Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/adware problem browserFox.n as well as others

ADware Malware virus

  • Please log in to reply

#1
mickelle

mickelle

    Member

  • Member
  • PipPip
  • 29 posts

Good afternoon:

 

I have an issue with my computer. Been awhile since ive been on here always learn something new. Anyways, even using the 'admin' password access ( since I am only a user guest) I cannot remove anything of the 'uninstall programs' function. I decided to be a smarty pants and ran First64.exe...The Log files wont paste into the commet box. :( so I had to attach them I hope that's ok :( thanks for your help.

 

 

 

-Mickelle

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
Ran by Michael (ATTENTION: The user is not administrator) on ROSSHOME (20-11-2015 12:47:13)
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Craig & Michael)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> OmniServ.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> RtkAudioService64.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> svchost.exe
Failed to access process -> dasHost.exe
Failed to access process -> mfemms.exe
Failed to access process -> mfevtps.exe
Failed to access process -> mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
Failed to access process -> mfefire.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> McAPExe.exe
Failed to access process -> mfefire.exe
Failed to access process -> tunmgr.exe
Failed to access process -> ggFqhIAFEv.exe
Failed to access process -> McSvHost.exe
Failed to access process -> imcneaou.exe
Failed to access process -> svchost.exe
Failed to access process -> BbDevMgr.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> GamesAppIntegrationService.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> McCSPServiceHost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> atieclxx.exe
Failed to access process -> RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Pokki) C:\Users\Michael\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
Failed to access process -> opvapp.exe
() C:\ProgramData\Uceecreifh\1.0.6.1\imcneaou.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Pokki) C:\Users\Michael\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Michael\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> taskeng.exe
Failed to access process -> svchost.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> TiWorker.exe
Failed to access process -> SearchFilterHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2014-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-01-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-500842100-1455412229-3231742528-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-500842100-1455412229-3231742528-1004\...\Run: [uTorrent] => "C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{E3BB223A-1E90-4941-8FC8-BC5AA972D9C8}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKU\S-1-5-21-500842100-1455412229-3231742528-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-500842100-1455412229-3231742528-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBaVAtJFAASbQAIBVxcFQYQIhQAA19BDFEbJgtZVAkVQ1MaJB9aFQQTSEcFME0FCFwEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_dnldwz_15_44_ssg01&cd=2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyD0FyEzztBtC0FyDzztC0EtN0D0Tzu0StCtAzyyCtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1RtN1L1G1B1V1N2Y1L1Qzu2StAtDyCtAtCtAtC0FtGtDtB0AtAtGyBzyzz0FtGtBzz0A0BtG0A0ByE0CtD0EtCtC0C0AyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FtDzztBtAtDyDtGtC0F0C0CtGyEyC0D0BtG0ByEtA0CtGyEtB0C0F0BtC0E0EyC0AtBtC2QtN0A0LzuyE&cr=1959423171&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBaVAtJFAASbQAIBVxcFQYQIhQAA19BDFEbJgtZVAkVQ1MaJB9aFQQTSEcFME0FCFwEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms}
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_dnldwz_15_44_ssg01&cd=2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyD0FyEzztBtC0FyDzztC0EtN0D0Tzu0StCtAzyyCtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0BzytDyBtB0DtAtGtBzztBzytG0DtC0FzztGtC0C0E0EtGyC0A0FyBtCtAzz0B0ByE0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FtDzztBtAtDyDtGtC0F0C0CtGyEyC0D0BtG0ByEtA0CtGyEtB0C0F0BtC0E0EyC0AtBtC2QtN0A0LzuyE&cr=286164353&ir=
SearchScopes: HKLM -> {7287C672-658A-491E-BD09-D57B5F10F99D} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {7287C672-658A-491E-BD09-D57B5F10F99D} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-500842100-1455412229-3231742528-1004 -> {7287C672-658A-491E-BD09-D57B5F10F99D} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-16] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\okeebkyq.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-23] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-06-24] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Strict Pop-up Blocker - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\okeebkyq.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-08-21]
FF Extension: Get The Results Hub - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\okeebkyq.default\Extensions\{731e4a08-bc27-4146-839c-55549d5157e3}.xpi [2015-11-17] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-06] [not signed]
 
Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggaIgwKWQxEEBgacF1dTA1CElcOeFteURQVGVMRIQwIBVsXGFEFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-18]
CHR Extension: (Get The Results Hub) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccpingipgegebhloehfeipccnpnbjkbh [2015-11-18] [UpdateUrl: hxxp://cdn.getresultshub.com/update] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 ggFqhIAFEv; C:\ProgramData\HucVmIYocv\ggFqhIAFEv.exe [2999208 2015-11-18] (Great Apps)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
R2 lmhosts; C:\windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
R2 NlaSvc; C:\windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
R2 nsi; C:\windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [File not signed]
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-11] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 w3logsvc; C:\windows\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-02-25] (Advanced Micro Devices)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [24576 2014-04-15] (BlackBerry)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
S3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] ()
S3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] ()
S3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-20 12:47 - 2015-11-20 12:47 - 00021272 _____ C:\Users\Michael\Desktop\FRST.txt
2015-11-20 12:46 - 2015-11-20 12:47 - 00000000 ____D C:\FRST
2015-11-20 12:43 - 2015-11-20 12:43 - 02020352 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-11-20 12:37 - 2015-11-20 12:37 - 00000000 ____D C:\Users\Michael\AppData\Local\CrimeWatch
2015-11-20 12:35 - 2015-11-20 12:39 - 00002290 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-11-20 00:55 - 2015-11-20 00:55 - 01732096 _____ C:\Users\Michael\Desktop\AdwCleaner.exe
2015-11-19 21:38 - 2015-11-20 01:30 - 00000000 ____D C:\AdwCleaner
2015-11-19 21:05 - 2015-11-19 21:05 - 00000000 _____ C:\autoexec.bat
2015-11-19 20:22 - 2015-11-20 01:46 - 00000000 ____D C:\ProgramData\Radio
2015-11-18 17:42 - 2015-11-18 17:42 - 00000000 ____D C:\ProgramData\Uceecreifh
2015-11-18 17:38 - 2015-11-19 16:28 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-18 17:38 - 2015-11-18 17:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
2015-11-18 17:37 - 2015-11-18 17:37 - 00000000 ____D C:\ProgramData\HucVmIYocv
2015-11-18 17:14 - 2015-11-18 17:14 - 00000000 ____D C:\Users\Michael\Desktop\MURALS
2015-11-16 17:12 - 2015-11-16 17:12 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help
2015-11-16 10:27 - 2015-11-02 19:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-16 10:27 - 2015-11-02 19:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-15 22:39 - 2015-11-16 13:38 - 00000000 ____D C:\Users\Michael\Desktop\Misc art
2015-11-14 16:10 - 2015-11-15 22:41 - 00000000 ___HD C:\Users\Michael\Downloads\H
2015-11-12 12:55 - 2015-11-19 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 23:55 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 23:55 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 23:55 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 23:55 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 23:55 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 23:55 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 23:55 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 23:55 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 23:55 - 2015-10-30 17:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 23:55 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 23:55 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 23:55 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 23:55 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 23:55 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 23:55 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 23:55 - 2015-10-30 17:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 23:55 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 23:55 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 23:55 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 23:55 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 23:55 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 23:55 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 23:55 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 23:55 - 2015-10-20 16:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 23:55 - 2015-10-20 09:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 23:55 - 2015-10-20 09:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 23:55 - 2015-10-20 09:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 23:55 - 2015-10-20 09:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 23:55 - 2015-10-20 09:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 23:55 - 2015-10-20 09:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 23:55 - 2015-10-20 09:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 23:55 - 2015-10-20 09:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 23:55 - 2015-10-20 09:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 23:55 - 2015-10-20 09:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 23:55 - 2015-10-20 09:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 23:55 - 2015-10-15 11:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 23:55 - 2015-10-15 10:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 23:55 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 23:55 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 23:55 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 23:55 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 23:55 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 23:55 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 23:55 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 23:55 - 2015-10-13 10:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 23:55 - 2015-10-13 10:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 23:55 - 2015-10-13 10:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 23:55 - 2015-10-13 10:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 23:55 - 2015-10-13 10:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 23:55 - 2015-10-13 10:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 23:55 - 2015-10-11 01:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 23:55 - 2015-10-11 01:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 23:55 - 2015-10-10 13:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 23:55 - 2015-10-10 13:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 23:55 - 2015-10-10 13:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 23:55 - 2015-10-10 12:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 23:55 - 2015-10-10 12:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 23:55 - 2015-10-10 12:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 23:55 - 2015-10-10 11:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 23:55 - 2015-09-29 07:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 23:55 - 2015-09-12 08:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 23:55 - 2015-09-07 11:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 23:55 - 2015-09-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 23:55 - 2015-09-07 10:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 23:55 - 2015-09-04 14:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 23:55 - 2015-08-28 17:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 23:55 - 2015-08-20 15:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 23:55 - 2015-08-20 12:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 23:54 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 23:54 - 2015-10-08 11:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 23:54 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 23:54 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 23:54 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 23:54 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 23:54 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-10-28 17:11 - 2015-10-28 17:11 - 00000872 _____ C:\Users\Michael\AppData\Local\recently-used.xbel
2015-10-28 17:11 - 2015-10-28 17:11 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0
2015-10-28 17:11 - 2015-10-28 17:11 - 00000000 ____D C:\Users\Michael\.thumbnails
2015-10-28 16:55 - 2015-10-28 17:12 - 00000000 ____D C:\Users\Michael\.gimp-2.8
2015-10-28 16:55 - 2015-10-28 16:55 - 00000000 ____D C:\Users\Michael\AppData\Local\gegl-0.2
2015-10-28 16:50 - 2015-10-28 16:50 - 00000000 ____D C:\Users\Craig\AppData\Roaming\Mozilla
2015-10-27 14:23 - 2015-10-27 14:23 - 00000299 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2015-10-27 14:08 - 2015-11-16 17:43 - 00000000 ____D C:\Users\Michael\Desktop\Music charts
2015-10-21 12:01 - 2015-10-21 15:03 - 00000000 ____D C:\Users\Michael\Downloads\Megadeth.Discography.1985-2013.MP3.320kbps
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-20 12:44 - 2015-08-26 14:43 - 01808748 _____ C:\windows\WindowsUpdate.log
2015-11-20 12:35 - 2014-03-18 04:53 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-20 12:34 - 2015-08-21 01:21 - 00000000 ___RD C:\Users\Michael\OneDrive
2015-11-20 12:34 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-11-20 01:43 - 2014-08-21 13:38 - 00000000 __RDO C:\Users\Craig\OneDrive
2015-11-20 01:41 - 2015-09-11 10:26 - 00011085 _____ C:\windows\setupact.log
2015-11-20 01:41 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-20 01:02 - 2015-09-16 12:26 - 00016920 _____ C:\windows\PFRO.log
2015-11-20 01:01 - 2015-08-26 04:23 - 00000000 ____D C:\searchplugins
2015-11-20 00:53 - 2015-08-20 13:18 - 00000000 ____D C:\Users\Michael\AppData\Local\SweetLabs App Platform
2015-11-19 20:49 - 2015-08-26 04:25 - 00000350 _____ C:\windows\Tasks\HPCeeScheduleForCraig.job
2015-11-19 11:29 - 2014-05-20 16:48 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-18 17:21 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-18 03:12 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-11-16 17:04 - 2015-09-22 18:16 - 00000000 ____D C:\Users\Michael\Downloads\Available pieces
2015-11-16 11:40 - 2015-08-21 07:41 - 01208832 ___SH C:\Users\Michael\Desktop\Thumbs.db
2015-11-16 10:42 - 2014-09-06 16:18 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-16 10:42 - 2014-09-06 16:18 - 00000000 ____D C:\windows\system32\MRT
2015-11-16 10:26 - 2013-08-22 09:44 - 00494928 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-15 22:42 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-11-14 15:36 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-14 14:41 - 2015-08-21 16:45 - 06852608 ___SH C:\Users\Michael\Downloads\Thumbs.db
2015-11-12 21:06 - 2015-08-20 13:22 - 00002444 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-11-12 21:05 - 2015-08-20 13:22 - 00002426 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-11-12 15:02 - 2015-10-03 17:10 - 00000000 ____D C:\Users\Michael\Downloads\Makeup transformations
2015-11-12 12:44 - 2014-05-20 16:57 - 00000000 ____D C:\ProgramData\McAfee
2015-11-12 00:54 - 2015-08-20 13:18 - 00000000 ____D C:\Users\Michael
2015-10-29 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-10-29 12:30 - 2015-09-22 18:53 - 00000000 ____D C:\Users\Michael\AppData\Roaming\uTorrent
2015-10-29 12:28 - 2015-10-16 14:50 - 00000000 ____D C:\Program Files\Nikon
2015-10-28 16:47 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-10-28 10:08 - 2015-10-16 14:49 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT
2015-10-28 10:07 - 2015-10-16 14:49 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT
2015-10-28 09:36 - 2014-09-15 19:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-25 14:03 - 2013-08-22 10:36 - 00000000 ____D C:\windows\LiveKernelReports
2015-10-21 11:59 - 2015-09-22 18:53 - 00000000 ____D C:\Users\Craig\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2015-10-28 17:11 - 2015-10-28 17:11 - 0000872 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-10-16 14:49 - 2015-10-16 14:49 - 0000268 ___RH () C:\ProgramData\Licenses
2015-10-16 14:51 - 2015-10-16 14:51 - 0000268 ___RH () C:\ProgramData\Light Machine
2015-10-16 14:49 - 2015-10-16 14:49 - 0000268 ___RH () C:\ProgramData\Limiter
2015-10-16 14:51 - 2015-10-16 14:51 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2015-10-16 14:49 - 2015-10-28 10:08 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-10-16 14:49 - 2015-10-28 10:07 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
 
Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\oct4C7E.tmp.exe
C:\Users\Michael\AppData\Local\Temp\octAE5C.tmp.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Michael (2015-11-20 12:48:36)
Running from C:\Users\Michael\Desktop
Windows 8.1 (X64) (2014-08-21 18:36:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-500842100-1455412229-3231742528-500 - Administrator - Disabled)
Craig (S-1-5-21-500842100-1455412229-3231742528-1001 - Administrator - Enabled) => C:\Users\Craig
Guest (S-1-5-21-500842100-1455412229-3231742528-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-500842100-1455412229-3231742528-1003 - Limited - Enabled)
Michael (S-1-5-21-500842100-1455412229-3231742528-1004 - Limited - Enabled) => C:\Users\Michael
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1FFAF315-ADDB-013D-0A76-7783A203E02D}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.56 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.3.56 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3625 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3626 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fender FUSE (HKU\S-1-5-21-500842100-1455412229-3231742528-1004\...\1476842125.fuse.fender.com) (Version:  - fuse.fender.com)
Fender FUSE 2.7.1.48 (HKLM-x32\...\Fender FUSE) (Version:  - )
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Inst5675 (Version: 8.01.06 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.06 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.23.20150119 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{2D5218EB-6992-46E3-8ECE-76C79AB955CE}) (Version: 3.13.2.0 - LG Electronics)
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Pokki (HKU\S-1-5-21-500842100-1455412229-3231742528-1004\...\SweetLabs_AP) (Version: 0.269.7.802 - Pokki)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PreSonus Studio One 2 x64 (HKLM\...\PreSonus Studio One 2) (Version: 2.0.0.16617 - PreSonus Audio Electronics)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30175 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7135 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (HKLM-x32\...\InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}) (Version: 4.47 - Samsung)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (x32 Version: 4.47 - Samsung) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Start Menu (HKU\S-1-5-21-500842100-1455412229-3231742528-1004\...\SweetLabs_Start_Menu) (Version: 0.269.7.800 - Pokki)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.3 - Nikon)
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\HPCeeScheduleForCraig.job => 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-28 09:35 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-18 17:42 - 2015-11-18 17:42 - 00157696 _____ () C:\ProgramData\Uceecreifh\1.0.6.1\imcneaou.exe
2014-02-07 12:24 - 2014-02-07 12:24 - 02108928 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-02-07 12:21 - 2014-02-07 12:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-02-07 12:21 - 2014-02-07 12:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-02-07 12:21 - 2014-02-07 12:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-02-07 12:40 - 2014-02-07 12:40 - 00368528 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-02-07 12:40 - 2014-02-07 12:40 - 00714128 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-02-07 12:37 - 2014-02-07 12:37 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-500842100-1455412229-3231742528-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{36AF6BFD-CF1C-4258-B40C-218C12943F9C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B0A6DD59-DF33-446F-992B-2FF54F96F33F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{78BA4741-B941-49A7-ADAA-4483A6A69641}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{CE53FCD2-A347-4064-A4AC-C92BC6D47F7A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{93866C11-2936-4ADF-AA5C-79D66967B7FF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{EADDA7FF-D311-40E5-9ED9-65D80EF9AA42}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{BCE0387F-95A6-420E-AD99-13E052DFC1FB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F6EFE09F-5465-4EAC-83DB-35A07BC7549F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EBE21C8-E47D-4AA0-B1EB-AFD9B5336FA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0AC60C48-8866-4431-B073-56ED931BE59E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B9C45C16-C1CC-410C-9777-D00529503418}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3B6B78A-2EF1-462C-8C05-DE94E36045D6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FC865153-E061-4C91-A737-76020FE993A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B4A29AE9-5E34-4467-A21C-2F5748834909}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{22637447-FCED-42F9-A73F-8F72FA2F2235}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{9FDC2EA9-D4D4-4AB8-B404-7D8703E418A5}] => (Allow) LPort=4481
FirewallRules: [{95192796-D8F7-4547-9F7C-AE1CF548C227}] => (Allow) LPort=4481
FirewallRules: [{92C3F9AA-4257-41B6-BDCC-5B2E3F69CB44}] => (Allow) LPort=4482
FirewallRules: [{8218E9B1-87D5-455A-9E35-4B002AC44DA8}] => (Allow) LPort=4482
FirewallRules: [{FF0E03EA-D955-4C08-8F8E-E9E68CB42382}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB7252AD-7F91-4E6A-BF28-1497D8E088C3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F6CFDE3-4B15-46DA-A755-FBA90194149E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4A05A732-7D39-4AF5-AE01-B4B81F770DC5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E79CFAA5-C7FC-4B70-BFC0-6BD28A12B290}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8E3BDC30-69F5-4B0A-A109-7D49809368BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{31BFE75E-BB4A-4C65-94A8-EE1A5F79B9D8}] => (Allow) C:\Users\Craig\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{950D991C-43CF-420C-B308-59F4D70E7487}C:\program files\presonus\audiobox\audiobox.exe] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{7EAE5206-E361-4F5A-AF5D-6AD13A38152D}C:\program files\presonus\audiobox\audiobox.exe] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{2A5C5B06-64D2-4F67-819D-B2572C1DE0AA}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{6FA17505-E1DA-4243-A165-ED7B3D126D21}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{FACF6154-452E-484D-8E50-D1CDDCFCD6B2}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{B82258B5-1DE1-4711-AAA0-7EF1D5D780D1}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{FA8D9DC1-F545-453C-95CD-5BBAE882CA2D}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{033847B9-4B0B-448F-9F2B-8F2CAE462994}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
FirewallRules: [{21AC3B5E-FA76-4AE8-98FC-14FC93AA9DD8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{810E9A16-D3E8-4A53-A416-59F0902C2F53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4FE4802-2D04-4E5C-991E-B88908D93BF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FFD77229-FAE8-4763-9ECF-BF3E2B530383}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{DEA22C91-CED3-4235-A79E-3B4C5701D7C8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{E4B4987C-8638-4EE5-9605-42DA8605FFAA}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC4E42C1-F83E-417D-84BC-9EE5F14AC575}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8149B506-8DF7-4EAB-91D8-5E223D89B182}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A8C33106-592B-4A0D-8C87-E9D5F0AC52AD}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C28CEA33-BABF-43C6-A589-1042757AC1D2}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{73E9EE69-BB99-4572-A869-A05151715C96}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8BCB12EC-54C9-41AC-BE5C-63C9991C831B}] => (Allow) C:\Users\Craig\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{439BD277-CC05-449F-9F55-2E8587753911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/20/2015 00:48:12 PM) (Source: MsiInstaller) (EventID: 1024) (User: ROSSHOME)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6D00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (11/20/2015 00:34:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
 
