 2015-03-19 07:50 - 00000000 ____D () C:\Users\new\AppData\Local\CrashDumps
2015-03-19 00:39 - 2015-03-19 02:07 - 00008688 _____ () C:\WINDOWS\SysWOW64\BasementDusterOff.ini
2015-03-19 00:39 - 2015-03-19 02:07 - 00008688 _____ () C:\WINDOWS\system32\BasementDusterOff.ini
2015-03-19 00:38 - 2015-03-16 11:21 - 00295808 _____ (BD Inc.) C:\WINDOWS\SysWOW64\BDL.dll
2015-03-19 00:37 - 2015-03-19 00:37 - 01874944 _____ (Cinema PlusV18.03) C:\Users\new\AppData\Roaming\PVYJW.exe
2015-03-19 00:36 - 2015-03-19 18:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-19 00:36 - 2015-03-19 00:45 - 00000000 _____ () C:\END
2015-03-19 00:36 - 2015-03-19 00:36 - 00000000 ____D () C:\Users\new\AppData\Local\globalUpdate
2015-03-19 00:30 - 2015-03-19 18:13 - 00000000 ____D () C:\Users\new\AppData\Local\SmartWeb
2015-03-18 07:19 - 2015-03-18 07:19 - 00613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsmDAB2.tmp
2015-03-18 07:13 - 2015-03-18 07:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
2015-03-18 00:19 - 2015-03-18 00:19 - 01988096 _____ (Cinema PlusV17.03) C:\Users\new\AppData\Roaming\JYLS.exe
2015-03-18 00:11 - 2015-03-18 00:11 - 00000000 ____D () C:\ProgramData\3ac3fb296cff417d9c334970ddfa1712
2015-03-18 00:11 - 2015-03-18 00:11 - 00000000 ____D () C:\ProgramData\383e68074e2b4b0590fa738a6c625340
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\new\AppData\Roaming\PVYJW
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\new\AppData\Roaming\JYLS
2015-03-19 02:35 - 2015-03-19 02:35 - 0613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsj63B8.tmp
2015-03-19 01:44 - 2015-03-19 01:44 - 0628688 _____ (CMI Limited) C:\Users\new\AppData\Local\nsm16EF.tmp
2015-03-18 07:19 - 2015-03-18 07:19 - 0613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsmDAB2.tmp
Task: {0A2949BF-257F-43FE-AA3D-A228C21AB9D9} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {0EDC4CA5-8CDE-46D2-80F0-EE3E6C3A876F} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {1C02A065-2BE9-4F3A-9B26-FECE31DD4BAF} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5D3EDCF2-C22D-4760-B6AA-6B5A2E891FB2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {BDA80B80-D203-4B46-A33C-A424203060B7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F7F2E4F9-1484-4171-89A8-BB4ED9D22B55} - \TidyNetwork Update No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nnxwgpgc.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vqlvazsn.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:1F96ED45
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:6764D965
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys
C:\WINDOWS\Tasks\APSnotifierPP3.job
C:\WINDOWS\System32\Tasks\APSnotifierPP3
C:\WINDOWS\System32\Tasks\APSnotifierPP2
C:\Users\new\AppData\Local\nsj63B8.tmp
C:\WINDOWS\Tasks\APSnotifierPP2.job
C:\WINDOWS\Tasks\APSnotifierPP1.job
C:\WINDOWS\System32\Tasks\APSnotifierPP1
C:\Users\new\AppData\Local\nsm16EF.tmp
C:\Users\new\AppData\Roaming\AnyProtectEx
C:\Users\new\AppData\Local\CrashDumps
C:\WINDOWS\SysWOW64\BasementDusterOff.ini
C:\WINDOWS\system32\BasementDusterOff.ini
C:\WINDOWS\SysWOW64\BDL.dll
C:\Users\new\AppData\Roaming\PVYJW.exe
C:\Program Files (x86)\globalUpdate
C:\END
C:\Users\new\AppData\Local\globalUpdate
C:\Users\new\AppData\Local\SmartWeb
C:\Users\new\AppData\Local\nsmDAB2.tmp
C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
C:\Users\new\AppData\Roaming\JYLS.exe
C:\ProgramData\3ac3fb296cff417d9c334970ddfa1712
C:\ProgramData\383e68074e2b4b0590fa738a6c625340
C:\Users\new\AppData\Roaming\PVYJW
C:\Users\new\AppData\Roaming\JYLS
C:\Users\new\AppData\Local\nsj63B8.tmp
C:\Users\new\AppData\Local\nsm16EF.tmp
C:\Users\new\AppData\Local\nsmDAB2.tmp
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
C:\WINDOWS\system32\Drivers\nnxwgpgc.sys
C:\WINDOWS\system32\Drivers\vqlvazsn.sys
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there is any improvement and what outstanding problems you have.

Satchfan


  • 0

Advertisements


#17
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thank YOU for your patience. Our computer broke my daughter bought this from a kid she goes to college with. I am at work will complete this when I get home.
  • 0

#18
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

:thumbsup:

 

The person she bought it from shouldn't be allowed near a PC. ;)


  • 0

#19
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I ran the fix list now I can't connect to the internet. Any idea?
  • 0

#20
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Try turning off the computer and restarting it.

If that fails, as you obviously have access to another computer, if you have a flash drive, do the following and transfer the following program to to the infected computer.


Download and run Tweaking.com - Windows Repair

Download Windows Repair from here

  • save it to your flash drive
  • transfer it to the desktop of the infected computer, (copy/paste)
  • install and then run the program
  • ignore steps 1-5 and click on + Repair
  • then, in the same window, click on the “Open Repairs” tab:
  • click Start
  • leave the default selected items as they are and check Restart System When Finished
  • also check Restart System When Finished.
  • now press Start.

Once that is complete, please let me know if you can now connect.

Satchfan
 

 


  • 0

#21
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am on my phone :( I will see what I can figure out tomorrow.
  • 0

#22
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

OK.


  • 0

#23
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I ended up just doing a system restore. Seemed the simplest solution right now.
  • 0

#24
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Did you do what I suggested first? System Restore was not the easiest option as it has probably put a lot of this back to square one.

 

How is your computer behaving?

 

I suggest you run Mbam as I requested and then FRST again and send both the logs.

 

Satchfan


  • 0

#25
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I will do when I get home
  • 0

Advertisements


#26
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

OK


  • 0

#27
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
malware bytes I could not find the log, here is the log from frst.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by BrittanyD at 2015-03-23 18:57:34
Running from C:\Users\BrittanyD\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{039B859F-360B-58D8-F86F-C277BA6ED7D8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
22-03-2015 18:30:04 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05C5F256-9E31-4F86-9196-4C987120ED86} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-25] (Synaptics Incorporated)
Task: {09320D12-129E-4ADF-8EE1-FEA566A2FD84} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {13637359-CF5E-4A8E-8619-94B0572AE313} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {24338CFD-A666-4FDE-93FD-D2B658A95D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {42A84CD7-1003-489E-8E33-0D04A3E9E8A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4E934D9C-EEA6-47EA-B191-1D42D1DA45CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)
Task: {5BBE5939-D824-40AE-A5F2-ED536475A930} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A5AC943B-4A1B-482F-871B-AAB75DB96BDA} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-09-17] ()
Task: {CDC3358F-E73E-4A79-AF9D-2BCCAEF93F35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-09-12 17:20 - 2012-09-12 17:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-09-12 17:20 - 2012-09-12 17:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-12 17:07 - 2012-09-12 17:07 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-22 16:52 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-22 18:17 - 2015-03-14 03:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-22 18:17 - 2015-03-14 03:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-22 18:17 - 2015-03-14 03:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.226
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1604515157-265859657-2736240245-500 - Administrator - Disabled)
BrittanyD (S-1-5-21-1604515157-265859657-2736240245-1002 - Administrator - Enabled) => C:\Users\BrittanyD
Guest (S-1-5-21-1604515157-265859657-2736240245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1604515157-265859657-2736240245-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1700
 
Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1700
 
Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2015 06:13:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x501b7575
Faulting module name: d2d1.dll, version: 6.2.9200.16420, time stamp: 0x505a9763
Exception code: 0xc0000005
Fault offset: 0x0012f247
Faulting process id: 0x66c
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
 
Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)
 
Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)
 
Error: (03/22/2015 05:42:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (03/22/2015 05:30:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
 
System errors:
=============
Error: (03/23/2015 06:25:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:24:47 PM on ‎3/‎23/‎2015 was unexpected.
 
Error: (03/22/2015 06:44:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:41:12 PM on ‎3/‎22/‎2015 was unexpected.
 
Error: (03/22/2015 05:41:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:25:46 PM on ‎3/‎22/‎2015 was unexpected.
 
Error: (03/22/2015 05:19:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (03/22/2015 05:18:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error: 
%%21
 
Error: (03/22/2015 05:18:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error: 
%%1058
 
Error: (03/22/2015 05:17:26 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/22/2015 05:11:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (03/22/2015 05:09:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1700
 
Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1700
 
Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2015 06:13:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.0501b7575d2d1.dll6.2.9200.16420505a9763c00000050012f24766c01d065069946373bC:\HP\Data\HPUC\HPPU.exeC:\Windows\SYSTEM32\d2d1.dlldaeff537-d0f9-11e4-be6f-d89d677fb433
 
Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)
 
Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)
 
Error: (03/22/2015 05:42:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072EE79e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 17:42:34:401 - https://activation.s...igextension=DM)
00020001(0x00000000, 17:42:34:572)
00030001(0x00000000, 17:42:34:588 - https://activation.sls.microsoft.com)
00030002(0x00000000, 17:42:34:588 - 0)
00040001(0x00000000, 17:42:34:588 - https://activation.sls.microsoft.com)
00040002(0x00000000, 17:42:34:588 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 17:42:34:588 - 0, 1)
00040006(0x00000001, 17:42:34:588 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 17:42:34:588 - 0)
00020008(0x80072EE7, 17:42:34:713 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>s6kNSo+p7DY7bj1+WEmsfrVEAC+eQOchPZZAkB1p+NsW6qjF5AFynXzoLdzmWJZXD2ZdNH3YeNm1aZFpqe5ZEovb2iMKdO0WlTipCjEICvI7I+pMDDVWDVmPy5hurJMTIgIxuiWRVq1cBzjx1Q9hCi6lxQYd9VvxD+zD9lqwVVplAGSqVGZbuNlHuKskmSIXGppB2gE0F1hRP0v6etDFDgZq551tTKu7uAmRwg6JPa+x8GjnyZcClmVNLqhyUrEIxViK7hbObBi0tmPSAamnSnbTQcBt6TFzKKMA6cAZseR18R1GROmupvljsLH398uoepsWZwBlP70KUd0HfSF+YPNbS22uY0VjoWG0O5pkLA8ouEUOYGal42oBGNXMoIiuof2ApNdlGLl7mzQezcHR+r3kjSuwrJpoVjS5ZKjsSFTza2rA2ciOwjDzpliHczZgS3WiA2mwTlCWKVsih6aofvsbETQ9VIKqkbtcxBrXgb4qhdNX8rt5q9NSmzzLdVCTxFGDKYl8IZ9AlsXHemC9IJM1RGZGc41yiPUZmKjELxkO4ef0hJyHNKvYAXMwAByEXg3ftXAvLtsRzpw1BZ+ZG6hKZKRiyK6GYv0Fxw4D1NBOk2r74GlOaBR9w9HmHOIg2/otWU0z7hUWB7L4K8saX3a5qoF6//uhaGfiYBDloCOIWrQAH34VHYxXlMLYsys1voo9DhHZmaawVhBJ5iC1HQfSwMXYa4SengXqD3WHkn2A1THLE6j5P6JVz1NuUqOsMCVc7hOQ55lOFobYRHCI1zR9jGreE0X241mWpKcWXiTLnyRnpQOrGfHf7l9hcqXKyMlsNKonw30zbH9sznorVgRMu0GsS2pHyr/xZ1/dJ7DKRa2rzt1bAzqNdrQkmypV1IY+lPlnRvEUxSQpSM8tPYxlqEeOT/00Djkj4Kj+ei+aO4a2N5PYgWThIl5Q+4eRDwJZJoDxKO/pnuon7sgB6lzGlP0ubLUXMLj+R8HmywnH6lBADHoKjC0fLI6Av9VSAjXmfLCCp9wcjksNIoMrB7aj8YWHZEU9+FG/IPTd8DHi6OQMOfJ0mdS+2xH1EZ+DVCi1s3UpQ0E863a2i5dumY2cz5P7yD2JBTKKbPlq0i42rOjsnN10GjYwgJbP1EoPVQ0JF8NowUDR3qCSJ15ZenY3UpaMzeVDkoYcMvU6HsoJ3DryU9H8RkYiZiEc5sUA4dz+3W8UikT8yaro/JgLd3Xd4t78p2BC5CS8LvWRsqavaeUdWb9dzwUY0LnjporgQ8t6Oq9PzULn4dWsr5XAfUw7SUzN48r/dDH+algmAc7V9noWILbJwSpIXNaPP/7dd2ommnBFKHslVFXPgTefM5UAPDvx+Pf7Ylb9awzL6frb+j4VLkP5C0cpDG+sJ/0msCHeoGAo+ZHdd4gleUTYSLEIUfz6LQXj3iuAGxpIUkdsQ5SIgXy1ehq6O0NvWJMdD8N37Eg3/fiX0E/0GmKCnjcsYyssqPjl2DKgmzAp3fh5aXZK0yn6TpwJ54ju77SMecsO9l09lISrKA4HTwvlwpMqvahmwHurrMizUJ/9IqHgoXupsVrU50Jetaad3MMocSe1UywrjQbVO/ZV5Wif16cV/hSA4R2JvOq8aMgONmASyUW+wmH2eOaoVJolB/bOdzqWlowwnW76keJ3jqf86S0F+jzEX3NhWHeeJH4DzM9zvWwqx78uflTL9YyEIGQNGP0tbKZZtuxWLWtkFlpIN/LoAea/b8djpOm68XY6cs/dxIHEnhRK+MLSYPwzoeiFvSm/F87JIymOLm+R6N+OcvtSuv+/5fuRlRTS4XyrL/k5QP1AA6j/e0wVc/eN7MIy8eU5AFNefv2t2OfzH2cqBLJY5qhs08IeM0J4aFwkRoWWhwUgvfI0GEw/0LpLcAcwRH5mNJEE1ITQz6nDkFviCYX4xmQ6dBlShWFG33WSqOvz8grqJwgSb33jT7rl6etz7KfLQ7lBGBjZPfyO0V3TcaCLyGgFT+jZyMVOq1dUGgw//41UPTwsF9s0yna91aHFSwlKNgx8k4ULkUbCl4544dFk7b/7Svd86i5CYhhOD4UDJC4dfOVemkCalJVBus2DSXtlh1S0ERgPXPrjkvPF5cTEBp18a9XZ8m5Y2b8ON6V2b4tMIlWgrPF58nxskG3+kSB5eFudLBX8eW9nnJc/B5q30rxRuqTltn5n87GHs08OpMvAo4Er4ThD7OANDyni9f5GJgTTJjAtYIVduhAUUDukWdV7Vo5ontIFcp1au9Vh03yh68rlNGhGcRuyplmnBsxkNhtTIAV3rd1qSUok9EbZfeJVLhp0/vSFrC8sxyxw8y5pXom83XkoUmNUN+Gqf0xIOQLvUBKxGZVnfj7bJZLA0LDl4f+b8as2wbB0dBOC0/BVggREgwD/qthy0GssrV6Qm2L/ncalrKojVjpSNJJMFU5W32hvTTBAAaCP+LaTFi+JfDUnD/Xgof9lpNZwB5i5XEIcZuCy9mUqN79eNqg2WQxGfD8U5x36yjs5fSh5OwXEBpS1jRlabAnoaNx1UzN6bvKva5rJQjbBl6eNFvS0Bg2pQJL5owwjQTWGc539t3nLKPxT0Nt7t+4NWYigVRqZ3ILojbzQ/h0xB/iriZ+pCcsDyYuL0xuX3/dV1ppu6fFUM7ENeUwYkbjQpk3FKXOWwPajiITAAmlpqXnrW7/PqepAcSnJRFOxV9flpH5+krzggWuKIiXnsTPqj+ensh0WPiIr5mvFoWLqihgDdypI5a+9eYr9/AoGAkrpo0lmpzyLKdrjP8TYdy4aVDXqxjXW82mBBuUWmglX30Xo+4mQ2haEb5mJLrQRSmeNjpoExwR5s7p+Lp3Rzn3vtVqvx5hman7/bTPU4IJOwjDNxoB6D+fNzJ+zsoXSNEHUBHgYEln7wT/k6bTqpSFW4aOIgkP6OQH1fCuLi6vLr7NbNsDEryPbShofwufwRZZ10ipuxcxaYFMoauXA+gwYiwaDGyjA3fpvr4C3hYi/OufAXLV1muTbvklcZLZ+l71lfi+m21jScLjO2Wrg+lirLkiHkgg2C+3fY2PIJWb6hZW5EFgL0DX+YDH5rvhT1A04QHnZC7lPXEhCn4b7HGh+TLe5mYd+la99GX6uIPTfECaY9Rpj/bJnonSsRVh65DMaYmp9Coy+MBOfCWEE4JaOrH9ltq79MFb2n/We/CW7S5+S0ZG6G1QyX/d3Csq56zvPoMaZ7Q97XMMwTBgtUpD+PwbGoF6A6bG9UzmkatP7TEj1tUFAMkW4LyKCmxJ4E0YQaiuL9Hn9DPOVJwiwFGI4tjc8+zbc50jruH0tVMfL7Ql48lCE2UROA2NhG7hEa0sf1OFWmJJCBVdAAR6rgO7xJMnA9AHh2TFOUR3fBZdEO+natEpZO3sIYH0GtGaR/otNdpcKPCD8wC4WewTgyickdFrA0rDVZngfUiP0fwJJPsjdOYhgo0Xr4TLMjkTO4+fqwD1gIdpDaNBY9N6I/ivPmFtFmx2vUEhqJDKEEOHWtqqKaBQFCEMiXmHm2sEycwOslMngWs+O/uxIP1fydsQnUapAslDPR9liYOPt5hBb8/cTUEQuYGHWUtRbA84F5v91n3NwCnh+oOw2MdUBcFYn64mBl4Ry2bR8IUOKrO557iNIntQTULU+m46esEtWpskvld+P6sP1RFMRq69I9cn0KwzNK+VZi+eSkV2gFYmAPiYgT36CtUVzYcar8o6AQ3VRyXvD86m4MPVm421x2wSZnNu1kY/zAYcloTRv88e5I+KcFZnR/vwupo47DQeO9mYkmHfjt6hnMC+KJkjWDJK986ofbvGx75erx3oD9JlkYlQwRc/Y+r2qwwAz/5dfGNVCdha06j6Xe6ZriMBnlDg0FBt/NR6P4GCokF7GDXpRaBTNJF2sTWB8ThOT1Hf447cp9vDnR3qJeDS7PIrwfW+I8ax6ZvsmhRDpNPf1x7m09maHlk4wZpZjqFqdSr8J/ds1NBns0hNAd4pKJpaCrb3kfF1/7wbTXGzbRg6CL5CGucn6mtaeEEq3F2sURCkIk/CWBNub9FFi4tJ3j8C8uBbHYAG7Aa54JegdJKYeKsUN3FuFMD5rYIeBlThCxgLabqbg3dM+ecpiI6i8GIkienL/Ww82oQnCkGCuWrhMCg4g0klC0GeHCVfTtsvKjCO4YoSJNDO+2CZX5qRI2UPu6/G89GkMamgKCbYxpupk2xttyRo8IIUHEcN74hynK/Z6Uz8uz8T9gGTH8PQbfxip0WCZ6a7lD4t/UfC4E3d805fcZwHRA0psuZjJHkt2OyS4M8nwJSq+bfdcpxa6EIoW4V2BvlJ47huux4MTugxJ0Li2SGS3ZwiTuA/w5s8aRzrOwyCYdV1f6SAbFgrx/I46uTKzDZGr8buThOsm8L4XxkJeDwdBmwagtKFRu/437pdUfeWUW0V0Bche3SFhJHmZqyEiW+n8NmAAlMg4233CHU5KzW1t58SRdPik57Ac9bsEvkO8ny4fiAJvms9RuvyC1WcQg9mk4BoVBZ5oiBReA6xaohw8UpFVTYZsQJ0AmJ/Dgj0r1CYviq/kIiqoz64cxoAj0ShBzJKaq0HGDFfq9ExH0uVbi/daxNDIW6ZW+6jTsMYI0kXZlbBSrdsBUROpoJ5C9Tt9NB9M7mOz0XcDzBNEW6lGIv1kXmYmCMlCrr1dOJCBer41IxSygpcW8NrgCVOgSsiUykmNLVU/zyK/pmoMMH4eJ8anGTeKOKY7+Rk6HYbFkQ3jsNt2nJSfR5ztUPA/FhEUpKmumEAWbpCMJt8MwWrPpNGn5FpjQcN/rAMhxRYi1Xmk/1lJnTbHXCGslT+v6Pftim+ypB2zwYyo6uPgheDdb/13R6FqYpijXlTrQqZxsK6VHfsNwQNp/scMIp3UYeoH2+1qFJuCFB7UBKLtHt1r6/Bq350wJcZOHMdCpz0JKfTVU8Y8QmCgsoea0kL9SeiEU1e9itlMakeeDqlOPxxgL5x67Dj/gJOhkYhoVcORLY7jtKTiKPuOm+pZFjEVKwx47YsnxQ7kEOACrFlG4IdBxyXNu3m8lAM72Txf9eUHhjoahJEXgP/jZKho1YkuUJN1sZZL8zdXFo7rPBRZNm2kYLNeobpQWiGQN8+MV8/f8A8nZE4QNKWhLKn65lHyiHtPkZm3K/eeOG+qaCBKrnAi2gAIX+Ra6nEj46RxMlfq4S/2wLWdVjsIBosOE6AEwshL6olE8Jz8nYDLWEuXuCHZwoFeInBOBoF1x5k/au8KgMYB1Y1LxdrjQxUgd0++3i4tGnjQb8uuFrquzLfPKYq9XMGXWUu8mG8Zcs10Xv7Y4qs0OxYJWBOok7FePH1RoKBJOU+v6alrEBJ861F9Rg9lcGGICYpGDkjd4Wmb7lxlHZvpVH0ampMPTdHuL+PDe4eNtE83aVGgB89JJffBQ4j2v5JTA3okV+oWuW7HjEiaV6czx+Px0QlSSClYf6/5auA35fBZlEXmKU7wadsoATr59wNu+BcuBfzSTxncKz4SkuA3CJE2XPP6u2TLD2mMSmGRhsb35NJLNIaIx6c5ZieNT9CeCi61avHC/fQX7mG2gs4yru32B9GVtqCJtooRqfsFfji34BhHyPrf+RYxo2/VrvPcfmMxYMO2OHB313CFd2gnGdwsduUKMiGkeE3wJ9Y/wlOQ/TS6ljKipw430KlKOrgLMwRxStRkXl7KqGb2YTaD/o/fGmyqde1BAKuEjwvCc0jnx5nkh4dwJw9wjdUprSPVmx5D8zva6PKlRhIyWNOdbRtByaTbUU0fKtglI5rJTESpXJZIUzVTEywWxBHkuH5jtiA/b8GUAPc6ZEhTkrwS/IralfExF43Okhai/oGaAD3pl6zf4RvdRYLv0jqJlnQO2xHL8W+sy/Mf/ynKWP4dNsxwNjGviqk8as3I2HZmZOy8jO62PYk6N9RrVh302yFnPaFWoN0FbzFagm3DsSkFHwaJRXMLA7JhEtfx7RLy508xs+fKrYJxvpM70C7yu7+kpNLPO5Vekk70Vn8l5z79pcaUwTzfl6YybaFkIixI4ltC31ueGQE8VGRxyvmpEJR6ZRaiZ5godLOwHPSDJkAOVSkmzz+MjtfeX6PqZzXHmcnxPtXoYsOT8939JWF/JjnuFP57NobwsYPjQBpseNqN8JuzY6WUdSK+8WM45/yBDGiAd+45mNgmIzdCHqYqRw4xcjK0ixK44QnTeP3IfS2Rtq0V+49e+6tR+ycAML2A5BisnY++q8pAVcfWQ3w5IQ8VoGrSJbrYuYGYndS+O3JaoJ0DmPd1+h8NM2lN4GlTunnJo/oiJBaqEhtFfR7dGU2hqI7oqVFcInix88qLdXFI38s/7SP1ya4crFKAGT475r6fIAWmSZQ44UT0+r5X2VOWjrMSZyyz4RMI3GPvIpWwLpJ0TIxufn/2BXxgClkk7S1PClJ+MgVNDuxg2FryIoNX53MNz/G8f3nXstfX1mlyaXlHEFtqCO5a60Sbn5s9/yOyPVZp4qd0DHdF2RC1zQH0Q+CJ4LXHDv+aB5bdTSDzp9+yBBH99kmT/8offJmT1S6vHClOWlI0WDDEX5BGbjaA+qPsIkUyNS6dO31BRw/ydFdiauH81iT70a7NZcTe6emqE5k85xIOQRtCSs/0PxuMZ7eePlhteUpENtxrxNVahynK+XZp9RbedKWFPiCTNRJ/sRKqTqhJUrqwONK07wAl8I2fVAGZ47FF6FrCMLOOU/ZvsjQVZzQPywDFqCq0yf//t40Dal4VD5wxcf8VZcF0Ag6+hLhYrRGJbRqxOgS7BGHtZa2OGpP0CLDz8HCm8yjXaJYEC1QC92VaVanan2DMBt35DvN0wxsRkqemQNX0LH6DHeedGxRg461vJE7DpDVLYkbvZ75kkwpbNaLiVOiihXYW3mLqTktqNN6ustdIzMoXKSVI+SZ0qokTsPqozLkgYerd2YirpTqJWu6359pbNwyQ8Z7CWmQFLCf8ssp1l28bsPJvNG9ZljxGaTypYGNY3SsIx+o1HqV4tFHys4jaXgB2dckqEQs/TsYJF/Xx4CEZbjDB82AA3dRK2Qde5tC/VUtjg/91Xu0zNIvlT12QYO4E6v4joV3/fVpXelx4jEjz4nHQq9S9QKuwfaJgfK5GABL5DcOF/FvF1qh70FHe5HCO7q/kCIXP+d6SVVtmF0HdrWmKusdCWONtCAYwNd+V/HePUZuPxX3cHT+OVSL9nSNSEZDDxtgrNl8tW77bsa/x3bRyQJMX1ZluJ+vwlj/PJRRuigkxCaVsCq3BTMHemM8hwOxX9WMG4ZfahHLXKUlgRsxgUhM1W7REHojfHKHqC4LTyw534vL/0jGyOiIMUk37HpSMTpw4PjmbwH2K+JB+B/T9hDGj8sv+vT+7HzstjCsJMdL2qIe8TN1kZoXziDj6WnV2PiNebpapjToqiv+JgrCk9voonieoJrSBL0kbDS1eV49Eu4FRi/N+HGPbtOv23hRFMCUAz+71D9kcqW8bb44AKXTqXOiJ+zej0r1vNCQoLi4IGmb/7YCOthvNENCRr8XxgmDXZ0AwB2tsIDEG0BSmveydvAjTBs/wDTjQ5k+ukW2dlv/t8eNjfVe7PTUp9j5VvvuMxNqMPzWnJ3UwmMMroDBz85P2aknIetCk+MTaZSD13hjtIlRxINSbK2jTQ45SuLHLg0IxnWP3DNYbaxDoUPtxrwbINUQ0GSRioHu2miM3qH9yKZc4Y4jI2zAn3Uu6nO7M56a66U/G7sKQdOrZx6g+Iq82MKBlrnAYTKMxKhbagccCicnvS3n7QFghZE4BzIQ9J+52AvZAjNd2kEav5RcnaCDLok4mH8VydZvtKvNmySSidN1QzzRzsNU4qhpVNGzLC9RtStBkAA+iyKbTR4RdmHwZ61XaTWSEanimLf3Vnz2n+gOuRU0RFXzv/h8SvE2sPNTCcEFmC41QzlKcZeBspxoGPdbtgu1HJeKov7ZZ0JWLOLH9r7awmr66VLPEHMCM+yvoYMeUii5tAoQ/DNp5mFXLMkmz+Bqnorgu6+g0wbpxvosO1gMCFCHsloaUNS90D5xtbhG9nDyzfcfZd3BrKQWEmg42AxG4wGotkXIk56G30uYC9mBLm/WAptwVwhJ7NyEkETEXo511WrQnrc+1WbOp9Dbjm9DhTVmL8GHI83lPwUDAEa3RkDWhBwwX1VCnHlrZE/aT80TD2t1KA+bjhkETnfAVolRgOaMeY1iVnvz0pjr2Xuuklyp3VbwUuaraeCl/Sai7LjP7OfiGzj2R5XxLtepPWpSoC+YGHP8vMwgNIOqfiLkngT+e9CxkRys6fd32vWXqBNapwWNZ3TZljyz7ZTcVrNvU5jotmjieGMEAmNh+pCTYrnGk0d9ARxoIZlsABxZ501f9Z0Hpk6PBZs3fT34YlZzIYBQG0r5nmEd5I2+z/nY8wVwEcOpSQYmqSgwics/2Jjs9wqTmiQIJxNKXD7KMwEYL3VJLrldb5QhB/b+xfPJsf33Zr7CA8k4WgLQ8J3mDtAziwrs/nGNofX9VT8539ECFt2YekFoP4aOKVwmyWrkxQVcUXyy5ME6x/FMWnSZbdvIxxyObTxAi7OyNgHUsQQZCaHMbnLKv4GJuWacK8XejnBGB7+Nc3P2XY3HIAmFc3SdKRa93m8wn9yrIG70lDUo5v4uLqK+KHClYQSCyD8XJFhnXtOsKkuQMt12ed/y+7c92AIbdrCi46VsEmKRuDTL+jgrxyHmihM5ppm2YgruZcHCE2RKaFb9IX/mjmHjkaSan8hLqvs42uK6eWB7eB54AyW43kKfqqAQT5bjXwNXJ/PoqbijOZDvS66bnkVkEhbsj1tO9Ci4jL9iFIqad8wMlehe8H1hutQqyXPQH30mg4LESqQmGL3WTfFIsp1wFA+HsLwH8TqRtNR1dlRmcq05xeM0BNdwTwhSgD0HHTpmBnUKM6srnTlVAK0Z4TJ0jluQ+pMJ/HsTqNUIXzNfxSkY2Cfc8cqCFaMXyvq3c9T1bVYS1eXYME9yIFs/AFIE+Qgo5d2BDvRwu+K2nHhSreYX4OOKVCJmOdOvzjPhD/1gJ0SOG4kCMoFBZtupIev66kiu+gaZ3Ng/6bvf2X9echEN+EIspvJIWvzHxb5Y6nWUdpEAIVf/0ACuCWk8VMhfwnwbbBmzVgfcWh7oUDUP3Tf8P1RthHtUAls5qE9nxBdGF29zl8XzagdaZJZm47WC47axd+o5LCQdllxuL4TWdaJTYtShUP3OIxM4w6SlhPbWe3lPoJj6O+2AoYE4R5QFQwNuDTpYenR1zttl4wtuBMBqXz5+E3suwLI4MPXCCHgsUGbwbXFbh4BngZZQ2tg7ospwWs8jDatXcFK0/CvL9FiJV8mp16tEIZP/mhJ2KbE/0DX6Kn2wA1RQTW8bbO8NemGGL1To3FRNY4kp9QOrnvuFSYdyXZyjkjFvON1XzH9zasjm42lxLQH0qGN5fnrdPFnT3MsaC/5mQ7s1x5JZangzqUF+ZhVGMR/lP/jObwleQc4ERP5XqVv0t1RUwcKsfCVRPpe/wmfBl8sfEa+un9O0GudzRQF4BUAStZL2BMuHXf7aZaakvzBr5NECeuEkGEgVOV6uhtb+W/B0/2O9yV2pj0jkP4Y734cWmaA/dQPFHGDXmA/aSpm2c5tdvU7VuB4CuTVtSnkRlTgbFMSIQ8ulyawG7e3gsKdwco/thgZ0dUJqo5BbhH6ELeYREDihlUUfiz/hy5Zdi5ujA+Okm2L4en0daTtn3iCk5R+jU9qSaQfLSbBn2BOCjOjzwGz0tBuDplLRtppZmHUtL+9UZNsyOtq8l5/qWDXGaHfM/6HfqTmpx49HUqwPthQjbFk0Krm5BKnoGbWIX6jJnQ1lEc/cSYiTcUke5fbUZvnlE0RrmrjUT673hMLPLew1sbTTeJikxJXT66nrvpqEhesPFwcdLfl8ehj1LwdFJMIE0x27vCMl7WCNHmlumhNVGH5fK9popqcip1gqHCEC8A8Mk87hUCxTXTSKHGrAy8kKsKHL5dFhed5P6toNqYBM7reQofOCeXInAe7f6y+RvrTsz6e1yhtvznsrk41Fm+jXXEYlv7k+1mhX68zYMTYhp6Q9Vm9nbmacTi+sypCc8Hh8bio6d5gjVG6pxgNWkckehXv8b5udgzSEFgwN2kapB5AmNbBelLHQXzJfOLdopwLp+GYzn/ipguA+rU/l8GCD9SWmJAiFmvgIvs6C27AWJdB3t6qzqPSHW0HArYhdqvYneSPHUc0NpL9YzpTD9/DokTTubXQa23+NG9GLix8iZhPJ25nLSe0CxOvENBsDEINKZkm9TQ+o6CAwQK9Zw3uBAtFZa+qe/nHznGwhqK059cwz9wN94668MpyUITxY852p6H+UKqVYNQXyVYdHVn+MJN6gQhHwzGVunmPoDddQdLk0R/pDaA/+6rrz5JvznObaAI7SIoGzRQCWe7cbDtnFp/MwGuLmRXJZjY0Io85wAZ45Dcj/Ta/ZEglRSJjsEJ11bQCbUsne7QbEM/0uqrxLT+8lHjV+WKlCCkCb//aE84iHAcU2AZZ8oWQWC/LkVaJlGtQDXwa1/fEvdzDKUsogRJRFd4J+OJqm1SB3x26dippjdZQBwQy6HNcm22VSyGJBql9c/xaK3z4mJQmLS/Q9h3g3JlTpk5glWagUwucD1/n6lYSfG7Am+4gpL2PmdAWvxTlH7VbRrpzcntaDPCo1Ckc83suJ9NoviVFbmFE8JFsTClGY4dYupjw0uu1NqKqrryPspPvO4+0IbPCvwDGsdhnXUAPtQaeYcmR0wT2+kQyTCTJvtqCpsTY2AOz0kBRTx/rdeYROC8k70wrw4sErejbnwitdGAsLo1YehIi4H4fDUGftuKYfqBi1Euu2btwnndS1AwUKRSe62Cdwp2o3vSMdhsN3exvoDMsD2vfZCyK4JB+gZrzKbfKwicjB2GxxmweGU7fRPWtA8cV/JwKG/9wM3wANcUXQzDnnUsLrSybXzQ7U6YQjc26cmjfVd1tHIjLxmjqneqW8raIme2Jlg+Zpc+NVRpWr9lG9Fy7IiDlkHyUv3ID/x7tp5Y0q7qpUtZCmGm4rsfolov6G43cfGGGnjWhEleAQlCw7h/LIkmJKjXnZN1U9UYacdk7NX9NFiTgOSHZL9xfiqOOrBEMqDi7j12g6c6PDn7JqdR0zgnl5K2gx4wpLtWkZak9xcb53NKmpZQ0OtHRDE226JWMAB9LIBajXjF+tTmTCBVjKItXCIJRqnC007hgBxXZY71qdizcdzUtsfYh4y8tGnX6wYKCIio3H1N1rmRHdkR9heMQ2sDYJqBa6cNspojSqU5t6htJLpJGdgPHnFHhLDWoF5douxfXXoozl4R0O0AjROeXhXnmtYtBst1ue53xP6oYiJdiEmbLkTsOBMi7017ES3s2J1OBZqhLhB/z0RKiVxRQ7LK09XbX4HXMhLYx2jtYyw28qGDo2WvHz9mK89oq/sqQfHTJZDgCv5rZmkCb86htO3Z9z2dF+aKaCk3/HaX9OijULIMzK1Gp6bmQKgmS/u11EeVfpefSC0wB92yi5oTCrNcyt6lEKBviPDlLPE/rGcLSe89is4RyQs/4ev6M9kS1zqlRUG1so2epI7y4tNEGIr9ptf3VA6Wv/5aXVt5L7xnCjRKo4U57rzUJ+xls2R2rVKncauQ7fmJ/mFEOy6KJgB4n3YWQabpHr0rUaAey/IuqFVf4HfLFLccWYF2rWactUgYItetw3SP69IBq4oNnngVKWnlTuft9ogEzmwQcAjnOBYzXYedW72j/xVy02WSRiwL/r2ZYTiRI4+deFRV+YIjWAbQhbZZYbkttzEt02+Ni8NFUWMsbsokLkt9dyHvWGzZv3V9MrqOhgULQyhtKpy/861N9pMWIJneQLcQ9LxVWK54bc/9eY3M0bt85IEm3uAYVbG13MqbYP+/xb6ihxulVf4YkSzV/b4SIITaHoSMqhnfILUKXtBMvsKmZy5oN0GO/XAhxnoGCmhERApKM2CwlcqlfO5Zd8WMXTk2n/VKmEqxIpnFZAdpmQ4+SUucu8vrWzCwzAnQWIw4k0iqmMnBjzRYPB67U4J9dLaD+YB2YasVaKJXnC+Ure07vUrqtKgcc8z305cg52XxIbsFmWd+pSzRX1r/NbUMEZ9/hRFoCejB/itK/7OOxflYa2fq/i77Ux2gfasX5ztBNTrczT3z9bf1r4vMjBQcUNyC7eRAe8pzTvNJ6LAjXKYZoKhqwifGDbGfHa3bsr0ZlyluUOtLR3Rv4ZlVyix+BRHpBDdmDWWYlhMnxfptSCO7KSwEy+T2pyxCQJnc+CXDVtja73L/F4tuiSR1EIlfPLMOQV/LwiM53Km51q3LG27W5u3whNVgFKxURUHtWCVNFq3d8sIEGEejU732MSZjOGHC7VD6m2zMce4GdTnBEZTWA7zUuZ/W1awjpDDvdF9wTr/3GLbf1xgBSKXCah3VB3BIWe60Lui7sNhb3Zjbmf33BfRjmgJshzKW0/m4oB+G0fgVbqhMYmqm7XrTz9DvXmkhLwIfATWNLL7VL/wszPNz3MGQN1j3fDEy0r/oe5gl/9DbV/HK8J9gbU8KIVBXsQajMmP/b2GWW6BFe1KddayXAock+vqSuVbXG7dBKs+YpI8PYYRuLh/mtQjQ4E5cBzos6wWERGXjLJ+eHOANhwKqbOxzj0AHXCeTKFMuZ6SngWQEwagrmFJDntaa1OjTvyErgJlyI1fDEKB2cRwvhbBeBMnUhBC/fGpNAzqRb3P7tHUUkxVyXU7dc5Y5atsf74LheJjwkrU1kwI1MKzYggph6QEd0etSrQ5CIuUn2+tocTFvE1V+3kI0dkMNDf3+uHUpWKGvJYCrLPsmuNZgzvY6ftvL5XR5QrbGbTd3eMJzkQ7hqI/oLn4t9iWn2TZMg5od6sMEm6cuFQ0qGvkjIIlY6nFDCl4oY2dNMpAJAPG423vpIv3lwdoXw9XsF77PZASh7/eNKegVa+CghDyBnE7rAaeSJQMh+jdlfSkqIMzU4L5GxExkjjlZYH6PVJ3fDlt+mMgj/8cRjAaSQ+RGrHXyFLqWPEmunqq1Y2fdDsKO/HATg4ftzeDyhZBk1kaGFofiQ5eS86+GAtslmrS2qdP5ey1mvr1VwvgRlin2tC2ulzTP7ROIls8rip959TohPHUIreVog9Tu55rLQkTNyDLQ0xQieNnMjirCHIskLU0yN9JqC3OLldEyXY2afXmzwYlpatxXySzLKcW/Mmnx4whLL/YZ2WjgSD2w9FbaJS/FmPm1gaLLV3jJV1xp07BlaPJ3unoM8kUJSXIEY/66On+xB7MnIvVDPkykYx0IJzgU31Cka+2XIp31vZIb26damWSfqZfgV0tUEHy7ukcyzZzmJrjIj+4cyfxRVHk9/i5Pil+pUvV4nFrqlvXnDRmwRFmedXD9JLjNXi/3IkvlU76bKl8YKEC8GUj5kDaoFXArDMkUVvLO6/5Q9/1PY2dNkHmAY8HN7FIH9P2qm8Qgw3ULDkURpAohLQ7FtyBnGo0mdZUaGmODPmnY2/e7VueYWh0M8hRtnMOwVEEMvHsC53+vmMF4CQOa3z9M6GL+IqyyjxeU2CR9YpPFighqNodXKEBVv2ciCHCcDj+gvhKcARklue0T0Ui2MYplRpCQUZBoVJtcMUwRbebuzKbfv6mI1C8b4O63JdeIbctZ/Gof0um2piczJ6Ceueu1W5YxbqfiOxjZkwJKBsf5CWHc6Sytc+XclXRXKIeTyUEcEkY1eHmBnAnlNC9+ZRb6Tm4deCtnom5/IKeNCH9Cj0HqneZFTSE6h8UP03pqUHk5n4rJZnvAbY6oG6c+vpr337X30FIljIxT1AuxouczFXDp5aQYUhuHMk2HjtaFK9d2L/3yuduolJ2E5jpQzMy20/jw5yumkApN2LCnxL84OdBhMAWmEgyY22Qz+0leYZ+evjXVddCudvl5dJE2VfeEx9hidrxsKROXvnx0nfQvh1REtcLSYeMNcwzMVZpb9FwD6r/9EyV8JDaEq50NzbxNf/Y2lzwGAqFw9qXI2QvVmEIPm93yhn/KURsZNamO04yp4kBaq9vslPooa6Z8YDFq6CIvtm6YKTPR48vkjKEen7+sZwKuhqWnUmMfGcnX+0HBYzY0vpbRw+BPKqbN48q6tIaB9jh1MuoRHrN4UrwOyRedub3mQhpo4usx4Q+qbmjZgFLdRiUd87scQ==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>vP1TFcE7oZG0luOJxjqwqK6kNu7Mz9qZD8hcH0IRAe4VV3YSAOjKSrXUZjdnwendQGX719ejliyD5EQQ3BLIc17n+Tdz4GNCsAUzumC6ROLJgGPt95gj0RwBt1tVR5mJyVor4zys4jCOqRW2bf1ZKaqefapvTfo/QegQU+kYxWqzlGBCWH96L0ds0En0O6lChyktMaI9Cdjlbg9tUDIFJlxDz1ZJcK+qDCfAC+trcV7evsSP53USoMh23f2OBTYmCqw3euAhIig7X72YsJnz8FXt3k530PRyccz/mqGMHnaPOOVUcwsIbWTKCCwBmbXmOX+eiyVewxLCtobKyU8gyA==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>+5CkLxZcQTQEF9Qxu/0bOvTpu/DnAoMx/VnrZMDDpSY=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>X2gTKbpi+U++x/LxMD/h3qPh9bjsi7HfnBM3QnpAWnrV/TJVqN4FzRlvRcgfSOerrwjlkFOvOim8kpgOgZHYP1GJIYRsiAHD0ru5nvLof/U=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>y4aMmFohbrPCmqsYhixsEPd4HefhppOjW7cQIUh5rNY=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>+5CkLxZcQTQEF9Qxu/0bOoNmT3840XiJqiKp0X6TJro=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>QWpJHhE2the4onsMwSGZ6EDj5e5LAeC8E7lTzFw8oDbQNuGXRkatqFqc5EVrg4JICmeiAgHGwuntGOVNRi0nX/KSvY1VNopckpBsmB8i5+Q=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>p1Aw5kejWG2F9ZxE0n4D9i0lK4nuhRnKCax5PJb/1Ec=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>p1Aw5kejWG2F9ZxE0n4D9pBxtUEGljQZt5gLnMDPE64=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>z7fR+S9IAE18Pweq8jq3Rw==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>z7fR+S9IAE18Pweq8jq3Rw==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>WVlJEi2+SQ9oW9c4LdmCzQi+3rVWVLxR3Hb5HP0Pp/wNSRAlPyZCGuTKuk1qaccDeFpTaQwnAWtBKu8ICzA1Dg==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>a4hCTk9O+VOz2+lzj5Tt8ggeVTcM3Wfy2vRz0AvZmzBqzTDQfI9uAXj3tGmfQtfqu/DrkVuyfRTV89RPj17BxQ==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>N+pKTi8KZvSzujSWOWH0diabwIHYSfPEtwbAxZFD1yE=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>N+pKTi8KZvSzujSWOWH0diabwIHYSfPEtwbAxZFD1yE=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>/zjzLAO3PJwf2aoN/Ptnz8PbuZFYCmK4uJo/MdotTEgBpgdyy/Jtij2yKw5Fp8e2</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>/zjzLAO3PJwf2aoN/Ptnz8PbuZFYCmK4uJo/MdotTEgBpgdyy/Jtij2yKw5Fp8e2</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 17:42:34:728 - <NULL>)
00010003(0x80072EE7, 17:42:34:728)
 
Error: (03/22/2015 05:30:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 43%
Total physical RAM: 3682.26 MB
Available physical RAM: 2064.36 MB
Total Pagefile: 7138.26 MB
Available Pagefile: 5397.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:442.88 GB) (Free:417.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C2C9F703)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by BrittanyD (administrator) on BRITTANY on 23-03-2015 18:55:33
Running from C:\Users\BrittanyD\Desktop
Loaded Profiles: BrittanyD (Available profiles: BrittanyD)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2012-07-25] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net/
HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (Google Docs) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (Google Drive) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]
CHR Extension: (YouTube) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Search) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]
CHR Extension: (Google Sheets) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR Extension: (Gmail) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-22] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-23 18:55 - 2015-03-23 18:56 - 00008811 _____ () C:\Users\BrittanyD\Desktop\FRST.txt
2015-03-23 18:55 - 2015-03-23 18:55 - 00000000 ____D () C:\FRST
2015-03-23 18:51 - 2015-03-23 18:51 - 56722116 _____ () C:\Users\BrittanyD\Downloads\Unconfirmed 406921.crdownload
2015-03-23 18:50 - 2015-03-23 18:54 - 00000000 ____D () C:\Users\BrittanyD\Documents\Youcam
2015-03-23 18:50 - 2015-03-23 18:50 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\CyberLink
2015-03-23 18:50 - 2015-03-23 18:50 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\CyberLink
2015-03-23 18:49 - 2015-03-23 18:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 18:49 - 2015-03-23 18:49 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-23 18:49 - 2015-03-23 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-23 18:48 - 2015-03-23 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-23 18:48 - 2015-03-23 18:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-23 18:48 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 18:48 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-23 18:48 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-23 18:46 - 2015-03-23 18:47 - 07490544 _____ () C:\Users\BrittanyD\Downloads\MSH_LEAS.themepack
2015-03-23 18:32 - 2015-03-23 18:33 - 02095616 _____ (Farbar) C:\Users\BrittanyD\Desktop\FRST64.exe
2015-03-23 18:30 - 2015-03-23 18:36 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\BrittanyD\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-22 20:46 - 2015-03-22 20:46 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\hpqlog
2015-03-22 20:46 - 2015-03-22 20:46 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Hewlett-Packard
2015-03-22 19:18 - 2015-03-22 19:22 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-22 18:35 - 2015-03-22 19:18 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Origin
2015-03-22 18:35 - 2015-03-22 19:18 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Origin
2015-03-22 18:31 - 2014-05-14 18:02 - 00059424 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-22 18:31 - 2014-05-14 15:43 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-22 18:31 - 2014-05-14 15:43 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-22 18:31 - 2014-05-14 15:43 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-03-22 18:31 - 2014-05-14 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-03-22 18:31 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-22 18:31 - 2012-11-05 21:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-03-22 18:31 - 2012-11-05 21:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2015-03-22 18:25 - 2015-03-22 20:47 - 00000000 ____D () C:\ProgramData\Origin
2015-03-22 18:25 - 2015-03-22 18:35 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-22 18:25 - 2015-03-22 18:25 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-03-22 18:25 - 2015-03-22 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-03-22 18:25 - 2015-03-22 18:25 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-22 18:17 - 2015-03-22 18:17 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-22 18:17 - 2015-03-22 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-22 18:12 - 2015-03-23 18:27 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 18:12 - 2015-03-23 18:17 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 18:12 - 2015-03-22 18:17 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Google
2015-03-22 18:12 - 2015-03-22 18:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-22 18:12 - 2015-03-22 18:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-22 18:12 - 2015-03-22 18:12 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-22 18:11 - 2015-03-22 20:46 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Hewlett-Packard
2015-03-22 18:11 - 2015-03-22 18:12 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Deployment
2015-03-22 18:11 - 2015-03-22 18:11 - 00004032 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2015-03-22 18:11 - 2015-03-22 18:11 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Apps\2.0
2015-03-22 18:07 - 2015-03-22 18:07 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Macromedia
2015-03-22 17:47 - 2015-03-22 18:30 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1604515157-265859657-2736240245-1002
2015-03-22 17:32 - 2015-03-22 17:32 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\ATI
2015-03-22 17:32 - 2015-03-22 17:32 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\ATI
2015-03-22 17:32 - 2015-03-22 17:32 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\AMD
2015-03-22 17:31 - 2015-03-22 17:31 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 17:30 - 2015-03-22 17:30 - 00001430 _____ () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Synaptics
2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Adobe
2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Power2Go8
2015-03-22 17:29 - 2015-03-23 18:43 - 01942283 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Packages
2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD
2015-03-22 17:29 - 2015-03-22 17:29 - 00000020 ___SH () C:\Users\BrittanyD\ntuser.ini
2015-03-22 17:29 - 2015-03-22 17:29 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\VirtualStore
2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-22 17:20 - 2012-07-25 13:15 - 00031497 _____ () C:\Windows\Core.xml
2015-03-22 17:07 - 2015-03-22 17:07 - 00000000 ____D () C:\ProgramData\ATI
2015-03-22 16:56 - 2015-03-23 18:50 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-22 16:53 - 2015-03-22 16:53 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-03-22 16:53 - 2015-03-22 16:53 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-03-22 16:53 - 2015-03-22 16:53 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-03-22 16:53 - 2015-03-22 16:53 - 00000000 __RSH () C:\Windows\SysWOW64\Drivers\103C_HP_cNB_2000 Notebook PC_Y5335KV_0U_Q5CG3041KL7_E707939-001_4A_I188B_SHP_V69.14_BF.22_T121025_W8101-0_L409_M3683_J500_7AMD_8F20_91.70_#150322_N10EC8136;168C0032_(D1E81UA#ABA)_XMOBILE_CN10_Z.MRK
2015-03-22 16:53 - 2015-03-22 16:53 - 00000000 __RSH () C:\Windows\system32\Drivers\103C_HP_cNB_2000 Notebook PC_Y5335KV_0U_Q5CG3041KL7_E707939-001_4A_I188B_SHP_V69.14_BF.22_T121025_W8101-0_L409_M3683_J500_7AMD_8F20_91.70_#150322_N10EC8136;168C0032_(D1E81UA#ABA)_XMOBILE_CN10_Z.MRK
2015-03-22 16:53 - 2015-03-22 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-03-22 16:52 - 2015-03-22 16:52 - 00003160 _____ () C:\Windows\System32\Tasks\CLMLSvc_P2G8
2015-03-22 16:52 - 2012-06-25 10:24 - 00092536 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualDrive.sys
2015-03-22 16:51 - 2015-03-22 16:51 - 00003148 _____ () C:\Windows\System32\Tasks\MirageAgent
2015-03-22 16:51 - 2015-03-22 16:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-03-22 16:51 - 2015-03-22 16:51 - 00000000 ____D () C:\Users\Public\Documents\YouCam
2015-03-22 16:44 - 2015-03-22 16:53 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-22 16:43 - 2015-03-22 16:54 - 00000000 ____D () C:\ProgramData\Temp
2015-03-22 16:43 - 2015-03-22 16:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-03-22 16:43 - 2015-03-22 16:51 - 00000000 ____D () C:\ProgramData\install_clap
2015-03-22 16:41 - 2015-03-22 16:41 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2015-03-22 16:40 - 2015-03-22 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-03-22 16:38 - 2015-03-22 16:38 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2015-03-22 16:37 - 2015-03-22 16:37 - 00000058 _____ () C:\Windows\system32\ndCPrepLog
2015-03-22 16:37 - 2015-03-22 16:37 - 00000000 ____D () C:\ProgramData\Synaptics
2015-03-22 16:36 - 2015-03-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\sda
2015-03-22 16:36 - 2012-08-08 20:17 - 09888912 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsP2StorIcon.dll
2015-03-22 16:36 - 2012-08-08 20:17 - 00273040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2015-03-22 16:35 - 2015-03-22 16:35 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2015-03-22 16:35 - 2015-03-22 16:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-03-22 16:35 - 2012-06-12 22:41 - 00683664 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-03-22 16:35 - 2012-06-12 22:41 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-03-22 16:34 - 2015-03-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-22 16:34 - 2015-03-22 16:35 - 00006972 _____ () C:\Windows\DPINST.LOG
2015-03-22 16:34 - 2015-03-22 16:35 - 00001352 _____ () C:\Windows\Synaptics.log
2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ____D () C:\Program Files\Realtek
2015-03-22 16:34 - 2012-06-19 17:54 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-03-22 16:34 - 2012-06-19 14:31 - 00293889 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-03-22 16:34 - 2012-06-08 17:18 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-03-22 16:34 - 2012-06-06 11:44 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-03-22 16:34 - 2012-06-01 10:37 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-03-22 16:34 - 2012-05-31 19:08 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-03-22 16:34 - 2012-05-25 19:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-03-22 16:34 - 2012-05-10 16:22 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-03-22 16:34 - 2012-03-08 12:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-03-22 16:34 - 2012-03-08 12:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-03-22 16:34 - 2012-03-07 13:23 - 00000008 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat
2015-03-22 16:34 - 2012-01-28 11:19 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2015-03-22 16:34 - 2011-12-20 16:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-03-22 16:34 - 2011-12-13 17:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-03-22 16:34 - 2011-11-22 17:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-03-22 16:34 - 2010-11-08 08:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-03-22 16:34 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-03-22 16:34 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-03-22 16:34 - 2010-11-08 08:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-03-22 16:34 - 2010-11-08 08:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-03-22 16:34 - 2010-11-08 08:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-03-22 16:34 - 2010-11-03 19:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-03-22 16:34 - 2009-11-24 10:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-03-22 16:34 - 2009-11-24 10:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-03-22 16:32 - 2015-03-22 16:59 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-22 16:32 - 2015-03-22 16:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-22 16:32 - 2015-03-22 16:33 - 00000000 ____D () C:\Windows\Hewlett-Packard
2015-03-22 16:32 - 2015-03-22 16:32 - 00000000 ____D () C:\Windows\Options
2015-03-22 16:32 - 2015-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-03-22 16:32 - 2012-09-28 20:59 - 03666944 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw8x.sys
2015-03-22 16:31 - 2015-03-22 16:59 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-22 16:31 - 2015-03-22 16:32 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\ProgramData\Apple
2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-22 16:31 - 2012-08-08 11:22 - 00355840 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll
2015-03-22 16:31 - 2012-08-08 11:21 - 00377344 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll
2015-03-22 16:31 - 2012-08-08 11:18 - 00170496 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll
2015-03-22 16:31 - 2012-06-23 06:23 - 00199008 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\ProgramData\AMD
2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-03-22 16:30 - 2012-06-19 07:07 - 00057000 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-03-22 16:29 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-03-22 16:29 - 2015-03-22 16:29 - 00000000 ____D () C:\Program Files\ATI
2015-03-22 16:26 - 2015-03-22 16:26 - 00000000 __SHD () C:\Recovery
2015-03-22 16:22 - 2015-03-22 16:22 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-23 18:51 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-23 18:41 - 2012-08-03 16:21 - 00000000 ____D () C:\Windows\Panther
2015-03-23 18:33 - 2012-07-26 00:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 18:25 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 18:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-22 18:44 - 2012-08-03 15:23 - 00003218 _____ () C:\Windows\PFRO.log
2015-03-22 18:30 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\restore
2015-03-22 18:12 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup
2015-03-22 17:30 - 2012-08-03 17:02 - 00000000 ___HD () C:\SYSTEM.SAV
2015-03-22 17:29 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-03-22 17:29 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-22 17:21 - 2012-10-19 19:35 - 00000012 _____ () C:\Windows\CSUP.txt
2015-03-22 17:21 - 2012-07-26 01:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-03-22 17:21 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2015-03-22 17:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-22 17:18 - 2012-08-03 15:40 - 00009068 _____ () C:\Windows\iis.log
2015-03-22 17:18 - 2012-07-26 01:13 - 00003608 _____ () C:\Windows\DtcInstall.log
2015-03-22 17:18 - 2012-07-26 00:21 - 00024539 _____ () C:\Windows\setupact.log
2015-03-22 17:11 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-03-22 16:43 - 2012-10-19 19:23 - 00000000 ___HD () C:\HP
2015-03-22 16:29 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-22 16:25 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-03 15:23
 
==================== End Of Log ============================
 
 
 
 

  • 0

#28
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

There is no evidence of malware in the logs but there seems to be a Windows/Office activation problem.

 

I'd like you to find the Malwarebytes log for me to see if anything was found. It can be found here:

 

C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Can you also tell me what problems you have since the System Restore.

 

Satchfan.


  • 0

#29
pepsiprincess

pepsiprincess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I don't have that path. I went to c and under username there is no appdata, I also looked for log file in the malware bytes folder


  • 0

#30
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Apologies; Open Malwarebytes, click on History > Application Logs. Open the last scan by double-clicking on it. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select "Copy to clipboard"; that copies the full log to the windows clipboard, so in your reply, right click in the text field and select "Paste", (or press Ctrl+V).
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP