Hello,
I am posting for my dad. His computer, I think, may have some malware or other material on it to aid in phishing scams. Not long ago, he received a popup saying that Microsoft had found some sort of malware on his computer and gave him a phone number to call to receive help. He called and the user asked for remote access tot he computer. it was granted and he was able to dig around the computer some with my dad watching what he was doing. He then asked for money to get alleged malware problems on the computer cleaned up. That is where my dad decided to draw the line and hung up. since then, we have run Kaspersky system scanner,( which is the installed resident antimalware) as well as MBAM and I think we ran Super AntiSpyware a time or two. I seem to recall MBAM finding and removing 2 objects. I don't think Kaspersky or SAS found anything. This was several months ago. Today he mentioned that the computer was still getting some sort of pop up saying the drivers were out of date and the popup was requesting money to install new ones. looking at the task manager, I see several entries that I don't know what they are and makes me cautious (multiple entries for Driver Support and Driver support auto optimization, persistent module, runtime broker). I should say, though, that this is windows 8 and I have zero experience with it so those may be legit entries that I simply have not yet experienced. Computer seems to run fine - at least to me it does. Dad didn't mention it running slow or doing anything out of the ordinary other than the driver support pop ups. Not sure where else to go for this or how to be more specific. Sorry for the lack of details. Any help you are able to give is very much appreciated.
Snapshots of the Drivers Support popup and the task manager attached - I hope these help at least some. Logs Below:
FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by prousse1 (administrator) on OFFICE (22-10-2015 16:19:45)
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Loaded Profiles: prousse1 (Available Profiles: prousse1)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAO.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\windows\System32\igfxsrvc.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\windows\System32\msiexec.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{056A3013-37EA-4738-8662-ABF97CF31089}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{2F142258-8AF3-4A94-B1A6-164127904D34}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-164966225-1669113357-709659781-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {029330C7-E8BB-45C0-B626-ED9AABFBC6CB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {029330C7-E8BB-45C0-B626-ED9AABFBC6CB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-02] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 DSAO; C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2014-05-27] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-10-11] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2014-05-27] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-22 16:19 - 2015-10-22 16:19 - 00000000 ____D C:\FRST
2015-10-22 16:18 - 2015-10-22 16:19 - 00000000 ____D C:\Users\prousse1\Desktop\AntiMalware Folder
2015-10-15 06:42 - 2015-09-18 10:09 - 00032432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-15 06:42 - 2015-09-18 08:30 - 01290752 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00699904 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-15 06:42 - 2015-09-18 08:10 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-14 07:03 - 2015-10-01 18:55 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2015-10-14 07:03 - 2015-10-01 18:55 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-10-14 07:03 - 2015-09-28 22:33 - 06971224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-10-14 07:03 - 2015-09-28 21:02 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2015-10-14 07:03 - 2015-09-28 21:02 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-10-14 07:03 - 2015-09-28 21:01 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-10-14 07:03 - 2015-09-22 12:53 - 01405408 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-14 07:03 - 2015-09-22 12:53 - 01273184 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-10-14 07:03 - 2015-09-18 08:32 - 14290944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 13775360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 02866176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00715264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00525824 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 15416320 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 03960832 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00857600 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-14 07:02 - 2015-08-01 09:50 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-14 07:02 - 2015-08-01 08:56 - 19778048 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-05 14:16 - 2015-10-22 15:59 - 00003452 _____ C:\windows\System32\Tasks\Driver Support
2015-10-05 14:16 - 2015-10-14 14:16 - 00003756 _____ C:\windows\System32\Tasks\Driver Support-RTMScan
2015-10-05 14:16 - 2015-10-06 07:00 - 00000000 ____D C:\ProgramData\UAB
2015-10-05 14:16 - 2015-10-05 14:16 - 00003748 _____ C:\windows\System32\Tasks\Driver Support-RTMUpdater
2015-10-05 14:16 - 2015-10-05 14:16 - 00003738 _____ C:\windows\System32\Tasks\Driver Support-RTMRules
2015-10-05 14:16 - 2015-10-05 14:16 - 00003446 _____ C:\windows\System32\Tasks\Driver Support-RTMScanRunOnce
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Users\prousse1\Downloads\Driver Support
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Users\prousse1\AppData\Local\PC_Drivers_Headquarters
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\ProgramData\Driver Support
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Program Files (x86)\Veloxum
2015-10-05 14:15 - 2015-10-05 14:15 - 00000000 ____D C:\Users\prousse1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2015-10-05 14:15 - 2015-10-05 14:15 - 00000000 ____D C:\Program Files (x86)\Driver Support
2015-09-23 13:48 - 2015-09-12 08:29 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-09-23 13:48 - 2015-09-12 08:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\appserverai.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\RDWebAI.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\VmHostAI.dll
2015-09-23 07:27 - 2015-10-16 01:35 - 00809944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 07:27 - 2015-10-16 01:35 - 00176096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 06:58 - 2015-10-21 06:54 - 00003348 _____ C:\windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2015-09-22 06:58 - 2015-09-22 06:58 - 00000000 ____D C:\Program Files\Common Files\AV
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-22 16:16 - 2013-08-25 14:24 - 01942591 _____ C:\windows\WindowsUpdate.log
2015-10-22 16:05 - 2015-05-18 02:08 - 00003178 _____ C:\windows\System32\Tasks\HPCeeScheduleForprousse1
2015-10-22 16:05 - 2015-05-18 02:08 - 00000358 _____ C:\windows\Tasks\HPCeeScheduleForprousse1.job
2015-10-22 16:05 - 2013-08-25 14:24 - 00000000 ____D C:\Users\prousse1
2015-10-22 16:03 - 2013-08-25 14:31 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-164966225-1669113357-709659781-1001
2015-10-22 16:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2015-10-22 07:24 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-10-20 13:12 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-20 06:48 - 2012-07-26 00:26 - 00524288 ___SH C:\windows\system32\config\BBI
2015-10-20 06:47 - 2014-12-12 17:17 - 00000000 ____D C:\windows\system32\appraiser
2015-10-20 06:47 - 2014-07-11 07:38 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-20 06:46 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2015-10-20 06:46 - 2012-07-26 02:59 - 00000000 ____D C:\windows\CbsTemp
2015-10-18 11:21 - 2013-09-02 21:24 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-10-18 11:21 - 2013-09-02 21:24 - 00000000 ____D C:\windows\system32\MRT
2015-10-13 06:50 - 2013-08-28 14:52 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-10-04 03:07 - 2013-09-02 22:26 - 01588736 ___SH C:\Users\prousse1\Desktop\Thumbs.db
2015-09-27 22:12 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2015-09-27 15:49 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-23 07:26 - 2015-07-25 06:55 - 00291856 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-22 14:23 - 2012-07-26 03:12 - 00000000 ____D C:\windows\PolicyDefinitions
Some files in TEMP:
====================
C:\Users\prousse1\AppData\Local\Temp\DriverSupport.exe
C:\Users\prousse1\AppData\Local\Temp\Extract.exe
C:\Users\prousse1\AppData\Local\Temp\SP64076.exe
C:\Users\prousse1\AppData\Local\Temp\SP64077.exe
C:\Users\suzie\AppData\Local\Temp\COMAP.EXE
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-15 13:29
==================== End of FRST.txt ============================
ADDITION.TXT
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by prousse1 (2015-10-22 16:20:17)
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Windows 8 (X64) (2013-08-25 19:24:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-164966225-1669113357-709659781-500 - Administrator - Disabled)
Guest (S-1-5-21-164966225-1669113357-709659781-501 - Limited - Disabled)
prousse1 (S-1-5-21-164966225-1669113357-709659781-1001 - Administrator - Enabled) => C:\Users\prousse1
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6104 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.2.41 - PC Drivers HeadQuarters LP)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
25-09-2015 14:05:17 Windows Update
29-09-2015 14:13:05 Windows Update
11-10-2015 17:25:15 Scheduled Checkpoint
15-10-2015 13:27:55 Windows Update
20-10-2015 06:45:46 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B437CF9-A2C1-4379-AD98-7EFA61115261} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {0C082B69-6337-42F2-8CD3-0EEE0CDCA65F} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {0F3A4FA2-6AC5-41BE-AFC8-0F0F31BBA469} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-12-26] (CyberLink)
Task: {151750E4-EFDA-429D-8ADD-D89159282EA6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {1A0F2D51-7FB4-431B-9376-C1F6E16147D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {1B74CC67-D81E-4EF9-A143-043D8F244735} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {318635D8-9565-42CE-BA4F-C459D32E16E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {32CC8EAB-864F-4622-8AC9-7DF614313024} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {4911F2C1-AD52-464F-9D39-BDCF9F7DD48A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-09-22] (Hewlett-Packard)
Task: {4A192DE5-BBE0-4722-8EC8-A1FAA6FFBDC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {4A85E893-12D3-4D6F-A2D2-56CA77AB9689} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Smart Security 7.0\upgrade.exe [2015-09-22] (ESET)
Task: {5DF170D8-BF79-4926-BB21-F4CE7520484D} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {8AA02246-875C-4AAF-8143-57032CAF1037} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {99EB8F53-71E7-483C-8E0F-62D70FD70562} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-10-18] (Microsoft Corporation)
Task: {A1E0AAA4-1F9D-4D64-95A4-E4C31763ADD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {A7BF8588-6C1C-4450-AC28-0E79F912DC77} - System32\Tasks\{D1021CB3-EE11-4AE0-B98F-3D1A5CC55B99} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {A92429EC-58C4-4EA6-B1A9-40FC4DA756BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {A96EC7B8-63CA-4545-8D63-1B9AA8BC28C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {AC6CD059-C7B6-42D2-94A3-C5B757398702} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B0A31F86-8423-49D0-9D63-15E30EF44546} - System32\Tasks\HPCeeScheduleForprousse1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E86F4A8B-84BF-45A4-A530-1EFA526BE608} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {ECA57CA7-4342-4426-96C8-CBF768734FC4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {FC398EBC-F62F-4848-A71D-BF4FCE026F3B} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {FCB92A9D-9ACA-4E7D-8ABB-F6195E70FF70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {FCDA68E4-4A88-4C97-B947-0B742227D110} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-11-04] (Hewlett-Packard Company)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\HPCeeScheduleForprousse1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-15 14:03 - 2015-09-15 14:03 - 00354592 _____ () C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll
2015-09-15 14:03 - 2015-09-15 14:03 - 00485664 _____ () C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll
2015-09-15 14:04 - 2015-09-15 14:04 - 00071968 _____ () C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll
2013-08-25 18:21 - 2013-08-25 18:22 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-12-12 19:38 - 2012-12-12 19:38 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2013-05-08 14:19 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-05-08 14:25 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1001movie.com -> 1001movie.com
There are 6091 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-164966225-1669113357-709659781-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\prousse1\Desktop\pierre stuff\10584107_10155005895272355_8692696953447890524_n[1].jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B7E37271-E6BF-4639-9595-1DF4B6556415}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{A81B0C0C-3092-4DD6-A04E-7A99AC3D70A5}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C72A30CF-2536-4BFC-8C6B-4760781AFE90}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{253C4D2F-E0D6-4A3A-ABF3-A4902E0A4C09}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B3F1C1BA-2DEB-49EF-BA55-48F5EAEE925A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{80B715E4-0634-4599-ACF8-A8236904D58C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6BDA950A-8FF7-4E84-9429-6516B92EFBA7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1CDAE4A-CCA5-41ED-B4B8-3F2F42C08171}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8B1727BD-A433-493D-A82B-23879951694E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D306B94B-1A97-4918-B1AC-42502701859B}] => (Allow) LPort=2869
FirewallRules: [{63698FD2-11B3-419B-9879-A9034CDC3113}] => (Allow) LPort=1900
FirewallRules: [{E3C540C9-F956-494B-85C6-53249CC8BB91}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{19F11F2C-9D93-488B-A41C-01A27EEC27B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09A0F0D8-3F24-42F0-AFE0-A317B432EECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82AC3A52-1B05-49D5-B7C2-8C119E4EF9BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5296DB6-6CD1-4954-B632-35444433E026}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68FADEFA-1DA8-4B88-8358-E7F32991EA71}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/18/2015 11:24:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.29.11901.0, time stamp: 0x560ed3ae
Faulting module name: webio.dll, version: 6.2.9200.16420, time stamp: 0x505a992d
Exception code: 0xc0000409
Fault offset: 0x000000000003e8e5
Faulting process id: 0x19c8
Faulting application start time: 0xMRT.exe0
Faulting application path: MRT.exe1
Faulting module path: MRT.exe2
Report Id: MRT.exe3
Faulting package full name: MRT.exe4
Faulting package-relative application ID: MRT.exe5
Error: (10/15/2015 01:28:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (10/15/2015 01:22:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x94c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/13/2015 01:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x18a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app SymantecCorporation.NortonStudio_v68kp9n051hdp!App failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/10/2015 08:48:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (10/08/2015 06:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0xd4c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
System errors:
=============
Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (10/20/2015 01:18:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Assistant Service service hung on starting.
Error: (10/17/2015 11:32:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (10/17/2015 11:24:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (10/17/2015 11:21:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (10/17/2015 11:16:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (10/15/2015 01:28:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (10/15/2015 01:27:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (10/15/2015 06:48:12 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
==================== Memory info ===========================
Processor: Intel® Core i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 6014.86 MB
Available physical RAM: 4055.55 MB
Total Virtual: 6974.86 MB
Available Virtual: 4942.91 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:911.12 GB) (Free:809.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.47 GB) (Free:2.31 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 096B4054)
Partition: GPT.
==================== End of Addition.txt ============================
One final note, I will be physically at the computer today through Monday morning. After Monday morning, I will need to go back home so I can resume work on Tuesday morning. If this extends beyond Monday morning, how could I setup remote support to continue working on this while not physically at the computer?