Error: (11/20/2015 00:34:26 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR RossHome-2.local.
 
Error: (11/20/2015 00:34:26 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 0000:0000:0000:0000:0000:0000:0000:0001:5353   16 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR RossHome.local.
 
Error: (11/20/2015 00:34:26 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 65.2.168.192.in-addr.arpa. PTR RossHome-2.local.
 
Error: (11/20/2015 00:34:26 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.65:5353   16 65.2.168.192.in-addr.arpa. PTR RossHome.local.
 
Error: (11/20/2015 00:34:26 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Local Hostname RossHome.local already in use; will try RossHome-2.local instead
 
Error: (11/20/2015 00:34:26 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 RossHome.local. Addr 192.168.2.65
 
Error: (11/20/2015 00:34:26 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.65:5353   16 RossHome.local. AAAA FE80:0000:0000:0000:A509:A78C:CAE2:9BE2
 
Error: (11/20/2015 00:34:25 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 RossHome.local. Addr 192.168.2.65
 
 
System errors:
=============
Error: (11/20/2015 01:30:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (11/20/2015 01:30:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/20/2015 01:30:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/20/2015 01:30:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/20/2015 01:30:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/20/2015 01:30:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlackBerry Device Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/20/2015 01:30:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ggFqhIAFEv service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/20/2015 01:30:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The BlackBerry Link Communication Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/20/2015 01:30:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RIM MDNS service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/20/2015 01:30:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 28%
Total physical RAM: 7628.01 MB
Available physical RAM: 5434.94 MB
Total Virtual: 8844.01 MB
Available Virtual: 6394.93 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:916.06 GB) (Free:848.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:13.97 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP