[Satchfan]

Thanks for your patience.


This computer has been severely infected and whoever was (ab)using it needs some pointers on computer security, (I’ll include some when we’re finished here).


Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_us_335] => [X]
HKU\S-1-5-21-2577598248-3465682323-2258817992-1003\...\MountPoints2: {d537cacd-bb91-11e4-bf86-2016d8c64df9} - "F:\VZW_Software_upgrade_assistant.exe"
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\new\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-2577598248-3465682323-2258817992-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
2015-03-19 02:40 - 2015-03-19 19:02 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-03-19 02:40 - 2015-03-19 02:40 - 00002802 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-03-19 02:40 - 2015-03-19 02:40 - 00002802 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-03-19 02:35 - 2015-03-19 02:35 - 00613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsj63B8.tmp
2015-03-19 01:59 - 2015-03-20 02:40 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-03-19 01:50 - 2015-03-19 19:02 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-03-19 01:50 - 2015-03-19 02:39 - 00002804 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-03-19 01:44 - 2015-03-19 01:44 - 00628688 _____ (CMI Limited) C:\Users\new\AppData\Local\nsm16EF.tmp
2015-03-19 01:44 - 2015-03-19 01:44 - 00000000 __SHD () C:\Users\new\AppData\Roaming\AnyProtectEx
2015-03-19 00:40 - 2015-03-19 07:50 - 00000000 ____D () C:\Users\new\AppData\Local\CrashDumps
2015-03-19 00:39 - 2015-03-19 02:07 - 00008688 _____ () C:\WINDOWS\SysWOW64\BasementDusterOff.ini
2015-03-19 00:39 - 2015-03-19 02:07 - 00008688 _____ () C:\WINDOWS\system32\BasementDusterOff.ini
2015-03-19 00:38 - 2015-03-16 11:21 - 00295808 _____ (BD Inc.) C:\WINDOWS\SysWOW64\BDL.dll
2015-03-19 00:37 - 2015-03-19 00:37 - 01874944 _____ (Cinema PlusV18.03) C:\Users\new\AppData\Roaming\PVYJW.exe
2015-03-19 00:36 - 2015-03-19 18:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-19 00:36 - 2015-03-19 00:45 - 00000000 _____ () C:\END
2015-03-19 00:36 - 2015-03-19 00:36 - 00000000 ____D () C:\Users\new\AppData\Local\globalUpdate
2015-03-19 00:30 - 2015-03-19 18:13 - 00000000 ____D () C:\Users\new\AppData\Local\SmartWeb
2015-03-18 07:19 - 2015-03-18 07:19 - 00613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsmDAB2.tmp
2015-03-18 07:13 - 2015-03-18 07:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
2015-03-18 00:19 - 2015-03-18 00:19 - 01988096 _____ (Cinema PlusV17.03) C:\Users\new\AppData\Roaming\JYLS.exe
2015-03-18 00:11 - 2015-03-18 00:11 - 00000000 ____D () C:\ProgramData\3ac3fb296cff417d9c334970ddfa1712
2015-03-18 00:11 - 2015-03-18 00:11 - 00000000 ____D () C:\ProgramData\383e68074e2b4b0590fa738a6c625340
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\new\AppData\Roaming\PVYJW
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\new\AppData\Roaming\JYLS
2015-03-19 02:35 - 2015-03-19 02:35 - 0613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsj63B8.tmp
2015-03-19 01:44 - 2015-03-19 01:44 - 0628688 _____ (CMI Limited) C:\Users\new\AppData\Local\nsm16EF.tmp
2015-03-18 07:19 - 2015-03-18 07:19 - 0613255 _____ (CMI Limited) C:\Users\new\AppData\Local\nsmDAB2.tmp
Task: {0A2949BF-257F-43FE-AA3D-A228C21AB9D9} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {0EDC4CA5-8CDE-46D2-80F0-EE3E6C3A876F} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {1C02A065-2BE9-4F3A-9B26-FECE31DD4BAF} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5D3EDCF2-C22D-4760-B6AA-6B5A2E891FB2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {BDA80B80-D203-4B46-A33C-A424203060B7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F7F2E4F9-1484-4171-89A8-BB4ED9D22B55} - \TidyNetwork Update No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nnxwgpgc.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vqlvazsn.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:1F96ED45
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:6764D965
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys
C:\WINDOWS\Tasks\APSnotifierPP3.job
C:\WINDOWS\System32\Tasks\APSnotifierPP3
C:\WINDOWS\System32\Tasks\APSnotifierPP2
C:\Users\new\AppData\Local\nsj63B8.tmp
C:\WINDOWS\Tasks\APSnotifierPP2.job
C:\WINDOWS\Tasks\APSnotifierPP1.job
C:\WINDOWS\System32\Tasks\APSnotifierPP1
C:\Users\new\AppData\Local\nsm16EF.tmp
C:\Users\new\AppData\Roaming\AnyProtectEx
C:\Users\new\AppData\Local\CrashDumps
C:\WINDOWS\SysWOW64\BasementDusterOff.ini
C:\WINDOWS\system32\BasementDusterOff.ini
C:\WINDOWS\SysWOW64\BDL.dll
C:\Users\new\AppData\Roaming\PVYJW.exe
C:\Program Files (x86)\globalUpdate
C:\END
C:\Users\new\AppData\Local\globalUpdate
C:\Users\new\AppData\Local\SmartWeb
C:\Users\new\AppData\Local\nsmDAB2.tmp
C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
C:\Users\new\AppData\Roaming\JYLS.exe
C:\ProgramData\3ac3fb296cff417d9c334970ddfa1712
C:\ProgramData\383e68074e2b4b0590fa738a6c625340
C:\Users\new\AppData\Roaming\PVYJW
C:\Users\new\AppData\Roaming\JYLS
C:\Users\new\AppData\Local\nsj63B8.tmp
C:\Users\new\AppData\Local\nsm16EF.tmp
C:\Users\new\AppData\Local\nsmDAB2.tmp
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
C:\WINDOWS\system32\Drivers\nnxwgpgc.sys
C:\WINDOWS\system32\Drivers\vqlvazsn.sys
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
• run FRST64 then click Fix just once and wait
• it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

• start Malwarebytes-Anti-Malware and update it, (“Update” tab}
• once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
• when the scan is complete, if no malicious items are found you can close the program
• if malicious items are found be sure that everything is checked and click Quarantine
• when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt

Can you tell me if there is any improvement and what outstanding problems you have.

Satchfan

[Advertisements]

Thank YOU for your patience. Our computer broke my daughter bought this from a kid she goes to college with. I am at work will complete this when I get home.

[pepsiprincess]

Thank YOU for your patience. Our computer broke my daughter bought this from a kid she goes to college with. I am at work will complete this when I get home.

[Satchfan]

 

The person she bought it from shouldn't be allowed near a PC.

[pepsiprincess]

I ran the fix list now I can't connect to the internet. Any idea?

[Satchfan]

Try turning off the computer and restarting it.

If that fails, as you obviously have access to another computer, if you have a flash drive, do the following and transfer the following program to to the infected computer.


Download and run Tweaking.com - Windows Repair

Download Windows Repair from here

• save it to your flash drive
• transfer it to the desktop of the infected computer, (copy/paste)
• install and then run the program
• ignore steps 1-5 and click on + Repair
• then, in the same window, click on the “Open Repairs” tab:
• click Start
• leave the default selected items as they are and check Restart System When Finished
• also check Restart System When Finished.
• now press Start.

Once that is complete, please let me know if you can now connect.

Satchfan
 

 

[pepsiprincess]

I am on my phone I will see what I can figure out tomorrow.

[Satchfan]

OK.

[pepsiprincess]

I ended up just doing a system restore. Seemed the simplest solution right now.

[Satchfan]

Did you do what I suggested first? System Restore was not the easiest option as it has probably put a lot of this back to square one.

 

How is your computer behaving?

 

I suggest you run Mbam as I requested and then FRST again and send both the logs.

 

Satchfan

[pepsiprincess]

I will do when I get home

[Satchfan]

OK

[pepsiprincess]

malware bytes I could not find the log, here is the log from frst.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by BrittanyD at 2015-03-23 18:57:34

Running from C:\Users\BrittanyD\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AMD Catalyst Install Manager (HKLM\...\{039B859F-360B-58D8-F86F-C277BA6ED7D8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)

HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)

HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)

HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

22-03-2015 18:30:04 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {05C5F256-9E31-4F86-9196-4C987120ED86} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-25] (Synaptics Incorporated)

Task: {09320D12-129E-4ADF-8EE1-FEA566A2FD84} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)

Task: {13637359-CF5E-4A8E-8619-94B0572AE313} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)

Task: {24338CFD-A666-4FDE-93FD-D2B658A95D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)

Task: {42A84CD7-1003-489E-8E33-0D04A3E9E8A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {4E934D9C-EEA6-47EA-B191-1D42D1DA45CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)

Task: {5BBE5939-D824-40AE-A5F2-ED536475A930} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

Task: {A5AC943B-4A1B-482F-871B-AAB75DB96BDA} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-09-17] ()

Task: {CDC3358F-E73E-4A79-AF9D-2BCCAEF93F35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2012-09-12 17:20 - 2012-09-12 17:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2012-09-12 17:20 - 2012-09-12 17:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2012-09-12 17:07 - 2012-09-12 17:07 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2015-03-22 16:52 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2015-03-22 18:17 - 2015-03-14 03:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll

2015-03-22 18:17 - 2015-03-14 03:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll

2015-03-22 18:17 - 2015-03-14 03:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.0.1 - 205.171.2.226

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1604515157-265859657-2736240245-500 - Administrator - Disabled)

BrittanyD (S-1-5-21-1604515157-265859657-2736240245-1002 - Administrator - Enabled) => C:\Users\BrittanyD

Guest (S-1-5-21-1604515157-265859657-2736240245-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1604515157-265859657-2736240245-1004 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1700

 

Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1700

 

Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/22/2015 06:13:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x501b7575

Faulting module name: d2d1.dll, version: 6.2.9200.16420, time stamp: 0x505a9763

Exception code: 0xc0000005

Fault offset: 0x0012f247

Faulting process id: 0x66c

Faulting application start time: 0xHPPU.exe0

Faulting application path: HPPU.exe1

Faulting module path: HPPU.exe2

Report Id: HPPU.exe3

Faulting package full name: HPPU.exe4

Faulting package-relative application ID: HPPU.exe5

 

Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )

Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)

   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)

 

Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )

Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)

   at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)

 

Error: (03/22/2015 05:42:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x80072EE7

Command-line arguments:

RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

 

Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )

Description: Acquisition of End User License failed. hr=0x80072EE7

Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac

 

Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )

Description: License acquisition failure details. 

hr=0x80072EE7

 

Error: (03/22/2015 05:30:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x80072EE7

Command-line arguments:

RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

 

 

System errors:

=============

Error: (03/23/2015 06:25:52 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 6:24:47 PM on ‎3/‎23/‎2015 was unexpected.

 

Error: (03/22/2015 06:44:55 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 6:41:12 PM on ‎3/‎22/‎2015 was unexpected.

 

Error: (03/22/2015 05:41:11 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 5:25:46 PM on ‎3/‎22/‎2015 was unexpected.

 

Error: (03/22/2015 05:19:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (03/22/2015 05:18:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Network List Service service terminated with the following error: 

%%21

 

Error: (03/22/2015 05:18:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The IP Helper service terminated with the following error: 

%%1058

 

Error: (03/22/2015 05:17:26 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

 

Error: (03/22/2015 05:11:37 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (03/22/2015 05:09:37 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

 

Microsoft Office Sessions:

=========================

Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1700

 

Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1700

 

Error: (03/22/2015 08:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/22/2015 06:13:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: HPPU.exe1.0.0.0501b7575d2d1.dll6.2.9200.16420505a9763c00000050012f24766c01d065069946373bC:\HP\Data\HPUC\HPPU.exeC:\Windows\SYSTEM32\d2d1.dlldaeff537-d0f9-11e4-be6f-d89d677fb433

 

Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )

Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)

   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)

 

Error: (03/22/2015 06:11:51 PM) (Source: HP Registration Service) (EventID: 0) (User: )

Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)

   at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)

 

Error: (03/22/2015 05:42:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

 

Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )

Description: hr=0x80072EE79e4b231b-3e45-41f4-967f-c914f178b6ac

 

Error: (03/22/2015 05:42:34 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )

Description: hr=0x80072EE700010001(0x00000000, 17:42:34:401 - https://activation.s...igextension=DM)

00020001(0x00000000, 17:42:34:572)

00030001(0x00000000, 17:42:34:588 - https://activation.sls.microsoft.com)

00030002(0x00000000, 17:42:34:588 - 0)

00040001(0x00000000, 17:42:34:588 - https://activation.sls.microsoft.com)

00040002(0x00000000, 17:42:34:588 - 1, <NULL>, <NULL>, <NULL>)

00050002(0x80072F94, 17:42:34:588 - 0, 1)

00040006(0x00000001, 17:42:34:588 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)

00020005(0x00000000, 17:42:34:588 - 0)

00020008(0x80072EE7, 17:42:34:713 - SOAPAction: "http://microsoft.com...ice/IssueToken"

Content-Type: text/xml; charset=utf-8

, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>s6kNSo+p7DY7bj1+WEmsfrVEAC+eQOchPZZAkB1p+NsW6qjF5AFynXzoLdzmWJZXD2ZdNH3YeNm1aZFpqe5ZEovb2iMKdO0WlTipCjEICvI7I+pMDDVWDVmPy5hurJMTIgIxuiWRVq1cBzjx1Q9hCi6lxQYd9VvxD+zD9lqwVVplAGSqVGZbuNlHuKskmSIXGppB2gE0F1hRP0v6etDFDgZq551tTKu7uAmRwg6JPa+x8GjnyZcClmVNLqhyUrEIxViK7hbObBi0tmPSAamnSnbTQcBt6TFzKKMA6cAZseR18R1GROmupvljsLH398uoepsWZwBlP70KUd0HfSF+YPNbS22uY0VjoWG0O5pkLA8ouEUOYGal42oBGNXMoIiuof2ApNdlGLl7mzQezcHR+r3kjSuwrJpoVjS5ZKjsSFTza2rA2ciOwjDzpliHczZgS3WiA2mwTlCWKVsih6aofvsbETQ9VIKqkbtcxBrXgb4qhdNX8rt5q9NSmzzLdVCTxFGDKYl8IZ9AlsXHemC9IJM1RGZGc41yiPUZmKjELxkO4ef0hJyHNKvYAXMwAByEXg3ftXAvLtsRzpw1BZ+ZG6hKZKRiyK6GYv0Fxw4D1NBOk2r74GlOaBR9w9HmHOIg2/otWU0z7hUWB7L4K8saX3a5qoF6//uhaGfiYBDloCOIWrQAH34VHYxXlMLYsys1voo9DhHZmaawVhBJ5iC1HQfSwMXYa4SengXqD3WHkn2A1THLE6j5P6JVz1NuUqOsMCVc7hOQ55lOFobYRHCI1zR9jGreE0X241mWpKcWXiTLnyRnpQOrGfHf7l9hcqXKyMlsNKonw30zbH9sznorVgRMu0GsS2pHyr/xZ1/dJ7DKRa2rzt1bAzqNdrQkmypV1IY+lPlnRvEUxSQpSM8tPYxlqEeOT/00Djkj4Kj+ei+aO4a2N5PYgWThIl5Q+4eRDwJZJoDxKO/pnuon7sgB6lzGlP0ubLUXMLj+R8HmywnH6lBADHoKjC0fLI6Av9VSAjXmfLCCp9wcjksNIoMrB7aj8YWHZEU9+FG/IPTd8DHi6OQMOfJ0mdS+2xH1EZ+DVCi1s3UpQ0E863a2i5dumY2cz5P7yD2JBTKKbPlq0i42rOjsnN10GjYwgJbP1EoPVQ0JF8NowUDR3qCSJ15ZenY3UpaMzeVDkoYcMvU6HsoJ3DryU9H8RkYiZiEc5sUA4dz+3W8UikT8yaro/JgLd3Xd4t78p2BC5CS8LvWRsqavaeUdWb9dzwUY0LnjporgQ8t6Oq9PzULn4dWsr5XAfUw7SUzN48r/dDH+algmAc7V9noWILbJwSpIXNaPP/7dd2ommnBFKHslVFXPgTefM5UAPDvx+Pf7Ylb9awzL6frb+j4VLkP5C0cpDG+sJ/0msCHeoGAo+ZHdd4gleUTYSLEIUfz6LQXj3iuAGxpIUkdsQ5SIgXy1ehq6O0NvWJMdD8N37Eg3/fiX0E/0GmKCnjcsYyssqPjl2DKgmzAp3fh5aXZK0yn6TpwJ54ju77SMecsO9l09lISrKA4HTwvlwpMqvahmwHurrMizUJ/9IqHgoXupsVrU50Jetaad3MMocSe1UywrjQbVO/ZV5Wif16cV/hSA4R2JvOq8aMgONmASyUW+wmH2eOaoVJolB/bOdzqWlowwnW76keJ3jqf86S0F+jzEX3NhWHeeJH4DzM9zvWwqx78uflTL9YyEIGQNGP0tbKZZtuxWLWtkFlpIN/LoAea/b8djpOm68XY6cs/dxIHEnhRK+MLSYPwzoeiFvSm/F87JIymOLm+R6N+OcvtSuv+/5fuRlRTS4XyrL/k5QP1AA6j/e0wVc/eN7MIy8eU5AFNefv2t2OfzH2cqBLJY5qhs08IeM0J4aFwkRoWWhwUgvfI0GEw/0LpLcAcwRH5mNJEE1ITQz6nDkFviCYX4xmQ6dBlShWFG33WSqOvz8grqJwgSb33jT7rl6etz7KfLQ7lBGBjZPfyO0V3TcaCLyGgFT+jZyMVOq1dUGgw//41UPTwsF9s0yna91aHFSwlKNgx8k4ULkUbCl4544dFk7b/7Svd86i5CYhhOD4UDJC4dfOVemkCalJVBus2DSXtlh1S0ERgPXPrjkvPF5cTEBp18a9XZ8m5Y2b8ON6V2b4tMIlWgrPF58nxskG3+kSB5eFudLBX8eW9nnJc/B5q30rxRuqTltn5n87GHs08OpMvAo4Er4ThD7OANDyni9f5GJgTTJjAtYIVduhAUUDukWdV7Vo5ontIFcp1au9Vh03yh68rlNGhGcRuyplmnBsxkNhtTIAV3rd1qSUok9EbZfeJVLhp0/vSFrC8sxyxw8y5pXom83XkoUmNUN+Gqf0xIOQLvUBKxGZVnfj7bJZLA0LDl4f+b8as2wbB0dBOC0/BVggREgwD/qthy0GssrV6Qm2L/ncalrKojVjpSNJJMFU5W32hvTTBAAaCP+LaTFi+JfDUnD/Xgof9lpNZwB5i5XEIcZuCy9mUqN79eNqg2WQxGfD8U5x36yjs5fSh5OwXEBpS1jRlabAnoaNx1UzN6bvKva5rJQjbBl6eNFvS0Bg2pQJL5owwjQTWGc539t3nLKPxT0Nt7t+4NWYigVRqZ3ILojbzQ/h0xB/iriZ+pCcsDyYuL0xuX3/dV1ppu6fFUM7ENeUwYkbjQpk3FKXOWwPajiITAAmlpqXnrW7/PqepAcSnJRFOxV9flpH5+krzggWuKIiXnsTPqj+ensh0WPiIr5mvFoWLqihgDdypI5a+9eYr9/AoGAkrpo0lmpzyLKdrjP8TYdy4aVDXqxjXW82mBBuUWmglX30Xo+4mQ2haEb5mJLrQRSmeNjpoExwR5s7p+Lp3Rzn3vtVqvx5hman7/bTPU4IJOwjDNxoB6D+fNzJ+zsoXSNEHUBHgYEln7wT/k6bTqpSFW4aOIgkP6OQH1fCuLi6vLr7NbNsDEryPbShofwufwRZZ10ipuxcxaYFMoauXA+gwYiwaDGyjA3fpvr4C3hYi/OufAXLV1muTbvklcZLZ+l71lfi+m21jScLjO2Wrg+lirLkiHkgg2C+3fY2PIJWb6hZW5EFgL0DX+YDH5rvhT1A04QHnZC7lPXEhCn4b7HGh+TLe5mYd+la99GX6uIPTfECaY9Rpj/bJnonSsRVh65DMaYmp9Coy+MBOfCWEE4JaOrH9ltq79MFb2n/We/CW7S5+S0ZG6G1QyX/d3Csq56zvPoMaZ7Q97XMMwTBgtUpD+PwbGoF6A6bG9UzmkatP7TEj1tUFAMkW4LyKCmxJ4E0YQaiuL9Hn9DPOVJwiwFGI4tjc8+zbc50jruH0tVMfL7Ql48lCE2UROA2NhG7hEa0sf1OFWmJJCBVdAAR6rgO7xJMnA9AHh2TFOUR3fBZdEO+natEpZO3sIYH0GtGaR/otNdpcKPCD8wC4WewTgyickdFrA0rDVZngfUiP0fwJJPsjdOYhgo0Xr4TLMjkTO4+fqwD1gIdpDaNBY9N6I/ivPmFtFmx2vUEhqJDKEEOHWtqqKaBQFCEMiXmHm2sEycwOslMngWs+O/uxIP1fydsQnUapAslDPR9liYOPt5hBb8/cTUEQuYGHWUtRbA84F5v91n3NwCnh+oOw2MdUBcFYn64mBl4Ry2bR8IUOKrO557iNIntQTULU+m46esEtWpskvld+P6sP1RFMRq69I9cn0KwzNK+VZi+eSkV2gFYmAPiYgT36CtUVzYcar8o6AQ3VRyXvD86m4MPVm421x2wSZnNu1kY/zAYcloTRv88e5I+KcFZnR/vwupo47DQeO9mYkmHfjt6hnMC+KJkjWDJK986ofbvGx75erx3oD9JlkYlQwRc/Y+r2qwwAz/5dfGNVCdha06j6Xe6ZriMBnlDg0FBt/NR6P4GCokF7GDXpRaBTNJF2sTWB8ThOT1Hf447cp9vDnR3qJeDS7PIrwfW+I8ax6ZvsmhRDpNPf1x7m09maHlk4wZpZjqFqdSr8J/ds1NBns0hNAd4pKJpaCrb3kfF1/7wbTXGzbRg6CL5CGucn6mtaeEEq3F2sURCkIk/CWBNub9FFi4tJ3j8C8uBbHYAG7Aa54JegdJKYeKsUN3FuFMD5rYIeBlThCxgLabqbg3dM+ecpiI6i8GIkienL/Ww82oQnCkGCuWrhMCg4g0klC0GeHCVfTtsvKjCO4YoSJNDO+2CZX5qRI2UPu6/G89GkMamgKCbYxpupk2xttyRo8IIUHEcN74hynK/Z6Uz8uz8T9gGTH8PQbfxip0WCZ6a7lD4t/UfC4E3d805fcZwHRA0psuZjJHkt2OyS4M8nwJSq+bfdcpxa6EIoW4V2BvlJ47huux4MTugxJ0Li2SGS3ZwiTuA/w5s8aRzrOwyCYdV1f6SAbFgrx/I46uTKzDZGr8buThOsm8L4XxkJeDwdBmwagtKFRu/437pdUfeWUW0V0Bche3SFhJHmZqyEiW+n8NmAAlMg4233CHU5KzW1t58SRdPik57Ac9bsEvkO8ny4fiAJvms9RuvyC1WcQg9mk4BoVBZ5oiBReA6xaohw8UpFVTYZsQJ0AmJ/Dgj0r1CYviq/kIiqoz64cxoAj0ShBzJKaq0HGDFfq9ExH0uVbi/daxNDIW6ZW+6jTsMYI0kXZlbBSrdsBUROpoJ5C9Tt9NB9M7mOz0XcDzBNEW6lGIv1kXmYmCMlCrr1dOJCBer41IxSygpcW8NrgCVOgSsiUykmNLVU/zyK/pmoMMH4eJ8anGTeKOKY7+Rk6HYbFkQ3jsNt2nJSfR5ztUPA/FhEUpKmumEAWbpCMJt8MwWrPpNGn5FpjQcN/rAMhxRYi1Xmk/1lJnTbHXCGslT+v6Pftim+ypB2zwYyo6uPgheDdb/13R6FqYpijXlTrQqZxsK6VHfsNwQNp/scMIp3UYeoH2+1qFJuCFB7UBKLtHt1r6/Bq350wJcZOHMdCpz0JKfTVU8Y8QmCgsoea0kL9SeiEU1e9itlMakeeDqlOPxxgL5x67Dj/gJOhkYhoVcORLY7jtKTiKPuOm+pZFjEVKwx47YsnxQ7kEOACrFlG4IdBxyXNu3m8lAM72Txf9eUHhjoahJEXgP/jZKho1YkuUJN1sZZL8zdXFo7rPBRZNm2kYLNeobpQWiGQN8+MV8/f8A8nZE4QNKWhLKn65lHyiHtPkZm3K/eeOG+qaCBKrnAi2gAIX+Ra6nEj46RxMlfq4S/2wLWdVjsIBosOE6AEwshL6olE8Jz8nYDLWEuXuCHZwoFeInBOBoF1x5k/au8KgMYB1Y1LxdrjQxUgd0++3i4tGnjQb8uuFrquzLfPKYq9XMGXWUu8mG8Zcs10Xv7Y4qs0OxYJWBOok7FePH1RoKBJOU+v6alrEBJ861F9Rg9lcGGICYpGDkjd4Wmb7lxlHZvpVH0ampMPTdHuL+PDe4eNtE83aVGgB89JJffBQ4j2v5JTA3okV+oWuW7HjEiaV6czx+Px0QlSSClYf6/5auA35fBZlEXmKU7wadsoATr59wNu+BcuBfzSTxncKz4SkuA3CJE2XPP6u2TLD2mMSmGRhsb35NJLNIaIx6c5ZieNT9CeCi61avHC/fQX7mG2gs4yru32B9GVtqCJtooRqfsFfji34BhHyPrf+RYxo2/VrvPcfmMxYMO2OHB313CFd2gnGdwsduUKMiGkeE3wJ9Y/wlOQ/TS6ljKipw430KlKOrgLMwRxStRkXl7KqGb2YTaD/o/fGmyqde1BAKuEjwvCc0jnx5nkh4dwJw9wjdUprSPVmx5D8zva6PKlRhIyWNOdbRtByaTbUU0fKtglI5rJTESpXJZIUzVTEywWxBHkuH5jtiA/b8GUAPc6ZEhTkrwS/IralfExF43Okhai/oGaAD3pl6zf4RvdRYLv0jqJlnQO2xHL8W+sy/Mf/ynKWP4dNsxwNjGviqk8as3I2HZmZOy8jO62PYk6N9RrVh302yFnPaFWoN0FbzFagm3DsSkFHwaJRXMLA7JhEtfx7RLy508xs+fKrYJxvpM70C7yu7+kpNLPO5Vekk70Vn8l5z79pcaUwTzfl6YybaFkIixI4ltC31ueGQE8VGRxyvmpEJR6ZRaiZ5godLOwHPSDJkAOVSkmzz+MjtfeX6PqZzXHmcnxPtXoYsOT8939JWF/JjnuFP57NobwsYPjQBpseNqN8JuzY6WUdSK+8WM45/yBDGiAd+45mNgmIzdCHqYqRw4xcjK0ixK44QnTeP3IfS2Rtq0V+49e+6tR+ycAML2A5BisnY++q8pAVcfWQ3w5IQ8VoGrSJbrYuYGYndS+O3JaoJ0DmPd1+h8NM2lN4GlTunnJo/oiJBaqEhtFfR7dGU2hqI7oqVFcInix88qLdXFI38s/7SP1ya4crFKAGT475r6fIAWmSZQ44UT0+r5X2VOWjrMSZyyz4RMI3GPvIpWwLpJ0TIxufn/2BXxgClkk7S1PClJ+MgVNDuxg2FryIoNX53MNz/G8f3nXstfX1mlyaXlHEFtqCO5a60Sbn5s9/yOyPVZp4qd0DHdF2RC1zQH0Q+CJ4LXHDv+aB5bdTSDzp9+yBBH99kmT/8offJmT1S6vHClOWlI0WDDEX5BGbjaA+qPsIkUyNS6dO31BRw/ydFdiauH81iT70a7NZcTe6emqE5k85xIOQRtCSs/0PxuMZ7eePlhteUpENtxrxNVahynK+XZp9RbedKWFPiCTNRJ/sRKqTqhJUrqwONK07wAl8I2fVAGZ47FF6FrCMLOOU/ZvsjQVZzQPywDFqCq0yf//t40Dal4VD5wxcf8VZcF0Ag6+hLhYrRGJbRqxOgS7BGHtZa2OGpP0CLDz8HCm8yjXaJYEC1QC92VaVanan2DMBt35DvN0wxsRkqemQNX0LH6DHeedGxRg461vJE7DpDVLYkbvZ75kkwpbNaLiVOiihXYW3mLqTktqNN6ustdIzMoXKSVI+SZ0qokTsPqozLkgYerd2YirpTqJWu6359pbNwyQ8Z7CWmQFLCf8ssp1l28bsPJvNG9ZljxGaTypYGNY3SsIx+o1HqV4tFHys4jaXgB2dckqEQs/TsYJF/Xx4CEZbjDB82AA3dRK2Qde5tC/VUtjg/91Xu0zNIvlT12QYO4E6v4joV3/fVpXelx4jEjz4nHQq9S9QKuwfaJgfK5GABL5DcOF/FvF1qh70FHe5HCO7q/kCIXP+d6SVVtmF0HdrWmKusdCWONtCAYwNd+V/HePUZuPxX3cHT+OVSL9nSNSEZDDxtgrNl8tW77bsa/x3bRyQJMX1ZluJ+vwlj/PJRRuigkxCaVsCq3BTMHemM8hwOxX9WMG4ZfahHLXKUlgRsxgUhM1W7REHojfHKHqC4LTyw534vL/0jGyOiIMUk37HpSMTpw4PjmbwH2K+JB+B/T9hDGj8sv+vT+7HzstjCsJMdL2qIe8TN1kZoXziDj6WnV2PiNebpapjToqiv+JgrCk9voonieoJrSBL0kbDS1eV49Eu4FRi/N+HGPbtOv23hRFMCUAz+71D9kcqW8bb44AKXTqXOiJ+zej0r1vNCQoLi4IGmb/7YCOthvNENCRr8XxgmDXZ0AwB2tsIDEG0BSmveydvAjTBs/wDTjQ5k+ukW2dlv/t8eNjfVe7PTUp9j5VvvuMxNqMPzWnJ3UwmMMroDBz85P2aknIetCk+MTaZSD13hjtIlRxINSbK2jTQ45SuLHLg0IxnWP3DNYbaxDoUPtxrwbINUQ0GSRioHu2miM3qH9yKZc4Y4jI2zAn3Uu6nO7M56a66U/G7sKQdOrZx6g+Iq82MKBlrnAYTKMxKhbagccCicnvS3n7QFghZE4BzIQ9J+52AvZAjNd2kEav5RcnaCDLok4mH8VydZvtKvNmySSidN1QzzRzsNU4qhpVNGzLC9RtStBkAA+iyKbTR4RdmHwZ61XaTWSEanimLf3Vnz2n+gOuRU0RFXzv/h8SvE2sPNTCcEFmC41QzlKcZeBspxoGPdbtgu1HJeKov7ZZ0JWLOLH9r7awmr66VLPEHMCM+yvoYMeUii5tAoQ/DNp5mFXLMkmz+Bqnorgu6+g0wbpxvosO1gMCFCHsloaUNS90D5xtbhG9nDyzfcfZd3BrKQWEmg42AxG4wGotkXIk56G30uYC9mBLm/WAptwVwhJ7NyEkETEXo511WrQnrc+1WbOp9Dbjm9DhTVmL8GHI83lPwUDAEa3RkDWhBwwX1VCnHlrZE/aT80TD2t1KA+bjhkETnfAVolRgOaMeY1iVnvz0pjr2Xuuklyp3VbwUuaraeCl/Sai7LjP7OfiGzj2R5XxLtepPWpSoC+YGHP8vMwgNIOqfiLkngT+e9CxkRys6fd32vWXqBNapwWNZ3TZljyz7ZTcVrNvU5jotmjieGMEAmNh+pCTYrnGk0d9ARxoIZlsABxZ501f9Z0Hpk6PBZs3fT34YlZzIYBQG0r5nmEd5I2+z/nY8wVwEcOpSQYmqSgwics/2Jjs9wqTmiQIJxNKXD7KMwEYL3VJLrldb5QhB/b+xfPJsf33Zr7CA8k4WgLQ8J3mDtAziwrs/nGNofX9VT8539ECFt2YekFoP4aOKVwmyWrkxQVcUXyy5ME6x/FMWnSZbdvIxxyObTxAi7OyNgHUsQQZCaHMbnLKv4GJuWacK8XejnBGB7+Nc3P2XY3HIAmFc3SdKRa93m8wn9yrIG70lDUo5v4uLqK+KHClYQSCyD8XJFhnXtOsKkuQMt12ed/y+7c92AIbdrCi46VsEmKRuDTL+jgrxyHmihM5ppm2YgruZcHCE2RKaFb9IX/mjmHjkaSan8hLqvs42uK6eWB7eB54AyW43kKfqqAQT5bjXwNXJ/PoqbijOZDvS66bnkVkEhbsj1tO9Ci4jL9iFIqad8wMlehe8H1hutQqyXPQH30mg4LESqQmGL3WTfFIsp1wFA+HsLwH8TqRtNR1dlRmcq05xeM0BNdwTwhSgD0HHTpmBnUKM6srnTlVAK0Z4TJ0jluQ+pMJ/HsTqNUIXzNfxSkY2Cfc8cqCFaMXyvq3c9T1bVYS1eXYME9yIFs/AFIE+Qgo5d2BDvRwu+K2nHhSreYX4OOKVCJmOdOvzjPhD/1gJ0SOG4kCMoFBZtupIev66kiu+gaZ3Ng/6bvf2X9echEN+EIspvJIWvzHxb5Y6nWUdpEAIVf/0ACuCWk8VMhfwnwbbBmzVgfcWh7oUDUP3Tf8P1RthHtUAls5qE9nxBdGF29zl8XzagdaZJZm47WC47axd+o5LCQdllxuL4TWdaJTYtShUP3OIxM4w6SlhPbWe3lPoJj6O+2AoYE4R5QFQwNuDTpYenR1zttl4wtuBMBqXz5+E3suwLI4MPXCCHgsUGbwbXFbh4BngZZQ2tg7ospwWs8jDatXcFK0/CvL9FiJV8mp16tEIZP/mhJ2KbE/0DX6Kn2wA1RQTW8bbO8NemGGL1To3FRNY4kp9QOrnvuFSYdyXZyjkjFvON1XzH9zasjm42lxLQH0qGN5fnrdPFnT3MsaC/5mQ7s1x5JZangzqUF+ZhVGMR/lP/jObwleQc4ERP5XqVv0t1RUwcKsfCVRPpe/wmfBl8sfEa+un9O0GudzRQF4BUAStZL2BMuHXf7aZaakvzBr5NECeuEkGEgVOV6uhtb+W/B0/2O9yV2pj0jkP4Y734cWmaA/dQPFHGDXmA/aSpm2c5tdvU7VuB4CuTVtSnkRlTgbFMSIQ8ulyawG7e3gsKdwco/thgZ0dUJqo5BbhH6ELeYREDihlUUfiz/hy5Zdi5ujA+Okm2L4en0daTtn3iCk5R+jU9qSaQfLSbBn2BOCjOjzwGz0tBuDplLRtppZmHUtL+9UZNsyOtq8l5/qWDXGaHfM/6HfqTmpx49HUqwPthQjbFk0Krm5BKnoGbWIX6jJnQ1lEc/cSYiTcUke5fbUZvnlE0RrmrjUT673hMLPLew1sbTTeJikxJXT66nrvpqEhesPFwcdLfl8ehj1LwdFJMIE0x27vCMl7WCNHmlumhNVGH5fK9popqcip1gqHCEC8A8Mk87hUCxTXTSKHGrAy8kKsKHL5dFhed5P6toNqYBM7reQofOCeXInAe7f6y+RvrTsz6e1yhtvznsrk41Fm+jXXEYlv7k+1mhX68zYMTYhp6Q9Vm9nbmacTi+sypCc8Hh8bio6d5gjVG6pxgNWkckehXv8b5udgzSEFgwN2kapB5AmNbBelLHQXzJfOLdopwLp+GYzn/ipguA+rU/l8GCD9SWmJAiFmvgIvs6C27AWJdB3t6qzqPSHW0HArYhdqvYneSPHUc0NpL9YzpTD9/DokTTubXQa23+NG9GLix8iZhPJ25nLSe0CxOvENBsDEINKZkm9TQ+o6CAwQK9Zw3uBAtFZa+qe/nHznGwhqK059cwz9wN94668MpyUITxY852p6H+UKqVYNQXyVYdHVn+MJN6gQhHwzGVunmPoDddQdLk0R/pDaA/+6rrz5JvznObaAI7SIoGzRQCWe7cbDtnFp/MwGuLmRXJZjY0Io85wAZ45Dcj/Ta/ZEglRSJjsEJ11bQCbUsne7QbEM/0uqrxLT+8lHjV+WKlCCkCb//aE84iHAcU2AZZ8oWQWC/LkVaJlGtQDXwa1/fEvdzDKUsogRJRFd4J+OJqm1SB3x26dippjdZQBwQy6HNcm22VSyGJBql9c/xaK3z4mJQmLS/Q9h3g3JlTpk5glWagUwucD1/n6lYSfG7Am+4gpL2PmdAWvxTlH7VbRrpzcntaDPCo1Ckc83suJ9NoviVFbmFE8JFsTClGY4dYupjw0uu1NqKqrryPspPvO4+0IbPCvwDGsdhnXUAPtQaeYcmR0wT2+kQyTCTJvtqCpsTY2AOz0kBRTx/rdeYROC8k70wrw4sErejbnwitdGAsLo1YehIi4H4fDUGftuKYfqBi1Euu2btwnndS1AwUKRSe62Cdwp2o3vSMdhsN3exvoDMsD2vfZCyK4JB+gZrzKbfKwicjB2GxxmweGU7fRPWtA8cV/JwKG/9wM3wANcUXQzDnnUsLrSybXzQ7U6YQjc26cmjfVd1tHIjLxmjqneqW8raIme2Jlg+Zpc+NVRpWr9lG9Fy7IiDlkHyUv3ID/x7tp5Y0q7qpUtZCmGm4rsfolov6G43cfGGGnjWhEleAQlCw7h/LIkmJKjXnZN1U9UYacdk7NX9NFiTgOSHZL9xfiqOOrBEMqDi7j12g6c6PDn7JqdR0zgnl5K2gx4wpLtWkZak9xcb53NKmpZQ0OtHRDE226JWMAB9LIBajXjF+tTmTCBVjKItXCIJRqnC007hgBxXZY71qdizcdzUtsfYh4y8tGnX6wYKCIio3H1N1rmRHdkR9heMQ2sDYJqBa6cNspojSqU5t6htJLpJGdgPHnFHhLDWoF5douxfXXoozl4R0O0AjROeXhXnmtYtBst1ue53xP6oYiJdiEmbLkTsOBMi7017ES3s2J1OBZqhLhB/z0RKiVxRQ7LK09XbX4HXMhLYx2jtYyw28qGDo2WvHz9mK89oq/sqQfHTJZDgCv5rZmkCb86htO3Z9z2dF+aKaCk3/HaX9OijULIMzK1Gp6bmQKgmS/u11EeVfpefSC0wB92yi5oTCrNcyt6lEKBviPDlLPE/rGcLSe89is4RyQs/4ev6M9kS1zqlRUG1so2epI7y4tNEGIr9ptf3VA6Wv/5aXVt5L7xnCjRKo4U57rzUJ+xls2R2rVKncauQ7fmJ/mFEOy6KJgB4n3YWQabpHr0rUaAey/IuqFVf4HfLFLccWYF2rWactUgYItetw3SP69IBq4oNnngVKWnlTuft9ogEzmwQcAjnOBYzXYedW72j/xVy02WSRiwL/r2ZYTiRI4+deFRV+YIjWAbQhbZZYbkttzEt02+Ni8NFUWMsbsokLkt9dyHvWGzZv3V9MrqOhgULQyhtKpy/861N9pMWIJneQLcQ9LxVWK54bc/9eY3M0bt85IEm3uAYVbG13MqbYP+/xb6ihxulVf4YkSzV/b4SIITaHoSMqhnfILUKXtBMvsKmZy5oN0GO/XAhxnoGCmhERApKM2CwlcqlfO5Zd8WMXTk2n/VKmEqxIpnFZAdpmQ4+SUucu8vrWzCwzAnQWIw4k0iqmMnBjzRYPB67U4J9dLaD+YB2YasVaKJXnC+Ure07vUrqtKgcc8z305cg52XxIbsFmWd+pSzRX1r/NbUMEZ9/hRFoCejB/itK/7OOxflYa2fq/i77Ux2gfasX5ztBNTrczT3z9bf1r4vMjBQcUNyC7eRAe8pzTvNJ6LAjXKYZoKhqwifGDbGfHa3bsr0ZlyluUOtLR3Rv4ZlVyix+BRHpBDdmDWWYlhMnxfptSCO7KSwEy+T2pyxCQJnc+CXDVtja73L/F4tuiSR1EIlfPLMOQV/LwiM53Km51q3LG27W5u3whNVgFKxURUHtWCVNFq3d8sIEGEejU732MSZjOGHC7VD6m2zMce4GdTnBEZTWA7zUuZ/W1awjpDDvdF9wTr/3GLbf1xgBSKXCah3VB3BIWe60Lui7sNhb3Zjbmf33BfRjmgJshzKW0/m4oB+G0fgVbqhMYmqm7XrTz9DvXmkhLwIfATWNLL7VL/wszPNz3MGQN1j3fDEy0r/oe5gl/9DbV/HK8J9gbU8KIVBXsQajMmP/b2GWW6BFe1KddayXAock+vqSuVbXG7dBKs+YpI8PYYRuLh/mtQjQ4E5cBzos6wWERGXjLJ+eHOANhwKqbOxzj0AHXCeTKFMuZ6SngWQEwagrmFJDntaa1OjTvyErgJlyI1fDEKB2cRwvhbBeBMnUhBC/fGpNAzqRb3P7tHUUkxVyXU7dc5Y5atsf74LheJjwkrU1kwI1MKzYggph6QEd0etSrQ5CIuUn2+tocTFvE1V+3kI0dkMNDf3+uHUpWKGvJYCrLPsmuNZgzvY6ftvL5XR5QrbGbTd3eMJzkQ7hqI/oLn4t9iWn2TZMg5od6sMEm6cuFQ0qGvkjIIlY6nFDCl4oY2dNMpAJAPG423vpIv3lwdoXw9XsF77PZASh7/eNKegVa+CghDyBnE7rAaeSJQMh+jdlfSkqIMzU4L5GxExkjjlZYH6PVJ3fDlt+mMgj/8cRjAaSQ+RGrHXyFLqWPEmunqq1Y2fdDsKO/HATg4ftzeDyhZBk1kaGFofiQ5eS86+GAtslmrS2qdP5ey1mvr1VwvgRlin2tC2ulzTP7ROIls8rip959TohPHUIreVog9Tu55rLQkTNyDLQ0xQieNnMjirCHIskLU0yN9JqC3OLldEyXY2afXmzwYlpatxXySzLKcW/Mmnx4whLL/YZ2WjgSD2w9FbaJS/FmPm1gaLLV3jJV1xp07BlaPJ3unoM8kUJSXIEY/66On+xB7MnIvVDPkykYx0IJzgU31Cka+2XIp31vZIb26damWSfqZfgV0tUEHy7ukcyzZzmJrjIj+4cyfxRVHk9/i5Pil+pUvV4nFrqlvXnDRmwRFmedXD9JLjNXi/3IkvlU76bKl8YKEC8GUj5kDaoFXArDMkUVvLO6/5Q9/1PY2dNkHmAY8HN7FIH9P2qm8Qgw3ULDkURpAohLQ7FtyBnGo0mdZUaGmODPmnY2/e7VueYWh0M8hRtnMOwVEEMvHsC53+vmMF4CQOa3z9M6GL+IqyyjxeU2CR9YpPFighqNodXKEBVv2ciCHCcDj+gvhKcARklue0T0Ui2MYplRpCQUZBoVJtcMUwRbebuzKbfv6mI1C8b4O63JdeIbctZ/Gof0um2piczJ6Ceueu1W5YxbqfiOxjZkwJKBsf5CWHc6Sytc+XclXRXKIeTyUEcEkY1eHmBnAnlNC9+ZRb6Tm4deCtnom5/IKeNCH9Cj0HqneZFTSE6h8UP03pqUHk5n4rJZnvAbY6oG6c+vpr337X30FIljIxT1AuxouczFXDp5aQYUhuHMk2HjtaFK9d2L/3yuduolJ2E5jpQzMy20/jw5yumkApN2LCnxL84OdBhMAWmEgyY22Qz+0leYZ+evjXVddCudvl5dJE2VfeEx9hidrxsKROXvnx0nfQvh1REtcLSYeMNcwzMVZpb9FwD6r/9EyV8JDaEq50NzbxNf/Y2lzwGAqFw9qXI2QvVmEIPm93yhn/KURsZNamO04yp4kBaq9vslPooa6Z8YDFq6CIvtm6YKTPR48vkjKEen7+sZwKuhqWnUmMfGcnX+0HBYzY0vpbRw+BPKqbN48q6tIaB9jh1MuoRHrN4UrwOyRedub3mQhpo4usx4Q+qbmjZgFLdRiUd87scQ==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>vP1TFcE7oZG0luOJxjqwqK6kNu7Mz9qZD8hcH0IRAe4VV3YSAOjKSrXUZjdnwendQGX719ejliyD5EQQ3BLIc17n+Tdz4GNCsAUzumC6ROLJgGPt95gj0RwBt1tVR5mJyVor4zys4jCOqRW2bf1ZKaqefapvTfo/QegQU+kYxWqzlGBCWH96L0ds0En0O6lChyktMaI9Cdjlbg9tUDIFJlxDz1ZJcK+qDCfAC+trcV7evsSP53USoMh23f2OBTYmCqw3euAhIig7X72YsJnz8FXt3k530PRyccz/mqGMHnaPOOVUcwsIbWTKCCwBmbXmOX+eiyVewxLCtobKyU8gyA==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>+5CkLxZcQTQEF9Qxu/0bOvTpu/DnAoMx/VnrZMDDpSY=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>X2gTKbpi+U++x/LxMD/h3qPh9bjsi7HfnBM3QnpAWnrV/TJVqN4FzRlvRcgfSOerrwjlkFOvOim8kpgOgZHYP1GJIYRsiAHD0ru5nvLof/U=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>y4aMmFohbrPCmqsYhixsEPd4HefhppOjW7cQIUh5rNY=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>+5CkLxZcQTQEF9Qxu/0bOoNmT3840XiJqiKp0X6TJro=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>QWpJHhE2the4onsMwSGZ6EDj5e5LAeC8E7lTzFw8oDbQNuGXRkatqFqc5EVrg4JICmeiAgHGwuntGOVNRi0nX/KSvY1VNopckpBsmB8i5+Q=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>p1Aw5kejWG2F9ZxE0n4D9i0lK4nuhRnKCax5PJb/1Ec=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>p1Aw5kejWG2F9ZxE0n4D9pBxtUEGljQZt5gLnMDPE64=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>z7fR+S9IAE18Pweq8jq3Rw==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>z7fR+S9IAE18Pweq8jq3Rw==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>WVlJEi2+SQ9oW9c4LdmCzQi+3rVWVLxR3Hb5HP0Pp/wNSRAlPyZCGuTKuk1qaccDeFpTaQwnAWtBKu8ICzA1Dg==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>a4hCTk9O+VOz2+lzj5Tt8ggeVTcM3Wfy2vRz0AvZmzBqzTDQfI9uAXj3tGmfQtfqu/DrkVuyfRTV89RPj17BxQ==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>N+pKTi8KZvSzujSWOWH0diabwIHYSfPEtwbAxZFD1yE=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>N+pKTi8KZvSzujSWOWH0diabwIHYSfPEtwbAxZFD1yE=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>/zjzLAO3PJwf2aoN/Ptnz8PbuZFYCmK4uJo/MdotTEgBpgdyy/Jtij2yKw5Fp8e2</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>/zjzLAO3PJwf2aoN/Ptnz8PbuZFYCmK4uJo/MdotTEgBpgdyy/Jtij2yKw5Fp8e2</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)

00010002(0x80072EE7, 17:42:34:728 - <NULL>)

00010003(0x80072EE7, 17:42:34:728)

 

Error: (03/22/2015 05:30:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

 

 

==================== Memory info =========================== 

 

Processor: AMD E2-1800 APU with Radeon™ HD Graphics

Percentage of memory in use: 43%

Total physical RAM: 3682.26 MB

Available physical RAM: 2064.36 MB

Total Pagefile: 7138.26 MB

Available Pagefile: 5397.98 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:442.88 GB) (Free:417.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: C2C9F703)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by BrittanyD (administrator) on BRITTANY on 23-03-2015 18:55:33

Running from C:\Users\BrittanyD\Desktop

Loaded Profiles: BrittanyD (Available profiles: BrittanyD)

Platform: Windows 8 (X64) OS Language: English (United States)

Internet Explorer Version 10 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2012-07-25] (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net/

HKU\S-1-5-21-1604515157-265859657-2736240245-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

 

FireFox:

========

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]

CHR Extension: (Google Docs) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]

CHR Extension: (Google Drive) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]

CHR Extension: (YouTube) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]

CHR Extension: (Google Search) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]

CHR Extension: (Google Sheets) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]

CHR Extension: (Google Wallet) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]

CHR Extension: (Gmail) - C:\Users\BrittanyD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-22] (Electronic Arts)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-23 18:55 - 2015-03-23 18:56 - 00008811 _____ () C:\Users\BrittanyD\Desktop\FRST.txt

2015-03-23 18:55 - 2015-03-23 18:55 - 00000000 ____D () C:\FRST

2015-03-23 18:51 - 2015-03-23 18:51 - 56722116 _____ () C:\Users\BrittanyD\Downloads\Unconfirmed 406921.crdownload

2015-03-23 18:50 - 2015-03-23 18:54 - 00000000 ____D () C:\Users\BrittanyD\Documents\Youcam

2015-03-23 18:50 - 2015-03-23 18:50 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\CyberLink

2015-03-23 18:50 - 2015-03-23 18:50 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\CyberLink

2015-03-23 18:49 - 2015-03-23 18:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-23 18:49 - 2015-03-23 18:49 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-23 18:49 - 2015-03-23 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-23 18:48 - 2015-03-23 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-23 18:48 - 2015-03-23 18:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-23 18:48 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-23 18:48 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-23 18:48 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-23 18:46 - 2015-03-23 18:47 - 07490544 _____ () C:\Users\BrittanyD\Downloads\MSH_LEAS.themepack

2015-03-23 18:32 - 2015-03-23 18:33 - 02095616 _____ (Farbar) C:\Users\BrittanyD\Desktop\FRST64.exe

2015-03-23 18:30 - 2015-03-23 18:36 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\BrittanyD\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-22 20:46 - 2015-03-22 20:46 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\hpqlog

2015-03-22 20:46 - 2015-03-22 20:46 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Hewlett-Packard

2015-03-22 19:18 - 2015-03-22 19:22 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2015-03-22 18:35 - 2015-03-22 19:18 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Origin

2015-03-22 18:35 - 2015-03-22 19:18 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Origin

2015-03-22 18:31 - 2014-05-14 18:02 - 00059424 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-03-22 18:31 - 2014-05-14 15:43 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-03-22 18:31 - 2014-05-14 15:43 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-03-22 18:31 - 2014-05-14 15:43 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2015-03-22 18:31 - 2014-05-14 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2015-03-22 18:31 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-03-22 18:31 - 2012-11-05 21:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

2015-03-22 18:31 - 2012-11-05 21:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll

2015-03-22 18:25 - 2015-03-22 20:47 - 00000000 ____D () C:\ProgramData\Origin

2015-03-22 18:25 - 2015-03-22 18:35 - 00000000 ____D () C:\Program Files (x86)\Origin

2015-03-22 18:25 - 2015-03-22 18:25 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk

2015-03-22 18:25 - 2015-03-22 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2015-03-22 18:25 - 2015-03-22 18:25 - 00000000 ____D () C:\ProgramData\Electronic Arts

2015-03-22 18:17 - 2015-03-22 18:17 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-03-22 18:17 - 2015-03-22 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-03-22 18:12 - 2015-03-23 18:27 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-22 18:12 - 2015-03-23 18:17 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-22 18:12 - 2015-03-22 18:17 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Google

2015-03-22 18:12 - 2015-03-22 18:16 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-22 18:12 - 2015-03-22 18:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-03-22 18:12 - 2015-03-22 18:12 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-03-22 18:11 - 2015-03-22 20:46 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Hewlett-Packard

2015-03-22 18:11 - 2015-03-22 18:12 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Deployment

2015-03-22 18:11 - 2015-03-22 18:11 - 00004032 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder

2015-03-22 18:11 - 2015-03-22 18:11 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Apps\2.0

2015-03-22 18:07 - 2015-03-22 18:07 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Macromedia

2015-03-22 17:47 - 2015-03-22 18:30 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1604515157-265859657-2736240245-1002

2015-03-22 17:32 - 2015-03-22 17:32 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\ATI

2015-03-22 17:32 - 2015-03-22 17:32 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\ATI

2015-03-22 17:32 - 2015-03-22 17:32 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\AMD

2015-03-22 17:31 - 2015-03-22 17:31 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-03-22 17:30 - 2015-03-22 17:30 - 00001430 _____ () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Synaptics

2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Adobe

2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Power2Go8

2015-03-22 17:29 - 2015-03-23 18:43 - 01942283 _____ () C:\Windows\WindowsUpdate.log

2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\Packages

2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\BrittanyD

2015-03-22 17:29 - 2015-03-22 17:29 - 00000020 ___SH () C:\Users\BrittanyD\ntuser.ini

2015-03-22 17:29 - 2015-03-22 17:29 - 00000000 ____D () C:\Users\BrittanyD\AppData\Local\VirtualStore

2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-03-22 17:29 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\BrittanyD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-03-22 17:20 - 2012-07-25 13:15 - 00031497 _____ () C:\Windows\Core.xml

2015-03-22 17:07 - 2015-03-22 17:07 - 00000000 ____D () C:\ProgramData\ATI

2015-03-22 16:56 - 2015-03-23 18:50 - 00000000 ____D () C:\ProgramData\CyberLink

2015-03-22 16:53 - 2015-03-22 16:53 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll

2015-03-22 16:53 - 2015-03-22 16:53 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll

2015-03-22 16:53 - 2015-03-22 16:53 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll

2015-03-22 16:53 - 2015-03-22 16:53 - 00000000 __RSH () C:\Windows\SysWOW64\Drivers\103C_HP_cNB_2000 Notebook PC_Y5335KV_0U_Q5CG3041KL7_E707939-001_4A_I188B_SHP_V69.14_BF.22_T121025_W8101-0_L409_M3683_J500_7AMD_8F20_91.70_#150322_N10EC8136;168C0032_(D1E81UA#ABA)_XMOBILE_CN10_Z.MRK

2015-03-22 16:53 - 2015-03-22 16:53 - 00000000 __RSH () C:\Windows\system32\Drivers\103C_HP_cNB_2000 Notebook PC_Y5335KV_0U_Q5CG3041KL7_E707939-001_4A_I188B_SHP_V69.14_BF.22_T121025_W8101-0_L409_M3683_J500_7AMD_8F20_91.70_#150322_N10EC8136;168C0032_(D1E81UA#ABA)_XMOBILE_CN10_Z.MRK

2015-03-22 16:53 - 2015-03-22 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2015-03-22 16:52 - 2015-03-22 16:52 - 00003160 _____ () C:\Windows\System32\Tasks\CLMLSvc_P2G8

2015-03-22 16:52 - 2012-06-25 10:24 - 00092536 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualDrive.sys

2015-03-22 16:51 - 2015-03-22 16:51 - 00003148 _____ () C:\Windows\System32\Tasks\MirageAgent

2015-03-22 16:51 - 2015-03-22 16:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat

2015-03-22 16:51 - 2015-03-22 16:51 - 00000000 ____D () C:\Users\Public\Documents\YouCam

2015-03-22 16:44 - 2015-03-22 16:53 - 00000000 ____D () C:\Program Files (x86)\CyberLink

2015-03-22 16:43 - 2015-03-22 16:54 - 00000000 ____D () C:\ProgramData\Temp

2015-03-22 16:43 - 2015-03-22 16:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2015-03-22 16:43 - 2015-03-22 16:51 - 00000000 ____D () C:\ProgramData\install_clap

2015-03-22 16:41 - 2015-03-22 16:41 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard

2015-03-22 16:40 - 2015-03-22 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2015-03-22 16:38 - 2015-03-22 16:38 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2015-03-22 16:37 - 2015-03-22 16:37 - 00000058 _____ () C:\Windows\system32\ndCPrepLog

2015-03-22 16:37 - 2015-03-22 16:37 - 00000000 ____D () C:\ProgramData\Synaptics

2015-03-22 16:36 - 2015-03-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\sda

2015-03-22 16:36 - 2012-08-08 20:17 - 09888912 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsP2StorIcon.dll

2015-03-22 16:36 - 2012-08-08 20:17 - 00273040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys

2015-03-22 16:35 - 2015-03-22 16:35 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements

2015-03-22 16:35 - 2015-03-22 16:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf

2015-03-22 16:35 - 2012-06-12 22:41 - 00683664 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys

2015-03-22 16:35 - 2012-06-12 22:41 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll

2015-03-22 16:34 - 2015-03-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Realtek

2015-03-22 16:34 - 2015-03-22 16:35 - 00006972 _____ () C:\Windows\DPINST.LOG

2015-03-22 16:34 - 2015-03-22 16:35 - 00001352 _____ () C:\Windows\Synaptics.log

2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ___HD () C:\Program Files (x86)\Temp

2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM

2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ____D () C:\Program Files\Synaptics

2015-03-22 16:34 - 2015-03-22 16:34 - 00000000 ____D () C:\Program Files\Realtek

2015-03-22 16:34 - 2012-06-19 17:54 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys

2015-03-22 16:34 - 2012-06-19 14:31 - 00293889 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT

2015-03-22 16:34 - 2012-06-08 17:18 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll

2015-03-22 16:34 - 2012-06-06 11:44 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll

2015-03-22 16:34 - 2012-06-01 10:37 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll

2015-03-22 16:34 - 2012-05-31 19:08 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

2015-03-22 16:34 - 2012-05-25 19:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll

2015-03-22 16:34 - 2012-05-10 16:22 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll

2015-03-22 16:34 - 2012-03-08 12:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll

2015-03-22 16:34 - 2012-03-08 12:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll

2015-03-22 16:34 - 2012-03-07 13:23 - 00000008 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat

2015-03-22 16:34 - 2012-01-28 11:19 - 00000712 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat

2015-03-22 16:34 - 2011-12-20 16:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll

2015-03-22 16:34 - 2011-12-13 17:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl

2015-03-22 16:34 - 2011-11-22 17:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll

2015-03-22 16:34 - 2010-11-08 08:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll

2015-03-22 16:34 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll

2015-03-22 16:34 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll

2015-03-22 16:34 - 2010-11-08 08:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll

2015-03-22 16:34 - 2010-11-08 08:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll

2015-03-22 16:34 - 2010-11-08 08:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll

2015-03-22 16:34 - 2010-11-03 19:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll

2015-03-22 16:34 - 2009-11-24 10:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll

2015-03-22 16:34 - 2009-11-24 10:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll

2015-03-22 16:32 - 2015-03-22 16:59 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard

2015-03-22 16:32 - 2015-03-22 16:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-03-22 16:32 - 2015-03-22 16:33 - 00000000 ____D () C:\Windows\Hewlett-Packard

2015-03-22 16:32 - 2015-03-22 16:32 - 00000000 ____D () C:\Windows\Options

2015-03-22 16:32 - 2015-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros

2015-03-22 16:32 - 2012-09-28 20:59 - 03666944 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw8x.sys

2015-03-22 16:31 - 2015-03-22 16:59 - 00000000 ____D () C:\ProgramData\Hewlett-Packard

2015-03-22 16:31 - 2015-03-22 16:32 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros

2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\ProgramData\Apple

2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\Program Files\Bonjour

2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\Program Files\AMD Quick Stream

2015-03-22 16:31 - 2015-03-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2015-03-22 16:31 - 2012-08-08 11:22 - 00355840 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll

2015-03-22 16:31 - 2012-08-08 11:21 - 00377344 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll

2015-03-22 16:31 - 2012-08-08 11:18 - 00170496 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll

2015-03-22 16:31 - 2012-06-23 06:23 - 00199008 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys

2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\ProgramData\AMD

2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies

2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files\ATI Technologies

2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files (x86)\AMD APP

2015-03-22 16:30 - 2015-03-22 16:30 - 00000000 _____ () C:\Windows\ativpsrm.bin

2015-03-22 16:30 - 2012-06-19 07:07 - 00057000 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys

2015-03-22 16:29 - 2015-03-22 16:30 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2015-03-22 16:29 - 2015-03-22 16:29 - 00000000 ____D () C:\Program Files\ATI

2015-03-22 16:26 - 2015-03-22 16:26 - 00000000 __SHD () C:\Recovery

2015-03-22 16:22 - 2015-03-22 16:22 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-23 18:51 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp

2015-03-23 18:41 - 2012-08-03 16:21 - 00000000 ____D () C:\Windows\Panther

2015-03-23 18:33 - 2012-07-26 00:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-23 18:25 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-23 18:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru

2015-03-22 18:44 - 2012-08-03 15:23 - 00003218 _____ () C:\Windows\PFRO.log

2015-03-22 18:30 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\restore

2015-03-22 18:12 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup

2015-03-22 17:30 - 2012-08-03 17:02 - 00000000 ___HD () C:\SYSTEM.SAV

2015-03-22 17:29 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2015-03-22 17:29 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore

2015-03-22 17:21 - 2012-10-19 19:35 - 00000012 _____ () C:\Windows\CSUP.txt

2015-03-22 17:21 - 2012-07-26 01:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

2015-03-22 17:21 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache

2015-03-22 17:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Recovery

2015-03-22 17:18 - 2012-08-03 15:40 - 00009068 _____ () C:\Windows\iis.log

2015-03-22 17:18 - 2012-07-26 01:13 - 00003608 _____ () C:\Windows\DtcInstall.log

2015-03-22 17:18 - 2012-07-26 00:21 - 00024539 _____ () C:\Windows\setupact.log

2015-03-22 17:11 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep

2015-03-22 16:43 - 2012-10-19 19:23 - 00000000 ___HD () C:\HP

2015-03-22 16:29 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2015-03-22 16:25 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2012-08-03 15:23

 

==================== End Of Log ============================

 

 

 

 

[Satchfan]

There is no evidence of malware in the logs but there seems to be a Windows/Office activation problem.

 

I'd like you to find the Malwarebytes log for me to see if anything was found. It can be found here:

 

C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Can you also tell me what problems you have since the System Restore.

 

Satchfan.

[pepsiprincess]

I don't have that path. I went to c and under username there is no appdata, I also looked for log file in the malware bytes folder

[Satchfan]

Apologies; Open Malwarebytes, click on History > Application Logs. Open the last scan by double-clicking on it. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select "Copy to clipboard"; that copies the full log to the windows clipboard, so in your reply, right click in the text field and select "Paste", (or press Ctrl+V).