Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Slow and Unresponsive


  • This topic is locked This topic is locked
18 replies to this topic

#1 DaUub

DaUub

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 25 February 2015 - 09:43 PM

I am having a lot of problems wit my computer.

 

It is slow, its unresponsive, I am almost 100% there is a virus. I do not have any anti virus software installed or know the first step to scan and find out the issue.



BC AdBot (Login to Remove)

 


m

#2 DaUub

DaUub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 27 February 2015 - 01:29 PM

bump



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 02 March 2015 - 09:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568323 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 DaUub

DaUub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 03 March 2015 - 01:41 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by mclaurinemc74 (administrator) on ERNIES-BABY on 02-03-2015 22:31:53
Running from C:\Users\mclaurinemc74\AppData\Local\Microsoft\Windows\INetCache\IE\MWASG15P
Loaded Profiles: mclaurinemc74 (Available profiles: mclaurinemc74)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
() C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe
() C:\Program Files\SaferBrowser\SaferBrowser.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> backgroundTaskHost.exe
Failed to access process -> explorer.exe
Failed to access process -> HPSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(The Chromium Authors) C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(The Chromium Authors) C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-01] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_523] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [network] => C:\Users\mclaurinemc74\AppData\Roaming\network\network.exe [79872 2014-12-14] ()
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\Users\mclaurinemc74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\mclaurinemc74\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\mclaurinemc74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\mclaurinemc74\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-256205407-3201302778-507034029-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-256205407-3201302778-507034029-1002] => http=127.0.0.1:56857;https=127.0.0.1:56857
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={DCFC998C-8258-4187-8309-94EBEB93F642}&action=homepage_search
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> DefaultScope {E327B2C2-37A3-4FD7-9007-1E8B1BA31129} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {E327B2C2-37A3-4FD7-9007-1E8B1BA31129} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> No Name - {387372DD-DB62-4E08-B1F7-E84BAF3FF73E} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-13]

Chrome:
=======
CHR Profile: C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Docs) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20]
CHR Extension: (YouTube) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (Google Search) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-20]
CHR Extension: (Google Sheets) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Google Wallet) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-20]
CHR Extension: (Gmail) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 22:31 - 2015-03-02 22:32 - 00000000 ____D () C:\FRST
2015-02-20 19:03 - 2015-02-20 19:03 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 19:03 - 2015-02-20 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 19:00 - 2015-02-28 02:05 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 19:00 - 2015-02-27 19:05 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 19:00 - 2015-02-20 19:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-20 19:00 - 2015-02-20 19:00 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-20 19:00 - 2015-02-20 19:00 - 00003672 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-14 10:08 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-14 10:05 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 10:05 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:07 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:07 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:07 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 08:07 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 08:07 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:07 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:07 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:07 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:07 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:07 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:07 - 2014-12-08 15:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 08:07 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:07 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:07 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:07 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:07 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:06 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:06 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:06 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:06 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:06 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 08:06 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:06 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:06 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:06 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:06 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:06 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:06 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 08:06 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 08:06 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 08:06 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:06 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:06 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:06 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:06 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:06 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:06 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 08:06 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 08:06 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 08:06 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:06 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 08:06 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:06 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:06 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:06 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:06 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:06 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:06 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:06 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:06 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:06 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:06 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 08:06 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 08:06 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:06 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:06 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 08:06 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 08:06 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 08:06 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 08:06 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 08:06 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 08:06 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 08:06 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 08:05 - 2015-02-03 15:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:05 - 2015-02-03 15:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:05 - 2015-02-03 15:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:05 - 2015-02-02 15:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:05 - 2015-02-02 15:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:05 - 2015-02-02 15:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:05 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 08:05 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-03 16:45 - 2015-02-03 16:45 - 00001772 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\Program Files\iTunes
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\Program Files\iPod
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 22:31 - 2013-11-06 16:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-03-02 22:28 - 2014-05-11 14:56 - 01463429 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 22:23 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-27 20:08 - 2014-05-11 15:04 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-256205407-3201302778-507034029-1002
2015-02-27 04:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-26 02:20 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 20:13 - 2014-05-20 17:13 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormclaurinemc74
2015-02-25 20:13 - 2014-05-20 17:13 - 00000388 _____ () C:\Windows\Tasks\HPCeeScheduleFormclaurinemc74.job
2015-02-20 19:05 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-20 19:03 - 2014-12-17 16:45 - 00000000 ____D () C:\Users\mclaurinemc74\AppData\Local\Google
2015-02-20 19:01 - 2015-01-22 18:37 - 00000000 ____D () C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a
2015-02-20 19:00 - 2014-05-11 15:12 - 00000000 ___DO () C:\Users\mclaurinemc74\SkyDrive
2015-02-20 19:00 - 2014-05-11 15:00 - 00000000 ____D () C:\Users\mclaurinemc74\Documents\Youcam
2015-02-17 19:21 - 2014-03-13 09:00 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-17 18:58 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-15 14:16 - 2014-05-11 14:59 - 00000000 ____D () C:\Users\mclaurinemc74
2015-02-15 14:15 - 2013-08-25 22:01 - 00028480 _____ () C:\Windows\PFRO.log
2015-02-15 14:15 - 2013-08-22 06:46 - 00037902 _____ () C:\Windows\setupact.log
2015-02-15 14:15 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 05:11 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-02-14 11:33 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-14 10:09 - 2014-03-13 09:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 10:07 - 2014-03-13 09:18 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-14 10:06 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-14 09:55 - 2014-03-13 09:21 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-02-11 16:29 - 2013-08-22 06:44 - 00353928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 12:29 - 2014-12-09 22:12 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 12:29 - 2014-07-15 18:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 08:35 - 2014-05-15 23:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 08:30 - 2014-05-15 23:26 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-03 18:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 16:45 - 2014-05-11 16:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-03 11:31 - 2014-07-15 19:04 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2014-07-15 19:04 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\mclaurinemc74\AppData\Local\Temp\Extract.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\rt-update.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\sp64126.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65048.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65599.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65796.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLitefaf0cfac-0c43-4823-936a-54eed842775a.dll
C:\Users\mclaurinemc74\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\updatecertmanager.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\vcredist_x64.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\vlc-2.1.3-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-27 04:00

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by mclaurinemc74 at 2015-03-02 22:35:07
Running from C:\Users\mclaurinemc74\AppData\Local\Microsoft\Windows\INetCache\IE\MWASG15P
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{19C397A1-9C70-119F-E3BF-752C432FD217}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{1D7EB7E7-0B5D-4A23-A383-7EF133090026}) (Version: 2.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Idle Crawler (HKLM-x32\...\0700478A-BFCB-495C-9D00-000400A300) (Version: 108.0.0.455 - MILE 27 LTD) <==== ATTENTION
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
RocketTab: (HKLM-x32\...\RocketTab) (Version:  - RocketTab:) <==== ATTENTION!
SaferBrowser (HKLM\...\SaferBrowser) (Version:  - SaferBrowser) <==== ATTENTION!
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.16.1 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EEAE810-7ED7-40BB-AD2A-C2B604ADC0A6} - System32\Tasks\HPCeeScheduleFormclaurinemc74 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {157D2109-222E-420F-A64A-BA806D949DA8} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {1869E491-126A-4224-BFD3-00A3B5CB33A1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1BC28045-90BE-4662-94E6-72CE179ADDAA} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-18] () <==== ATTENTION
Task: {3A52955B-5D76-4CE2-8963-55CA95A45092} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3B80BBEE-8601-4320-AD95-DF6D9192D04E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-04] (CyberLink)
Task: {40C42C9F-A5CA-4C30-8726-20376ABA6206} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {43C33E36-A5D6-4740-8A1A-32208A525F6C} - System32\Tasks\SaferBrowser Update Task => C:\Program Files\SaferBrowser\uninstall.exe [2014-12-14] ()
Task: {47428D8C-9485-4965-BED2-81C1B720014A} - System32\Tasks\Runner IC => %LOCALAPPDATA%\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
Task: {5DB454E9-8676-43E3-B0F7-A0712EE6357C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {62F7FB2B-E174-4B13-814F-69D8D76A2AF0} - System32\Tasks\Safer Browser StartUp => C:\Program Files\SaferBrowser\SaferBrowser.exe [2014-12-09] () <==== ATTENTION
Task: {6CDC5935-4172-4232-85C3-0761989E6A50} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-01] (Synaptics Incorporated)
Task: {854ED9EE-B9E7-4E5B-A952-F156CFB34AD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {94CA5720-7783-4209-A15A-AC6AB61E8F26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {A00FA7EC-4230-45A9-8F39-797447B8771A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7F7485C-50DD-4B05-8964-F9C383F94E2F} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
Task: {AC5FDB5B-D5F4-4F3A-9E56-7520FB86F232} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {AD0AC242-F42A-4B33-89C0-19387FCE1A78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {AD4FBE70-8AEB-424F-BF03-C4C50C7FC5F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {CB054E37-D005-4DDC-B61E-5945E5AC0840} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CD1D836B-7573-46CF-8BC7-9AC66FE073E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {D3B81BE9-7E94-437B-A0C8-FB52775D5FB4} - System32\Tasks\RunTool => C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe [2015-01-30] () <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormclaurinemc74.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 05:49 - 2013-09-25 05:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-25 05:48 - 2013-09-25 05:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-17 02:00 - 2014-11-17 02:00 - 00386608 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
2015-01-20 16:31 - 2015-01-30 17:26 - 00701952 _____ () C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe
2014-12-09 12:45 - 2014-12-09 12:59 - 01640448 _____ () C:\Program Files\SaferBrowser\SaferBrowser.exe
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-12-18 16:44 - 2014-12-18 16:44 - 05812224 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-11-17 02:04 - 2014-11-17 02:04 - 00094768 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\ManXec.dll
2014-11-17 02:04 - 2014-11-17 02:04 - 00071216 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\CmdProc.dll
2014-11-17 02:05 - 2014-11-17 02:05 - 00043056 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\PrfIns.dll
2014-11-17 02:05 - 2014-11-17 02:05 - 00054320 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\WbSes.dll
2014-11-17 02:05 - 2014-11-17 02:05 - 00120368 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\WdcMan.dll
2014-11-17 02:05 - 2014-11-17 02:05 - 00122416 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\WblSupp.dll
2014-11-17 02:04 - 2014-11-17 02:04 - 00101936 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\CmnUtls.dll
2014-11-17 02:04 - 2014-11-17 02:04 - 00038960 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Modules\InSes.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-13 09:16 - 2013-08-04 23:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 14:48 - 2013-08-05 14:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-20 19:03 - 2015-02-17 14:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 19:03 - 2015-02-17 14:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-01-27 19:58 - 2015-01-27 19:58 - 00227328 _____ () C:\Users\mclaurinemc74\AppData\Local\Packages\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\c1cbabc316caabe260365f723757062f\CEServices.ni.dll
2014-10-20 22:30 - 2014-10-20 22:30 - 01130496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2014-10-20 22:30 - 2014-10-20 22:30 - 00808448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2014-10-20 22:30 - 2014-10-20 22:30 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-10-20 22:30 - 2014-10-20 22:30 - 00402432 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2014-06-21 01:31 - 2014-06-21 01:31 - 00238080 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2014-10-25 23:31 - 2014-10-25 23:31 - 00797696 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-02-20 19:03 - 2015-02-17 14:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-20 19:03 - 2015-02-17 14:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
2014-12-14 22:00 - 2014-10-23 00:14 - 01091584 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\libglesv2.dll
2014-12-14 22:00 - 2014-10-23 00:19 - 00167936 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\libEGL.dll
2014-12-14 22:00 - 2014-10-23 00:26 - 08569856 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\pdf.dll
2014-12-14 22:00 - 2014-10-23 00:20 - 00324608 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-12-14 22:00 - 2014-10-23 00:23 - 00880128 _____ () C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300\Chrome-bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\mclaurinemc74\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256205407-3201302778-507034029-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\Run: => "network"

==================== Accounts: =============================

Administrator (S-1-5-21-256205407-3201302778-507034029-500 - Administrator - Disabled)
Guest (S-1-5-21-256205407-3201302778-507034029-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-256205407-3201302778-507034029-1004 - Limited - Enabled)
mclaurinemc74 (S-1-5-21-256205407-3201302778-507034029-1002 - Administrator - Enabled) => C:\Users\mclaurinemc74

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6406

Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6406

Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4765

Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4765

Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3140

Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3140

Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 07:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1562

System errors:
=============
Error: (03/02/2015 10:32:59 PM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 02:21:15 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 02:12:04 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 02:00:54 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 01:50:44 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 01:42:33 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 01:31:24 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 01:24:13 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 01:17:02 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/28/2015 01:05:52 AM) (Source: DCOM) (EventID: 10016) (User: ERNIES-BABY)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}Ernies-Babymclaurinemc74S-1-5-21-256205407-3201302778-507034029-1002LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6406

Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6406

Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4765

Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4765

Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3140

Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3140

Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/20/2015 07:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1562

==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3537.01 MB
Available physical RAM: 1700.29 MB
Total Pagefile: 4930.11 MB
Available Pagefile: 1759.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.25 GB) (Free:377.07 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.74 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 179F6E94)

Partition: GPT Partition Type.

==================== End Of Log ============================



#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:01:41 PM

Posted 03 March 2015 - 05:02 AM

Hi, DaUub! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

Now then, let's get to work!

Farbar Recovery Scan Tool

First, I need you to run a fix with FRST. I noticed you ran the program from your browser rather than downloading it; this will not work for fixing. As such, please download FRST and save it to your desktop before performing the below steps. :)

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300
    C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [ospd_us_523] => [X]
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [network] => C:\Users\mclaurinemc74\AppData\Roaming\network\network.exe [79872 2014-12-14] ()
    C:\Users\mclaurinemc74\AppData\Roaming\network
    IFEO\bbqleads.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
    IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
    IFEO\bbqquotes.exe: [Debugger] TaskList.exe
    IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
    IFEO\donutleads.exe: [Debugger] TaskList.exe
    IFEO\donutquotes.exe: [Debugger] TaskList.exe
    IFEO\internetenhancer.exe: [Debugger] TaskList.exe
    IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
    IFEO\pastaleads.exe: [Debugger] TaskList.exe
    IFEO\pastaquotes.exe: [Debugger] TaskList.exe
    IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
    IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
    IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
    ProxyEnable: [S-1-5-21-256205407-3201302778-507034029-1002] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-256205407-3201302778-507034029-1002] => http=127.0.0.1:56857;https=127.0.0.1:56857
    HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={DCFC998C-8258-4187-8309-94EBEB93F642}&action=homepage_search
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> DefaultScope {E327B2C2-37A3-4FD7-9007-1E8B1BA31129} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
    SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
    SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
    SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {E327B2C2-37A3-4FD7-9007-1E8B1BA31129} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
    Toolbar: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> No Name - {387372DD-DB62-4E08-B1F7-E84BAF3FF73E} -  No File
    S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
    C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a
    C:\Users\mclaurinemc74\AppData\Local\Temp\Extract.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\rt-update.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\sp64126.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\SP65048.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\SP65599.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\SP65796.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLitefaf0cfac-0c43-4823-936a-54eed842775a.dll
    C:\Users\mclaurinemc74\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\updatecertmanager.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\vlc-2.1.3-win32.exe
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Task: {157D2109-222E-420F-A64A-BA806D949DA8} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
    Task: {1869E491-126A-4224-BFD3-00A3B5CB33A1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {1BC28045-90BE-4662-94E6-72CE179ADDAA} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-18] () <==== ATTENTION
    Task: {47428D8C-9485-4965-BED2-81C1B720014A} - System32\Tasks\Runner IC => %LOCALAPPDATA%\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
    Task: {A7F7485C-50DD-4B05-8964-F9C383F94E2F} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
    Task: {D3B81BE9-7E94-437B-A0C8-FB52775D5FB4} - System32\Tasks\RunTool => C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe [2015-01-30] () <==== ATTENTION
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

Next, I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

 

However, before you do, I need to ask if you use the following programs:

DisableMSDefender

HP Documentation (just some documentation and tutorials)

HP Registration Service

Windows Live Essentials

 

If not, please remove them with the other programs below.

 

It seems you have a botched installation of McAfee running, so I would like for you to remove it, and then install avast! as your antivirus program instead.

If you want to use Programs and Features:

  • Right click on the Windows logo on the left corner of your screen, click Control Panel, and then Uninstall a program.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    DesktopWeatherAlerts

    DisableMSDefender

    HP Documentation

    HP Registration Service

    Idle Crawler

    Itibiti RTC

    McAfee LiveSafe - Internet Security

    RocketTab:

    SaferBrowser

    Windows Live Essentials
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    DesktopWeatherAlerts

    DisableMSDefender

    HP Documentation

    HP Registration Service

    Idle Crawler

    Itibiti RTC

    McAfee LiveSafe - Internet Security

    RocketTab:

    SaferBrowser

    Windows Live Essentials

  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Next, download avast! from here, and save it to your desktop. Double click the installer to run it, and follow the prompts to install avast! However, feel free to decline any offers for third-party programs.

 

Finally, you have disabled a few items in MSCONFIG:

HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\Run: => "network"

 

This is a rather messy way of getting rid of start-up entries, and since the above fixes should take care of these, I would like for you to re-enable these items in MSCONFIG. :)

 

Last but not least, please run another scan with FRST so that I can get a fresh look at your system. Only FRST.txt will be made this time; please copy and paste it into your reply. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 DaUub

DaUub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 03 March 2015 - 03:35 PM

Currently removing all of the programs

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by mclaurinemc74 at 2015-03-03 11:33:41 Run:1
Running from C:\Users\mclaurinemc74\Desktop\FRST
Loaded Profiles: mclaurinemc74 (Available profiles: mclaurinemc74)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300
C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_523] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [network] => C:\Users\mclaurinemc74\AppData\Roaming\network\network.exe [79872 2014-12-14] ()
C:\Users\mclaurinemc74\AppData\Roaming\network
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
ProxyEnable: [S-1-5-21-256205407-3201302778-507034029-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-256205407-3201302778-507034029-1002] => http=127.0.0.1:56857;https=127.0.0.1:56857
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={DCFC998C-8258-4187-8309-94EBEB93F642}&action=homepage_search
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> DefaultScope {E327B2C2-37A3-4FD7-9007-1E8B1BA31129} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
SearchScopes: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> {E327B2C2-37A3-4FD7-9007-1E8B1BA31129} URL = http://maxwebsearch.com/s?query={searchTerms}&uc=20141215&uid=9e79ed91-a9db-49f3-946f-d7363659d86c&i_id=saferbrowser-amonetize&source=&defsearch=1&type=defsearch
Toolbar: HKU\S-1-5-21-256205407-3201302778-507034029-1002 -> No Name - {387372DD-DB62-4E08-B1F7-E84BAF3FF73E} -  No File
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a
C:\Users\mclaurinemc74\AppData\Local\Temp\Extract.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\rt-update.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\sp64126.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65048.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65599.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65796.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLitefaf0cfac-0c43-4823-936a-54eed842775a.dll
C:\Users\mclaurinemc74\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\updatecertmanager.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\vcredist_x64.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\vlc-2.1.3-win32.exe
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Task: {157D2109-222E-420F-A64A-BA806D949DA8} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {1869E491-126A-4224-BFD3-00A3B5CB33A1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1BC28045-90BE-4662-94E6-72CE179ADDAA} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-18] () <==== ATTENTION
Task: {47428D8C-9485-4965-BED2-81C1B720014A} - System32\Tasks\Runner IC => %LOCALAPPDATA%\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
Task: {A7F7485C-50DD-4B05-8964-F9C383F94E2F} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\0700478A-BFCB-495C-9D00-000400A300\Runner.exe
Task: {D3B81BE9-7E94-437B-A0C8-FB52775D5FB4} - System32\Tasks\RunTool => C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe [2015-01-30] () <==== ATTENTION
*****************
 
C:\Users\mclaurinemc74\AppData\Local\0700478A-BFCB-495C-9D00-000400A300 => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\sysad.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartCCC => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HPMessageService => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_523 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NCPluginUpdater => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Windows\CurrentVersion\Run\\network => value deleted successfully.
C:\Users\mclaurinemc74\AppData\Roaming\network => Moved successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => Key Deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => Key Deleted successfully.
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
HKU\S-1-5-21-256205407-3201302778-507034029-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-256205407-3201302778-507034029-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-256205407-3201302778-507034029-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
"HKU\S-1-5-21-256205407-3201302778-507034029-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E327B2C2-37A3-4FD7-9007-1E8B1BA31129}" => Key deleted successfully.
HKCR\CLSID\{E327B2C2-37A3-4FD7-9007-1E8B1BA31129} => Key not found. 
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{387372DD-DB62-4E08-B1F7-E84BAF3FF73E} => value deleted successfully.
HKCR\CLSID\{387372DD-DB62-4E08-B1F7-E84BAF3FF73E} => Key not found. 
wpnfd_1_10_0_4 => Service deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection => Moved successfully.
 
"C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a" directory move:
 
Could not move "C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a\sysad.exe" => Scheduled to move on reboot.
Could not move "C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a" directory. => Scheduled to move on reboot.
 
C:\Users\mclaurinemc74\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\rt-update.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65048.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65599.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\SP65796.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLitefaf0cfac-0c43-4823-936a-54eed842775a.dll => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\updatecertmanager.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{878F6913-7421-4713-97F7-0A736EE2A188}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45898170-E68C-4F02-AA35-C2186BF347A3}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\\SystemComponent => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{157D2109-222E-420F-A64A-BA806D949DA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{157D2109-222E-420F-A64A-BA806D949DA8}" => Key deleted successfully.
C:\Windows\System32\Tasks\RocketTab => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1869E491-126A-4224-BFD3-00A3B5CB33A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1869E491-126A-4224-BFD3-00A3B5CB33A1}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BC28045-90BE-4662-94E6-72CE179ADDAA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BC28045-90BE-4662-94E6-72CE179ADDAA}" => Key deleted successfully.
C:\Windows\System32\Tasks\RocketTab Update Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47428D8C-9485-4965-BED2-81C1B720014A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47428D8C-9485-4965-BED2-81C1B720014A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Runner IC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner IC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7F7485C-50DD-4B05-8964-F9C383F94E2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F7485C-50DD-4B05-8964-F9C383F94E2F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Update IC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Update IC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3B81BE9-7E94-437B-A0C8-FB52775D5FB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B81BE9-7E94-437B-A0C8-FB52775D5FB4}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunTool => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunTool" => Key deleted successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-03 11:39:37)<=
 
C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a\sysad.exe => Is moved successfully.
C:\Users\mclaurinemc74\AppData\Local\faf0cfac-0c43-4823-936a-54eed842775a => Is moved successfully.
 
==== End of Fixlog 11:39:37 ====


#7 DaUub

DaUub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 03 March 2015 - 04:13 PM

I couldn't re-enable in MS-CONFIG I couldnt find them

 

but here is the FRST Scan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by mclaurinemc74 (administrator) on ERNIES-BABY on 03-03-2015 13:02:10
Running from C:\Users\mclaurinemc74\Desktop\FRST
Loaded Profiles: mclaurinemc74 (Available profiles: mclaurinemc74)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\SaferBrowser\SaferBrowser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-01] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5513424 2015-03-03] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-03]
 
Chrome: 
=======
CHR Profile: C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Google Docs) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20]
CHR Extension: (YouTube) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (Google Search) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-20]
CHR Extension: (Google Sheets) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Google Wallet) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-20]
CHR Extension: (Gmail) - C:\Users\mclaurinemc74\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0161701425415988mcinstcleanup; C:\Users\mclaurinemc74\AppData\Local\Temp\0161701425415988mcinst.exe [851136 2014-08-08] (McAfee, Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-03] (Avast Software s.r.o.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-03] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-03] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S0 cfwids; system32\drivers\cfwids.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-03 13:01 - 2015-03-03 13:01 - 00000000 ____D () C:\Users\mclaurinemc74\AppData\Roaming\AVAST Software
2015-03-03 13:00 - 2015-03-03 13:00 - 00355360 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2015-03-03 13:00 - 2015-03-03 13:00 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-03 13:00 - 2015-03-03 13:00 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-03 13:00 - 2015-03-03 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-03 12:59 - 2015-03-03 12:59 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-03 12:59 - 2015-03-03 12:59 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-03 12:59 - 2015-03-03 12:59 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-03 12:59 - 2015-03-03 12:59 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-03 12:59 - 2015-03-03 12:59 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-03 12:59 - 2015-03-03 12:59 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-03 12:59 - 2015-03-03 12:59 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-03 12:59 - 2015-03-03 12:59 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-03 12:59 - 2015-03-03 12:59 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-03 12:59 - 2015-03-03 12:59 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-03 12:54 - 2015-03-03 12:54 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-03 12:54 - 2015-03-03 12:54 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-03 12:49 - 2015-03-03 12:49 - 05475064 _____ (Avast Software s.r.o.) C:\Users\mclaurinemc74\Downloads\avast_free_antivirus_setup_online.exe
2015-03-03 11:49 - 2015-03-03 11:49 - 00001247 _____ () C:\Users\mclaurinemc74\Desktop\Revo Uninstaller.lnk
2015-03-03 11:49 - 2015-03-03 11:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-03 11:48 - 2015-03-03 11:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mclaurinemc74\Downloads\revosetup.exe
2015-03-03 10:31 - 2015-03-03 13:02 - 00000000 ____D () C:\Users\mclaurinemc74\Desktop\FRST
2015-03-02 22:31 - 2015-03-03 13:02 - 00000000 ____D () C:\FRST
2015-02-25 23:14 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 23:14 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 23:14 - 2014-10-28 17:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 23:14 - 2014-10-28 17:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 23:14 - 2014-10-28 17:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 23:14 - 2014-10-28 17:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-20 19:03 - 2015-02-20 19:03 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 19:03 - 2015-02-20 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 19:00 - 2015-03-03 12:05 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 19:00 - 2015-03-03 11:39 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 19:00 - 2015-02-20 19:02 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-20 19:00 - 2015-02-20 19:00 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-20 19:00 - 2015-02-20 19:00 - 00003672 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-14 10:05 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 10:05 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:07 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:07 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:07 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 08:07 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 08:07 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:07 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:07 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:07 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:07 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:07 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:07 - 2014-12-08 15:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 08:07 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:07 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:07 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:07 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:07 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:06 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:06 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:06 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:06 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:06 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 08:06 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:06 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:06 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:06 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:06 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:06 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:06 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 08:06 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 08:06 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 08:06 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:06 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:06 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:06 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:06 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:06 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:06 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 08:06 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 08:06 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 08:06 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:06 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 08:06 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:06 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:06 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:06 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:06 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:06 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:06 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:06 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:06 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:06 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:06 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 08:06 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 08:06 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:06 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:06 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 08:06 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 08:06 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 08:06 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 08:06 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 08:06 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 08:06 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 08:06 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 08:05 - 2015-02-03 15:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:05 - 2015-02-03 15:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:05 - 2015-02-03 15:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:05 - 2015-02-02 15:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:05 - 2015-02-02 15:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:05 - 2015-02-02 15:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:05 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 08:05 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-03 16:45 - 2015-02-03 16:45 - 00001772 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\Program Files\iTunes
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\Program Files\iPod
2015-02-03 16:45 - 2015-02-03 16:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-03 13:01 - 2014-03-13 09:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-03 13:00 - 2014-05-11 15:00 - 00000000 ____D () C:\Users\mclaurinemc74\Documents\Youcam
2015-03-03 13:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-03 12:59 - 2014-05-11 15:04 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-256205407-3201302778-507034029-1002
2015-03-03 12:55 - 2014-03-13 09:18 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-03 12:55 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-03 12:47 - 2014-12-14 21:57 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2015-03-03 12:26 - 2013-11-06 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-03 12:26 - 2013-11-06 15:49 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-03 12:06 - 2014-05-11 14:56 - 01972654 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 11:40 - 2014-05-11 15:12 - 00000000 ___DO () C:\Users\mclaurinemc74\SkyDrive
2015-03-03 11:38 - 2013-08-25 22:01 - 00029130 _____ () C:\Windows\PFRO.log
2015-03-03 11:38 - 2013-08-22 06:46 - 00038018 _____ () C:\Windows\setupact.log
2015-03-03 11:38 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 02:31 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-03 02:13 - 2014-05-20 17:13 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormclaurinemc74
2015-03-03 02:13 - 2014-05-20 17:13 - 00000388 _____ () C:\Windows\Tasks\HPCeeScheduleFormclaurinemc74.job
2015-03-02 23:10 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-26 02:20 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-20 19:03 - 2014-12-17 16:45 - 00000000 ____D () C:\Users\mclaurinemc74\AppData\Local\Google
2015-02-17 19:21 - 2014-03-13 09:00 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-17 18:58 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-15 14:16 - 2014-05-11 14:59 - 00000000 ____D () C:\Users\mclaurinemc74
2015-02-15 05:11 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-02-14 11:33 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-11 16:29 - 2013-08-22 06:44 - 00353928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 12:29 - 2014-12-09 22:12 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 12:29 - 2014-07-15 18:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 08:35 - 2014-05-15 23:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 08:30 - 2014-05-15 23:26 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-03 18:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 16:45 - 2014-05-11 16:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-03 11:31 - 2014-07-15 19:04 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2014-07-15 19:04 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\mclaurinemc74\AppData\Local\Temp\0161701425415988mcinst.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\mccspuninstall.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-03 02:30
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by mclaurinemc74 at 2015-03-03 13:04:05
Running from C:\Users\mclaurinemc74\Desktop\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{19C397A1-9C70-119F-E3BF-752C432FD217}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{1D7EB7E7-0B5D-4A23-A383-7EF133090026}) (Version: 2.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.)
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SaferBrowser (HKLM\...\SaferBrowser) (Version:  - SaferBrowser) <==== ATTENTION!
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.16.1 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list restore points.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0EEAE810-7ED7-40BB-AD2A-C2B604ADC0A6} - System32\Tasks\HPCeeScheduleFormclaurinemc74 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3A52955B-5D76-4CE2-8963-55CA95A45092} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3B80BBEE-8601-4320-AD95-DF6D9192D04E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-04] (CyberLink)
Task: {43C33E36-A5D6-4740-8A1A-32208A525F6C} - System32\Tasks\SaferBrowser Update Task => C:\Program Files\SaferBrowser\uninstall.exe [2014-12-14] ()
Task: {5DB454E9-8676-43E3-B0F7-A0712EE6357C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {62F7FB2B-E174-4B13-814F-69D8D76A2AF0} - System32\Tasks\Safer Browser StartUp => C:\Program Files\SaferBrowser\SaferBrowser.exe [2014-12-09] () <==== ATTENTION
Task: {6CDC5935-4172-4232-85C3-0761989E6A50} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-01] (Synaptics Incorporated)
Task: {70531865-04F6-4E54-AB44-120F25CA30BF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-03] (Avast Software s.r.o.)
Task: {753D71DC-5972-4D5E-93CD-C9A6DEC1629F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {854ED9EE-B9E7-4E5B-A952-F156CFB34AD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {94CA5720-7783-4209-A15A-AC6AB61E8F26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {A00FA7EC-4230-45A9-8F39-797447B8771A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AC5FDB5B-D5F4-4F3A-9E56-7520FB86F232} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {AD0AC242-F42A-4B33-89C0-19387FCE1A78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {AD4FBE70-8AEB-424F-BF03-C4C50C7FC5F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {CB054E37-D005-4DDC-B61E-5945E5AC0840} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CD1D836B-7573-46CF-8BC7-9AC66FE073E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormclaurinemc74.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 05:49 - 2013-09-25 05:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-25 05:48 - 2013-09-25 05:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 12:45 - 2014-12-09 12:59 - 01640448 _____ () C:\Program Files\SaferBrowser\SaferBrowser.exe
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-03-13 09:16 - 2013-08-04 23:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 14:48 - 2013-08-05 14:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 19:03 - 2015-02-17 14:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 19:03 - 2015-02-17 14:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 19:03 - 2015-02-17 14:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-03-03 12:59 - 2015-03-03 12:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-03 12:59 - 2015-03-03 12:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-03 12:59 - 2015-03-03 12:59 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15030300\algo.dll
2015-03-03 12:59 - 2015-03-03 12:59 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-03 12:59 - 2015-03-03 12:59 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-03 12:59 - 2015-03-03 12:59 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2015-03-03 12:59 - 2015-03-03 12:59 - 00985600 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\mclaurinemc74\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\StartupApproved\Run: => "network"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-256205407-3201302778-507034029-500 - Administrator - Disabled)
Guest (S-1-5-21-256205407-3201302778-507034029-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-256205407-3201302778-507034029-1004 - Limited - Enabled)
mclaurinemc74 (S-1-5-21-256205407-3201302778-507034029-1002 - Administrator - Enabled) => C:\Users\mclaurinemc74
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2015 00:53:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPSF.exe version 7.4.45.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3dc
 
Start Time: 01d055ea56031e95
 
Termination Time: 125
 
Application Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
 
Report Id: 54b8833a-c1e7-11e4-8297-a02bb833f092
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6406
 
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6406
 
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4765
 
Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4765
 
Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3140
 
Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3140
 
Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (03/03/2015 01:05:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
Error: (03/03/2015 01:05:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends on the following service: winmgmt. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (03/03/2015 00:53:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPSF.exe7.4.45.43dc01d055ea56031e95125C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe54b8833a-c1e7-11e4-8297-a02bb833f092
 
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6406
 
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6406
 
Error: (02/20/2015 07:15:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4765
 
Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4765
 
Error: (02/20/2015 07:15:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3140
 
Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3140
 
Error: (02/20/2015 07:15:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5000 APU with Radeon™ HD Graphics 
Percentage of memory in use: 56%
Total physical RAM: 3537.01 MB
Available physical RAM: 1554.93 MB
Total Pagefile: 4881.01 MB
Available Pagefile: 2866.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:444.25 GB) (Free:378.27 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.74 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 179F6E94)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:01:41 PM

Posted 04 March 2015 - 10:30 AM

Hi,

 

Great work; that took care of a LOT of stuff. :thumbup2:

 

However, there are a few more things we need to do.

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST. Many of these are simply orphans left behind from the last fix.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"
    C:\Program Files (x86)\Search Extensions
    HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    C:\Program Files (x86)\Itibiti Soft Phone
    S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
    S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
    S0 cfwids; system32\drivers\cfwids.sys [X]
    S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
    R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
    S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
    S0 mfefirek; system32\drivers\mfefirek.sys [X]
    R0 mfehidk; system32\drivers\mfehidk.sys [X]
    R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
    C:\Users\mclaurinemc74\Downloads\avast_free_antivirus_setup_online.exe
    C:\Users\mclaurinemc74\Downloads\revosetup.exe
    C:\ProgramData\McAfee
    C:\Program Files\Common Files\mcafee
    C:\Users\mclaurinemc74\AppData\Local\Temp\0161701425415988mcinst.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\mccspuninstall.exe
    C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    C:\Program Files (x86)\MyPC Backup
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Next, did something go wrong when trying to remove SaferBrowser? It's still installed, so I was wondering if you might have missed it. If the latter is the case, please uninstall it. If something else went wrong, let me know. :)

 

Windows Repair

Now then, it appears one of your important Windows services isn't working right, so I need you to repair your PC with Windows Repair.

  • Download Windows Repair from here, and save it to your desktop.
  • Open the installer, and follow the prompts to install the program. Once it's done, open Windows Repair.
  • Once it's open, click the Step 3: Optional tab. Click the Check button to see if your computer needs a CHKDSK to be ran. If it does, click the Do It button and follow the prompts to run CHKDSK. If it doesn't, proceed to the Step 4: Optional tab.
  • On this tab, click Do It to run the System File Checker. If it repairs any files, please reboot Windows. If it doesn't, proceed to the Repairs tab and click Open Repairs.
  • Temporarily disable your antivirus so that it doesn't interfere with any of the fixes that Windows Repair is going to run. If you don't know how to do that, see this topic.
  • Uncheck all of the repair options except for the following:

    Repair WMI

    Restore Important Windows Services

    Set Windows Services to Default Startup

    and click Start Repairs to begin the repairs.

  • Once the repairs are done running, click the View Logs button, and copy and paste the contents of _Windows_Repair_Log.txt into your reply. Re-enable your antivirus when done.

Lastly, please run another FRST scan so that I can get a fresh look at your system, and post the logs. Ensure that the Addition.txt option is checked, as well. :)

 

Also, please let me know how your computer is running.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 DaUub

DaUub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 04 March 2015 - 04:38 PM

Safer Browser is now gone, everything seems to be running smoothly. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by mclaurinemc74 at 2015-03-04 13:31:27 Run:2
Running from C:\Users\mclaurinemc74\Desktop\FRST
Loaded Profiles: mclaurinemc74 (Available profiles: mclaurinemc74)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"
C:\Program Files (x86)\Search Extensions
HKU\S-1-5-21-256205407-3201302778-507034029-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Program Files (x86)\Itibiti Soft Phone
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
S0 cfwids; system32\drivers\cfwids.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
C:\Users\mclaurinemc74\Downloads\avast_free_antivirus_setup_online.exe
C:\Users\mclaurinemc74\Downloads\revosetup.exe
C:\ProgramData\McAfee
C:\Program Files\Common Files\mcafee
C:\Users\mclaurinemc74\AppData\Local\Temp\0161701425415988mcinst.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\mccspuninstall.exe
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
C:\Program Files (x86)\MyPC Backup
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Search Extensions Program Files Data Uninstall => value deleted successfully.
C:\Program Files (x86)\Search Extensions => Moved successfully.
HKU\S-1-5-21-256205407-3201302778-507034029-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully.
"C:\Program Files (x86)\Itibiti Soft Phone" => File/Directory not found.
mfefire => Service deleted successfully.
mfevtp => Service deleted successfully.
cfwids => Service deleted successfully.
mfeapfk => Service deleted successfully.
mfeavfk => Unable to stop service
mfeavfk => Service deleted successfully.
mfeelamk => Service deleted successfully.
mfefirek => Service deleted successfully.
mfehidk => Unable to stop service
mfehidk => Service deleted successfully.
mfewfpk => Unable to stop service
mfewfpk => Service deleted successfully.
C:\Users\mclaurinemc74\Downloads\avast_free_antivirus_setup_online.exe => Moved successfully.
C:\Users\mclaurinemc74\Downloads\revosetup.exe => Moved successfully.
C:\ProgramData\McAfee => Moved successfully.
C:\Program Files\Common Files\mcafee => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\0161701425415988mcinst.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\mccspuninstall.exe => Moved successfully.
C:\Users\mclaurinemc74\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45898170-E68C-4F02-AA35-C2186BF347A3}\\SystemComponent => Value not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:31:46 ====


#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:01:41 PM

Posted 06 March 2015 - 06:47 AM

Hi,

 

Great work with the FRST fix, everything went well there. Very glad to hear things are running well. :)

 

However, did you run Windows Repair and the new FRST scan I asked for? If so, please post their logs. If not, please run them according to my previous instructions. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:01:41 PM

Posted 09 March 2015 - 10:56 AM

Hi,

It's been three days since my last post, so I am bumping the topic just in case you missed my previous reply. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#12 DaUub

DaUub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 09 March 2015 - 11:42 AM

Hey, I need more time to do Windows Repair I am almost finished though, sorry for the delay



#13 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:01:41 PM

Posted 09 March 2015 - 02:22 PM

No problem, thanks for letting me know. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:01:41 PM

Posted 15 March 2015 - 01:38 AM

Hi,

 

Are you still with me?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 DaUub

DaUub
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 15 March 2015 - 03:10 PM

Yes just having problems with the last removal




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users