livelyterry

Thank you very much for your help. I will go thru and read the info you suggested. I have Malwarebytes Premium installed and will put it on all my other computers too. Regards, Terry

Here is the results of security check: Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````

Well I ran the securitycheck.exe as you said, however when the checkup.txt opened, I thought it automatically saved a copy to the desktop. So I lost that file. Attached here is the fixlog.txt Let me know if you want me to do this process again. Sorry, Terry Fixlog.txt

It appears that everything is cleaned up, yay! Here are my files attached as per your instructions. Do you recommend any other software for protection other than malwarebytes. I have the premium edition. Thank you, Terry AdwCleanerS0.txt FRST.txt JRT.txt mwb.txt

Oh and there is this funky tool bar that keeps showing up in Explorer.

Ok I did everything you said. I have attached the results files from Malwarebytes last run. I still have all these ads from dealsfinder popping up. They seem to be what is hijacking my computer. Terry results1.txt results2.txt

Please help. My computer is infested. I keep getting hijacked with adware, etc. I used malwarebytes and it has not resolved the issue. I have followed your instructions and the files are attached. I'm happy to donate to someone who can help me get rid of this thing. Thanks, Terry FRST.txt Addition.txt

Can someone help me with this issue? I keep getting hijacked and can't remove with malwarebytes... Thanks, Terry

Sorry about the posts above. I have attached those files here as I understand it is easier for you guys to work with. Thanks so much. BTW, love the hunky Clint Eastwood pic guy on here who comes to save the day. :-) FRST.txt Addition.txt

and the addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014 Ran by Terry at 2014-12-28 10:48:41 Running from C:\Users\Terry\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) AdWords Editor (HKLM-x32\...\{C42BF735-5629-4A98-8D0A-036FC10174A5}) (Version: 11.0.1 - Google) AMD Catalyst Install Manager (HKLM\...\{37E4001C-918A-1D69-DC9F-F165576BA716}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AOL (HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.2 - Pokki) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CoffeeCup Free FTP (HKLM-x32\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.5.20 - CoffeeCup Software Inc.) CoffeeCup HTML Editor (HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\CoffeeCup HTML Editor) (Version: - ) CoffeeCup Photo Gallery (HKLM-x32\...\CoffeeCup Photo Gallery) (Version: - ) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden DoEaLsFFindErPProa (HKLM-x32\...\{779D1843-0043-65D2-D781-8614F17B6222}) (Version: - DealsFinderPro) <==== ATTENTION DVD Architect Studio 5.0 (HKLM-x32\...\{3822E74F-08F8-11E3-99EE-F04DA23A5C58}) (Version: 5.0.186 - Sony) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden FarmVille 2 (HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki) FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden ggReeatsaving (HKLM-x32\...\{439763FF-59EC-FF1D-B0B5-CB9E213A7A5C}) (Version: - "") GoPro Studio 2.5.3 (HKLM-x32\...\GoPro Studio) (Version: 2.5.3 - GoPro, Inc.) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Host App Service (HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\Pokki) (Version: 0.269.5.339 - Pokki) HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{154C7340-7C70-11E3-A15F-F04DA23A5C58}) (Version: 13.0.879 - Sony) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.2 - PC Utilities Software Limited) <==== ATTENTION Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden Start Menu (HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro) WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION! Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2548766314-2312191385-1633659169-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Terry\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 13-12-2014 09:13:20 Scheduled Checkpoint 14-12-2014 18:06:35 HPSF Applying updates 19-12-2014 15:13:38 Installed AdWords Editor 26-12-2014 22:52:51 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CE7C512-74D5-4C9D-8753-58FE11629616} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {194026DE-05DD-4BA9-9792-92029600AE9E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-26] (Microsoft Corporation) Task: {32A5494B-8C28-4161-8394-5381A99B0885} - System32\Tasks\HPCeeScheduleForTerry => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {3E35FE4B-3945-4FA5-B890-7D4058DECA90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH44S58283 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {5E5AC547-9442-4426-8A5B-270E4EA9886C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {7B1E05D0-1146-4FA4-B99E-27EABAD901DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B5056FDC-525D-47AF-A06C-B6053EBD9B07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2014-01-13] (Hewlett-Packard Company) Task: {BA8E5B3B-6D85-4F2C-8D31-D042902F2754} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.) Task: {C9E3BFC4-43C6-456C-B716-9976DE24861B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {CDFA284D-9BBE-4E13-99CD-826027F0E5E2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2548766314-2312191385-1633659169-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {D065B563-819C-4052-A8CB-CAB2E1ECC69B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.) Task: {D327EC3B-8183-4AFB-ACCD-BFFF62E143A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {E001441F-003A-4CD1-897C-7C604CA2A7CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {ED2A3578-89B5-4BCB-992F-87A77FD1AA46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: C:\Windows\Tasks\HPCeeScheduleForTerry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2014-06-05 22:42 - 2014-06-05 22:42 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2014-06-05 22:40 - 2014-06-05 22:40 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-12-07 16:05 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-12-27 09:22 - 2014-12-27 09:22 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-11-30 15:41 - 2014-11-30 15:41 - 04014592 _____ () c:\Program Files (x86)\FinestDealsforYou\reparingdesk.dll 2014-11-04 18:01 - 2014-11-04 18:01 - 01794560 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\GPSDKAnalyticsNet.dll 2014-12-23 10:21 - 2014-12-23 10:21 - 00562688 _____ () C:\ProgramData\ggReeatsaving\5dp0TCX3vp4GRB.dll 2014-12-23 10:22 - 2014-12-23 10:22 - 00559104 _____ () C:\ProgramData\DoEaLsFFindErPProa\Qo1Mfe2yn8UT5W.dll 2014-09-24 08:35 - 2014-09-24 08:35 - 00569856 _____ () C:\Users\Terry\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll 2014-09-24 08:35 - 2014-09-24 08:35 - 01400846 _____ () C:\Users\Terry\AppData\Local\Pokki\Engine\avcodec-54.dll 2014-09-24 08:35 - 2014-09-24 08:35 - 00151054 _____ () C:\Users\Terry\AppData\Local\Pokki\Engine\avutil-51.dll 2014-09-24 08:35 - 2014-09-24 08:35 - 00222734 _____ () C:\Users\Terry\AppData\Local\Pokki\Engine\avformat-54.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:054203E4 AlternateDataStreams: C:\ProgramData\Temp:10894A2E ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2548766314-2312191385-1633659169-500 - Administrator - Disabled) Guest (S-1-5-21-2548766314-2312191385-1633659169-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2548766314-2312191385-1633659169-1004 - Limited - Enabled) Terry (S-1-5-21-2548766314-2312191385-1633659169-1002 - Administrator - Enabled) => C:\Users\Terry ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/28/2014 10:44:21 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (12/28/2014 10:44:21 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (12/28/2014 10:17:25 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (12/28/2014 09:55:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: opbhobrokerdsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x10b8 Faulting application start time: 0xopbhobrokerdsktop.exe0 Faulting application path: opbhobrokerdsktop.exe1 Faulting module path: opbhobrokerdsktop.exe2 Report Id: opbhobrokerdsktop.exe3 Faulting package full name: opbhobrokerdsktop.exe4 Faulting package-relative application ID: opbhobrokerdsktop.exe5 Error: (12/27/2014 03:37:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d48 Start Time: 01d0221d4c2bbd9d Termination Time: 62 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: 9d39c48e-8e10-11e4-826a-8cdcd48b5a76 Faulting package full name: Faulting package-relative application ID: Error: (12/27/2014 03:25:35 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (12/27/2014 10:32:01 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (12/27/2014 09:35:51 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered . Error: (12/27/2014 09:35:51 AM) (Source: VSS) (EventID: 22) (User: ) Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and Name Coordinator is [0x80040154, Class not registered ]. Error: (12/27/2014 09:21:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37145156 System errors: ============= Error: (12/28/2014 10:10:40 AM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/28/2014 10:10:10 AM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/27/2014 03:10:18 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY) Description: The system watchdog timer was triggered. Error: (12/27/2014 02:58:39 PM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (12/27/2014 02:58:09 PM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (12/27/2014 10:19:00 AM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/27/2014 10:18:30 AM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/27/2014 10:04:00 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/26/2014 10:48:37 PM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/26/2014 10:48:07 PM) (Source: DCOM) (EventID: 10010) (User: Waxbarhome) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions: ========================= Error: (12/28/2014 10:44:21 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Terry\AppData\Local\Pokki\Engine\HostAppService.exe Error: (12/28/2014 10:44:21 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Terry\AppData\Local\Pokki\Engine\HostAppService.exe Error: (12/28/2014 10:17:25 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Terry\AppData\Local\Pokki\Engine\HostAppService.exe Error: (12/28/2014 09:55:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: opbhobrokerdsktop.exe8.0.1.115335c3d5unknown0.0.0.000000000c0000005000000000000000010b801d0221b95228301C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exeunknownfdb001c9-8ea9-11e4-826a-8cdcd48b5a76 Error: (12/27/2014 03:37:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.17416d4801d0221d4c2bbd9d62C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE9d39c48e-8e10-11e4-826a-8cdcd48b5a76 Error: (12/27/2014 03:25:35 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (12/27/2014 10:32:01 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Terry\AppData\Local\Pokki\Engine\HostAppService.exe Error: (12/27/2014 09:35:51 AM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80040154, Class not registered Error: (12/27/2014 09:35:51 AM) (Source: VSS) (EventID: 22) (User: ) Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80040154, Class not registered Error: (12/27/2014 09:21:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37145156 ==================== Memory info =========================== Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 39% Total physical RAM: 5055.44 MB Available physical RAM: 3056.93 MB Total Pagefile: 5887.44 MB Available Pagefile: 3660.23 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:906.17 GB) (Free:848.75 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:24.32 GB) (Free:2.43 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 10745B49) Partition: GPT Partition Type. ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by Terry (administrator) on WAXBARHOME on 28-12-2014 10:47:20 Running from C:\Users\Terry\Downloads Loaded Profile: Terry (Available profiles: Terry) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Pokki) C:\Users\Terry\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe (GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe (Pokki) C:\Users\Terry\AppData\Local\Pokki\Engine\HostAppService.exe (Pokki) C:\Users\Terry\AppData\Local\Pokki\Engine\HostAppService.exe (Pokki) C:\Users\Terry\AppData\Local\Pokki\Engine\StartMenuIndexer.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-12-14] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-21] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\...\RunOnce: [Application Restart #4] => C:\Users\Terry\AppData\Local\Pokki\Engine\HostAppService.exe [7842632 2014-12-20] (Pokki) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.genbook.com/ HKU\S-1-5-21-2548766314-2312191385-1633659169-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_46_ie&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzz0ByD0AyByCzzyCtCyCtN0D0Tzu0StCtDyEyCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DzztAtA0E0DzytG0AyDzzzztG0CtB0E0CtGzztB0FyCtGyCyEyEyE0DyDyE0EtAtA0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyCzzyEtC0FzztG0E0A0EyDtGyE0DtDyDtG0Azy0F0BtG0CzztA0ByEyCtAtDtBtBtCtC2Q&cr=1768331797&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_46_ie&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzz0ByD0AyByCzzyCtCyCtN0D0Tzu0StCtDyEyCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DzztAtA0E0DzytG0AyDzzzztG0CtB0E0CtGzztB0FyCtGyCyEyEyE0DyDyE0EtAtA0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyCzzyEtC0FzztG0E0A0EyDtGyE0DtDyDtG0Azy0F0BtG0CzztA0ByEyCtAtDtBtBtCtC2Q&cr=1768331797&ir= SearchScopes: HKLM -> {BCB4CD12-17AA-4F89-94F4-8A2A915F1920} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {BCB4CD12-17AA-4F89-94F4-8A2A915F1920} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2548766314-2312191385-1633659169-1002 -> DefaultScope {A2016108-B16B-488B-B51C-16E703DBC20C} URL = https://search.yahoo.com/search?fr=mcafee&type=B014US0D20141223&p={SearchTerms} SearchScopes: HKU\S-1-5-21-2548766314-2312191385-1633659169-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_46_ie&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzz0ByD0AyByCzzyCtCyCtN0D0Tzu0StCtDyEyCtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DzztAtA0E0DzytG0AyDzzzztG0CtB0E0CtGzztB0FyCtGyCyEyEyE0DyDyE0EtAtA0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyCzzyEtC0FzztG0E0A0EyDtGyE0DtDyDtG0Azy0F0BtG0CzztA0ByEyCtAtDtBtBtCtC2Q&cr=1768331797&ir= SearchScopes: HKU\S-1-5-21-2548766314-2312191385-1633659169-1002 -> {A2016108-B16B-488B-B51C-16E703DBC20C} URL = https://search.yahoo.com/search?fr=mcafee&type=B014US0D20141223&p={SearchTerms} SearchScopes: HKU\S-1-5-21-2548766314-2312191385-1633659169-1002 -> {BCB4CD12-17AA-4F89-94F4-8A2A915F1920} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: ggReeatsaving -> {2e976a23-df0f-4394-8097-997420b8d1db} -> C:\ProgramData\ggReeatsaving\5dp0TCX3vp4GRB.x64.dll () BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: DoEaLsFFindErPProa -> {8e284b23-665e-46b7-a553-c58f067cefe0} -> C:\ProgramData\DoEaLsFFindErPProa\Qo1Mfe2yn8UT5W.x64.dll () BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: ggReeatsaving -> {2e976a23-df0f-4394-8097-997420b8d1db} -> C:\ProgramData\ggReeatsaving\5dp0TCX3vp4GRB.dll () BHO-x32: DoEaLsFFindErPProa -> {8e284b23-665e-46b7-a553-c58f067cefe0} -> C:\ProgramData\DoEaLsFFindErPProa\Qo1Mfe2yn8UT5W.dll () BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 216.177.160.60 216.177.160.61 192.168.1.1 FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 266f3677; c:\Program Files (x86)\FinestDealsforYou\reparingdesk.dll [4014592 2014-11-30] () [File not signed] R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-05] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-21] (Synaptics Incorporated) R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-12-14] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-12-14] (Advanced Micro Devices, Inc. ) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-12-14] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-12-14] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-21] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 GENERICDRV; \??\C:\swsetup\sp69846\amifldrv64.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1 C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1 C:\Windows\system32\DRIVERS\Accelerometer.sys F39180029723D7779C80360F9E255709 C:\Windows\System32\drivers\ACPI.sys 9539F7917B4B6D92C90F0FAA6B86C605 C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813 C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65 C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7 C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5 C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8 C:\Windows\System32\DRIVERS\ahcache.sys 8E8E34B7BA059050EED827410D0697A2 C:\Windows\System32\drivers\AmdAS4.sys C3E8F88B4D196110673DA03E2E95D83B C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729 C:\Windows\system32\DRIVERS\amdkmcsp.sys 02F26B62F44850545B78850B662C9EB5 C:\Windows\system32\DRIVERS\atikmdag.sys C28F48A1030B3F1D8CB77C10FC0091FB C:\Windows\system32\DRIVERS\atikmpag.sys 62926583F72143241921D7DA78509CCA C:\Windows\System32\drivers\amdkmpfd.sys C04F35935BF6274F5593B78C7B295760 C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3 C:\Windows\System32\DRIVERS\amdpsp.sys 1EDE6ADCA69E2F44EE2628DD4DAA30C5 C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2 C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50 C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B C:\Windows\system32\DRIVERS\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD C:\Windows\system32\drivers\AtihdWB6.sys 517334A411CD079EE9AEF4C2167875A5 C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68 C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768 C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21 C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6 C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697 C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7 C:\Windows\System32\drivers\bthhfenum.sys 746B9F94214915AECDE4B7FEA5FF9664 C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07 C:\Windows\System32\drivers\bthmodem.sys 66B791F6B11DC4303DD18A224A501542 C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9 C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 5C646CAC91E086F7FF53C7F2E857F263 C:\Windows\system32\DRIVERS\clwvd.sys 9731DAFDC7B690B2C7752FDFF045BFD8 C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB C:\Windows\System32\Drivers\cng.sys 4E1207CE16E615B0B7A70DC889F4500E C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905 C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2 C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93 C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248 C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85 C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F C:\Windows\system32\drivers\drmkaud.sys DDC11A202207C0400CBE07315B8FDE5E C:\Windows\System32\drivers\dxgkrnl.sys 313DCE665B57000B18CB26C6B6A10DFE C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9 C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3 C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4 C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265 C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A C:\Windows\System32\drivers\fltmgr.sys 6592D192E2823C043EDBC010E7774053 C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42 C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015 C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1 C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19 C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593 C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926 C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906 C:\Windows\System32\drivers\hidbth.sys 1EA1B4FABB8CC348E73CA90DBA22E104 C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17 C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95 C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4 C:\Windows\System32\DRIVERS\hpdskflt.sys 8B8E6BD988EAF18C1B86704BF05E5C03 C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1 C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25 C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541 C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05 C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2 C:\Windows\system32\drivers\RTKVHD64.sys 44ED7064A8CFF33E6D2BCC81412145F7 C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157 C:\Windows\System32\drivers\intelpep.sys A770340FC02B999EF0DE6C2A6BC8437C C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9 C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514 C:\Windows\System32\drivers\IPMIDrv.sys 9C096BF5E10CA8BFA56F32522A89FAF1 C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97 C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21 C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885 C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05 C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0 C:\Windows\System32\Drivers\ksecpkg.sys 6D2EE96150E35B9EA49F2B481DE0369A C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8 C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141 C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191 C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4 C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363 C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378 C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9 C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06 C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9 C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56 C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2 C:\Windows\system32\drivers\mrxdav.sys 1D55DADC22D21883A2F80297F5A5AE48 C:\Windows\System32\DRIVERS\mrxsmb.sys 7A1A3F213CDB3363D179D5014272025D C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E C:\Windows\System32\DRIVERS\mrxsmb20.sys C910E5D18958914A66F0E45689D0B40A C:\Windows\system32\DRIVERS\bridge.sys E0927EFA25D473367C3341B9F5969779 C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08 C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31 C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D C:\Windows\system32\DRIVERS\mslldp.sys 375E44168F2DFB91A68B8A3F619C5A7C C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6 C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8 C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0 C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2 C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365 C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F C:\Windows\system32\DRIVERS\nwifi.sys 26ACA481FAFEC59FE311D719E3027BBA C:\Windows\System32\drivers\ndis.sys E4B4BE2D7750849C07589DA0B0AABA01 C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB C:\Windows\system32\DRIVERS\NdisImPlatform.sys B1AA3B19A2E596A59224F893E01A5A75 C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92 C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59 C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244 C:\Windows\System32\drivers\Ndu.sys 5A072F0B90C29C5233D78BE33EF5ED78 C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351 C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827 C:\Windows\System32\Drivers\Ntfs.sys 038C77D577900EE39410662478BB0D50 C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904 C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8 C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49 C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4 C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4 C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397 C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D C:\Windows\System32\drivers\pdc.sys 24A8DFC07E4BAF29AEA26E383D4CC886 C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6 C:\Windows\system32\DRIVERS\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7 C:\Windows\system32\drivers\qwavedrv.sys 3FB466684609A4329858CF2EBD62E0FD C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905 C:\Windows\system32\DRIVERS\AgileVpn.sys 674A4702E4E144E8710ED1A2EC6DD049 C:\Windows\system32\DRIVERS\rasl2tp.sys BBB6272B7F46C4640A8CDB8A70C3450F C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A C:\Windows\system32\DRIVERS\rassstp.sys 2B0F1677CDD08967005F34488559BC6F C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051 C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32 C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF C:\Windows\System32\drivers\rdpvideominiport.sys 9F08A6608F98B5407E7DDBCF306573EF C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6 C:\Windows\System32\Drivers\ReFS.sys E515A287C8FAE901EB8FB42F168E14F2 C:\Windows\system32\DRIVERS\RtsP2Stor.sys 6A940599A059C6C9D6E54D7A3EF356B8 C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC C:\Windows\system32\DRIVERS\Rt630x64.sys 7CC0D898D00675F14BA0C4BF056C1CF4 C:\Windows\system32\DRIVERS\rtwlane.sys C59466B2D16EB041525C3ADBA6B981BE C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0 C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7 C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7 C:\Windows\System32\drivers\sdbus.sys 7B7C482CF48E6EE33664340D1A78E6FE C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89 C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431 C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166 C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764 C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys 32B3FB238A26267D358D7159B9171505 C:\Windows\System32\drivers\Smb_driver_Intel.sys B71EF473D8B90A2C4DC76B03E382DEE6 C:\Windows\System32\drivers\spaceport.sys 240C5C3793206725AA05665851E8C214 C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34 C:\Windows\System32\DRIVERS\srv.sys 6416E79A58A8FCC33A447A4DDDD3BF04 C:\Windows\System32\DRIVERS\srv2.sys 5BED3AB69797C8786EF70AEA8C33748B C:\Windows\System32\DRIVERS\srvnet.sys D047CD668E6277FD80F0C613946F034C C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90 C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50 C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3 C:\Windows\system32\DRIVERS\SynTP.sys CDA92383EFB52846B7894280A559C330 C:\Windows\System32\drivers\tcpip.sys CCB3A2BB60FE5073F2DEA63FE83CF8FE C:\Windows\system32\DRIVERS\tcpip.sys CCB3A2BB60FE5073F2DEA63FE83CF8FE C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4 C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431 C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626 C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93 C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254 C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242 C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54 C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B C:\Windows\System32\drivers\ucx01000.sys B034A41891A36457B994307DFA772293 C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21 C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9 C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034 C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8 C:\Windows\System32\drivers\usbcir.sys B3D6457D841A0CAEF4C52D88621715F2 C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696 C:\Windows\System32\drivers\usbhub.sys FEF0BC107812B36849741C3211BA6B60 C:\Windows\System32\drivers\UsbHub3.sys 65392F3F3F65E4C6CC82A0F4F8A0B051 C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C C:\Windows\System32\drivers\USBSTOR.SYS 66732C13628BDB1AB0D6FD46027327C2 C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7 C:\Windows\System32\Drivers\usbvideo.sys 18F744E8CCEB2670040EBAF7AD77B8C6 C:\Windows\System32\drivers\USBXHCI.SYS 48430B0313FC1CFE3D2400553F1A93CD C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562 C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD C:\Windows\System32\drivers\vhdmp.sys 52E483A3701A5A61A75A06993720347D C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199 C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744 C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7 C:\Windows\System32\drivers\volsnap.sys 64CA2B4A49A8EAF495E435623ECCE7DB C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07 C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0 C:\Windows\system32\DRIVERS\vwififlt.sys 35BF5C5F5E3C9902C98978C7640574DA C:\Windows\system32\DRIVERS\vwifimp.sys 65ED7B9CFEA893DF7748D5FF692690DE C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763 C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763 C:\Windows\System32\drivers\WdBoot.sys 0359607177E5E9F6041136CC0A5CB0B6 C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D C:\Windows\System32\drivers\WdFilter.sys DE8D12B4C3F55FA2C5E9774314F6C58A C:\Windows\System32\Drivers\WdNisDrv.sys 4AD874CDC812EC156265E451B6B09DAB C:\Windows\System32\DRIVERS\wfplwfs.sys BFBE1C5F57FE7A885673A1962D5532B7 C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA C:\Windows\system32\DRIVERS\WinUsb.sys AC263C2F66405589528995AA41040599 C:\Windows\System32\drivers\WirelessButtonDriver64.sys 4F2A80D65AE6F845776E2F06AE6782ED C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128 C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09 C:\Windows\System32\DRIVERS\wpcfltr.sys 182561A14F2E93E81E66FE3700D17A5A C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572 C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F C:\Windows\system32\DRIVERS\WSDScan.sys D38297814FB6E33655342D869996E617 C:\Windows\System32\drivers\WudfPf.sys D537815E450A149752C15868392AD1F3 C:\Windows\System32\drivers\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-28 10:47 - 2014-12-28 10:47 - 00036730 _____ () C:\Users\Terry\Downloads\FRST.txt 2014-12-28 10:46 - 2014-12-28 10:47 - 00000000 ____D () C:\FRST 2014-12-28 10:37 - 2014-12-28 10:37 - 02123264 _____ (Farbar) C:\Users\Terry\Downloads\FRST64.exe 2014-12-28 09:55 - 2014-12-28 09:55 - 00000000 ____D () C:\Users\Terry\AppData\Local\CrashDumps 2014-12-28 09:54 - 2014-12-28 10:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-28 09:54 - 2014-12-28 09:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-28 09:54 - 2014-12-28 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-28 09:54 - 2014-12-28 09:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-28 09:54 - 2014-12-28 09:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-28 09:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-28 09:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-28 09:53 - 2014-12-28 10:18 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-28 09:53 - 2014-12-28 09:53 - 00000000 ____D () C:\Users\Terry\Desktop\mbam-chameleon-3.1.7.0 2014-12-28 09:52 - 2014-12-28 09:52 - 04909382 _____ () C:\Users\Terry\Desktop\mbam-chameleon-3.1.7.0.zip 2014-12-27 15:29 - 2014-12-27 15:29 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\WildTangent 2014-12-27 15:28 - 2014-12-27 15:28 - 00000000 ____D () C:\Program Files (x86)\RoyaollCoeupoN 2014-12-27 15:27 - 2014-12-27 15:27 - 00000000 ____D () C:\Program Files\McAfee 2014-12-27 10:05 - 2014-12-27 10:06 - 00000000 ____D () C:\NPE 2014-12-27 10:02 - 2014-12-27 14:05 - 00000000 ____D () C:\Users\Terry\AppData\Local\NPE 2014-12-27 10:02 - 2014-12-27 10:03 - 00000000 ____D () C:\ProgramData\Norton 2014-12-27 09:35 - 2014-12-27 09:36 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\McAfee TechCheck 2014-12-23 12:48 - 2014-12-27 14:54 - 00000000 ____D () C:\Users\Terry\Documents\McAfee Vaults 2014-12-23 12:44 - 2014-10-30 05:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-23 12:37 - 2014-12-23 12:37 - 00002435 _____ () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk 2014-12-23 12:35 - 2014-12-27 15:10 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-12-23 12:24 - 2014-12-23 12:24 - 05292448 _____ (McAfee, Inc.) C:\Users\Terry\Downloads\McAfeeSetup-AutoLogin.exe 2014-12-23 10:22 - 2014-12-23 14:22 - 00000000 ____D () C:\ProgramData\DoEaLsFFindErPProa 2014-12-23 10:21 - 2014-12-23 14:22 - 00000000 ____D () C:\ProgramData\ggReeatsaving 2014-12-19 15:31 - 2014-12-28 10:10 - 00000000 ____D () C:\ProgramData\RoyaollCoeupoN 2014-12-19 15:14 - 2014-12-19 15:14 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor 2014-12-19 15:14 - 2014-12-19 15:14 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Google 2014-12-19 15:14 - 2014-12-19 15:14 - 00000000 ____D () C:\Users\Terry\AppData\Local\Google 2014-12-17 10:08 - 2014-12-17 10:08 - 00022528 _____ () C:\Users\Terry\AppData\Local\dsisetup2373821562.exe 2014-12-15 17:56 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-12-15 17:55 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2014-12-14 19:41 - 2014-12-14 19:41 - 03593432 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys 2014-12-14 19:35 - 2014-12-14 19:34 - 58487808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2014-12-14 19:35 - 2014-12-14 19:34 - 03943384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2014-12-14 19:35 - 2014-12-14 19:34 - 02833112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2014-12-14 19:35 - 2014-12-14 19:34 - 02797784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2014-12-14 19:35 - 2014-12-14 19:34 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2014-12-14 19:35 - 2014-12-14 19:34 - 01011171 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT 2014-12-14 19:35 - 2014-12-14 19:34 - 00948440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2014-12-14 19:35 - 2014-12-14 19:34 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2014-12-14 19:06 - 2014-12-14 19:06 - 00000032 _____ () C:\hpsimplepass.log 2014-12-14 18:38 - 2014-12-14 18:38 - 00066065 _____ () C:\Windows\SysWOW64\CCCInstall_201412141838279055.log 2014-12-14 18:38 - 2014-12-14 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-12-14 18:38 - 2014-12-14 18:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-12-14 18:37 - 2014-12-14 18:37 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-12-14 18:33 - 2014-12-14 18:33 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\ATI 2014-12-14 18:33 - 2014-12-14 18:33 - 00000000 ____D () C:\Users\Terry\AppData\Local\ATI 2014-12-14 18:33 - 2014-12-14 18:32 - 00222720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWB6.sys 2014-12-14 18:33 - 2014-12-14 18:32 - 00142848 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\amdacpksl.sys 2014-12-14 18:33 - 2014-12-14 18:32 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 27186176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 23905280 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 22860800 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 13943296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2014-12-14 18:32 - 2014-12-14 18:32 - 08764952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap 2014-12-14 18:32 - 2014-12-14 18:32 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap 2014-12-14 18:32 - 2014-12-14 18:32 - 00870912 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00826368 _____ (AMD) C:\Windows\system32\coinst_13.352.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00630784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2014-12-14 18:32 - 2014-12-14 18:32 - 00588464 _____ () C:\Windows\SysWOW64\atiapfxx.blb 2014-12-14 18:32 - 2014-12-14 18:32 - 00588464 _____ () C:\Windows\system32\atiapfxx.blb 2014-12-14 18:32 - 2014-12-14 18:32 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe 2014-12-14 18:32 - 2014-12-14 18:32 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00415232 _____ () C:\Windows\system32\amdmiracast.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00372736 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2014-12-14 18:32 - 2014-12-14 18:32 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2014-12-14 18:32 - 2014-12-14 18:32 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat 2014-12-14 18:32 - 2014-12-14 18:32 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat 2014-12-14 18:32 - 2014-12-14 18:32 - 00230912 _____ () C:\Windows\system32\clinfo.exe 2014-12-14 18:32 - 2014-12-14 18:32 - 00230088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\Drivers\amdpsp.sys 2014-12-14 18:32 - 2014-12-14 18:32 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00120320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\tbaseregistry64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00102400 _____ (AMD) C:\Windows\system32\pspcoins.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00099840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\tbaseregistry32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00085704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\Drivers\amdkmcsp.sys 2014-12-14 18:32 - 2014-12-14 18:32 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00082112 _____ () C:\Windows\system32\ativce02.dat 2014-12-14 18:32 - 2014-12-14 18:32 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00077824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdumcsp.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00059392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdumcsp.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00042544 _____ () C:\Windows\system32\kapp_ci.sbin 2014-12-14 18:32 - 2014-12-14 18:32 - 00038544 _____ () C:\Windows\system32\kapp_si.sbin 2014-12-14 18:32 - 2014-12-14 18:32 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00016384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\t-base_client_api.dll 2014-12-14 18:32 - 2014-12-14 18:32 - 00012288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\t-base_client_api.dll 2014-12-14 17:35 - 2014-12-14 17:35 - 00004684 _____ () C:\Users\Terry\Desktop\waxingsalon.htm 2014-12-14 16:34 - 2014-12-27 15:28 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Skype 2014-12-14 16:34 - 2014-12-14 16:34 - 00000000 ____D () C:\Users\Terry\AppData\Local\Skype 2014-12-14 14:01 - 2014-12-14 14:01 - 00006145 _____ () C:\Users\Terry\Desktop\menswaxing.htm 2014-12-13 16:53 - 2014-12-13 16:53 - 00000000 ____D () C:\ProgramData\13154038495445008118 2014-12-13 14:01 - 2014-12-27 15:28 - 00000000 ____D () C:\ProgramData\Skype 2014-12-13 14:00 - 2014-11-26 15:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-13 14:00 - 2014-11-26 15:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-13 13:55 - 2014-12-13 13:55 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-13 13:36 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll 2014-12-13 13:36 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 13:36 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-13 13:36 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-13 12:58 - 2014-12-03 17:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-13 12:58 - 2014-12-03 17:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-13 12:58 - 2014-12-02 17:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-13 12:58 - 2014-12-02 17:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-13 12:58 - 2014-12-02 17:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-13 12:58 - 2014-12-02 17:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-13 12:58 - 2014-12-02 17:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-13 12:58 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-13 12:58 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-13 12:58 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-13 12:58 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-13 12:58 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-13 12:58 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-13 12:58 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-13 12:58 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-13 12:58 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2014-12-13 12:58 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-13 12:58 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-13 12:58 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-13 12:57 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-13 12:57 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-13 12:57 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-13 12:57 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-13 12:57 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-13 12:57 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-13 12:57 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-13 12:57 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-13 12:57 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-13 12:57 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-13 12:57 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-13 12:57 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-13 12:57 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-13 12:57 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-13 12:57 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-13 12:57 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-13 12:57 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-13 12:57 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-13 12:57 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-13 12:57 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-13 12:57 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-13 12:57 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-13 12:57 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-13 12:57 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-13 12:57 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-13 12:57 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-13 12:57 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-13 12:57 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-13 12:57 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-13 12:57 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-13 12:57 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-13 12:57 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-13 12:57 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-13 12:57 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-13 12:57 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-13 11:29 - 2014-12-13 11:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-12-07 16:22 - 2014-12-07 16:22 - 00037469 _____ () C:\Users\Terry\Documents\lipsA-Z.pptx 2014-12-07 16:11 - 2014-12-07 16:11 - 00003100 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2548766314-2312191385-1633659169-1002 2014-12-07 16:11 - 2014-12-07 16:11 - 00000000 __RHD () C:\MSOCache 2014-12-07 16:11 - 2014-12-07 16:11 - 00000000 ___RD () C:\Users\Terry\OneDrive 2014-12-07 16:11 - 2014-12-07 16:11 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-12-07 16:06 - 2014-12-07 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-12-07 16:05 - 2014-12-27 09:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-07 16:05 - 2014-12-07 16:05 - 01057968 _____ (Microsoft Corporation) C:\Users\Terry\Downloads\Setup.X86.en-US_O365HomePremRetail_4804e416-639d-4871-820b-793566dc3824_TX_PR_.exe 2014-12-03 16:17 - 2014-12-03 16:17 - 00001840 _____ () C:\Users\Terry\Desktop\MovieStudioPlatinum130.exe - Shortcut.lnk 2014-12-03 15:40 - 2014-12-03 15:40 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Publish Providers 2014-12-03 15:33 - 2014-12-03 15:33 - 00000000 ____D () C:\Users\Public\Pokki 2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Apple Computer 2014-12-03 15:15 - 2014-12-13 13:44 - 00000000 ____D () C:\Users\Terry\Documents\Movie Studio Platinum 13.0 Projects 2014-12-03 15:08 - 2014-12-03 15:08 - 00022528 _____ () C:\Users\Terry\AppData\Local\dsisetup3695832182.exe 2014-12-03 15:07 - 2014-12-23 12:36 - 00002342 _____ () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2014-12-03 15:07 - 2014-12-14 16:36 - 00002171 _____ () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk 2014-12-03 15:07 - 2014-12-03 15:08 - 00002499 _____ () C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk 2014-12-03 15:02 - 2014-12-03 15:15 - 00000000 ____D () C:\Users\Terry\AppData\Local\Sony 2014-12-03 15:02 - 2014-12-03 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-12-03 15:02 - 2014-12-03 15:13 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-12-03 15:02 - 2014-12-03 15:02 - 00000000 ____D () C:\Program Files\Sony 2014-12-03 15:01 - 2014-12-03 15:13 - 00000000 ____D () C:\ProgramData\Sony 2014-12-03 15:00 - 2014-12-03 16:17 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Sony 2014-12-03 14:25 - 2014-12-03 14:59 - 00000000 ____D () C:\Users\Terry\Desktop\Sony Movie Studio 13 Platinum (Download) 2014-11-30 15:41 - 2014-11-30 15:41 - 00000000 ____D () C:\Program Files (x86)\FinestDealsforYou 2014-11-29 17:16 - 2014-11-29 17:16 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-11-29 17:16 - 2014-11-29 17:16 - 00001864 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-11-29 17:16 - 2014-11-29 17:16 - 00000000 ____D () C:\Windows\System32\Tasks\Apple 2014-11-29 17:16 - 2014-11-29 17:16 - 00000000 ____D () C:\Users\Terry\AppData\Local\Apple 2014-11-29 17:16 - 2014-11-29 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-11-29 17:16 - 2014-11-29 17:16 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-11-29 17:16 - 2014-11-29 17:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-11-29 09:22 - 2014-11-30 16:15 - 00000000 ____D () C:\Users\Public\CineForm 2014-11-29 09:22 - 2014-11-29 17:28 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\GoPro 2014-11-29 09:22 - 2014-11-29 09:22 - 00001135 _____ () C:\Users\Terry\Desktop\GoPro Studio.lnk 2014-11-29 09:22 - 2014-11-29 09:22 - 00000000 ____D () C:\Users\Terry\AppData\Local\GoPro 2014-11-29 09:22 - 2014-11-29 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro 2014-11-29 09:22 - 2014-11-29 09:22 - 00000000 ____D () C:\Program Files\DIFX 2014-11-29 09:22 - 2014-11-29 09:22 - 00000000 ____D () C:\Program Files (x86)\CineForm 2014-11-29 09:13 - 2014-11-29 17:16 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-11-29 09:13 - 2014-11-29 09:22 - 00000000 ____D () C:\Program Files (x86)\GoPro ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-28 10:42 - 2014-11-08 11:04 - 00000000 ____D () C:\Users\Terry\Documents\Youcam 2014-12-28 10:41 - 2014-09-18 12:30 - 00632912 _____ () C:\Windows\SysWOW64\rootpa.e2e 2014-12-28 10:40 - 2014-03-18 03:44 - 00019720 _____ () C:\Windows\PFRO.log 2014-12-28 10:40 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-28 10:39 - 2014-09-18 12:20 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2014-12-28 10:34 - 2014-11-08 10:59 - 02092169 _____ () C:\Windows\WindowsUpdate.log 2014-12-28 10:11 - 2014-09-18 12:46 - 00000000 ____D () C:\ProgramData\McAfee 2014-12-28 10:11 - 2014-09-18 12:46 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-12-28 10:11 - 2014-04-02 04:25 - 00000000 ____D () C:\Windows\Panther 2014-12-28 10:09 - 2014-11-08 11:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2548766314-2312191385-1633659169-1002 2014-12-28 10:08 - 2014-11-11 08:08 - 00000223 _____ () C:\Users\Terry\AppData\Roaming\WB.CFG 2014-12-28 10:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-28 09:50 - 2014-11-08 11:06 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EBCF1BCC-E6AD-49C1-8FA9-A56F5A809C64} 2014-12-28 09:47 - 2014-11-08 11:01 - 00000000 ____D () C:\Users\Terry\AppData\Local\Pokki 2014-12-27 15:30 - 2014-09-18 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-27 15:30 - 2014-09-18 12:37 - 00000000 ____D () C:\Program Files (x86)\WildGames 2014-12-27 15:29 - 2014-11-11 07:48 - 00000000 ____D () C:\ProgramData\b68c88518ad03ef6 2014-12-27 15:29 - 2014-09-18 12:37 - 00000000 ____D () C:\ProgramData\WildTangent 2014-12-27 15:29 - 2014-09-18 12:37 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2014-12-27 15:10 - 2014-11-10 07:02 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForTerry.job 2014-12-27 15:03 - 2013-08-22 09:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-12-27 15:03 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-27 14:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-27 10:11 - 2014-11-10 07:02 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTerry 2014-12-27 10:04 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-12-23 12:39 - 2014-03-18 03:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-23 12:32 - 2013-08-22 08:44 - 00501048 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-23 12:29 - 2014-04-29 20:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2014-12-23 10:06 - 2014-11-10 07:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-12-23 10:06 - 2014-11-10 07:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-12-20 18:48 - 2014-11-11 07:10 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\FileZilla 2014-12-20 17:59 - 2014-11-08 12:32 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\CoffeeCup Software 2014-12-19 16:57 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-17 10:08 - 2014-11-13 07:08 - 00000001 _____ () C:\Users\Terry\AppData\Local\DSI.DAT 2014-12-16 08:27 - 2014-11-08 13:00 - 00000000 ____D () C:\Users\Terry\Desktop\Websites 2014-12-15 14:33 - 2014-11-11 11:23 - 00107008 ___SH () C:\Users\Terry\Desktop\Thumbs.db 2014-12-14 19:41 - 2014-09-18 12:21 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-12-14 19:41 - 2014-03-31 19:07 - 00000000 ____D () C:\SWSetup 2014-12-14 19:37 - 2014-09-18 12:22 - 00000000 ___HD () C:\Program Files (x86)\Temp 2014-12-14 19:35 - 2014-09-18 12:23 - 00005714 _____ () C:\Windows\system32\Drivers\rtkhdasetting.zip 2014-12-14 19:35 - 2014-09-18 12:23 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM 2014-12-14 19:35 - 2013-08-22 08:46 - 00025768 _____ () C:\Windows\setupact.log 2014-12-14 19:07 - 2014-04-29 20:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-12-14 18:54 - 2014-09-18 12:27 - 00000000 ____D () C:\Windows\Hewlett-Packard 2014-12-14 18:51 - 2014-11-08 12:52 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\hpqlog 2014-12-14 18:41 - 2014-09-18 12:34 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-12-14 18:38 - 2014-09-18 12:20 - 00000000 ____D () C:\ProgramData\AMD 2014-12-14 18:38 - 2014-09-18 12:19 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-12-14 18:32 - 2014-03-15 16:52 - 10920224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 10177112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 10166216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 07896632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 06715752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 01329864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 01107384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2014-12-14 18:32 - 2014-03-15 16:52 - 00099008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2014-12-14 18:32 - 2014-03-15 16:17 - 28426752 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2014-12-14 18:32 - 2014-03-15 15:01 - 01168896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2014-12-14 18:32 - 2014-03-15 15:00 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2014-12-13 15:03 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache 2014-12-13 14:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-13 14:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-13 13:55 - 2014-11-14 08:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-13 13:55 - 2014-11-11 10:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-13 13:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-13 13:52 - 2014-11-11 10:13 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-13 13:22 - 2014-09-18 12:34 - 00000000 ____D () C:\ProgramData\Temp 2014-12-07 16:11 - 2014-11-08 11:01 - 00000000 ____D () C:\Users\Terry 2014-12-07 16:06 - 2014-11-08 11:02 - 00000000 ____D () C:\Users\Terry\AppData\Local\VirtualStore 2014-12-07 16:05 - 2014-11-08 13:34 - 00039936 ___SH () C:\Users\Terry\Downloads\Thumbs.db 2014-11-30 15:41 - 2014-11-11 07:08 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-11-29 09:22 - 2014-09-18 12:21 - 00011370 _____ () C:\Windows\DPINST.LOG 2014-11-29 09:13 - 2014-09-18 12:18 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-29 08:26 - 2014-03-18 03:38 - 00000000 ____D () C:\Program Files\Windows Journal 2014-11-29 08:26 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-29 08:26 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-29 08:26 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-11-29 08:26 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-11-29 08:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2014-11-29 08:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod 2014-11-29 08:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\setup 2014-11-29 08:26 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\oobe Some content of TEMP: ==================== C:\Users\Terry\AppData\Local\Temp\Extract.exe C:\Users\Terry\AppData\Local\Temp\McAfeeChat.exe C:\Users\Terry\AppData\Local\Temp\mccspuninstall.exe C:\Users\Terry\AppData\Local\Temp\oct2E5F.tmp.exe C:\Users\Terry\AppData\Local\Temp\octDFC8.tmp.exe C:\Users\Terry\AppData\Local\Temp\ScanBy.dll C:\Users\Terry\AppData\Local\Temp\SkypeSetup.exe C:\Users\Terry\AppData\Local\Temp\SP67280.exe C:\Users\Terry\AppData\Local\Temp\SP67286.exe C:\Users\Terry\AppData\Local\Temp\SP67289.exe C:\Users\Terry\AppData\Local\Temp\SP67743.exe C:\Users\Terry\AppData\Local\Temp\SP68419.exe C:\Users\Terry\AppData\Local\Temp\SP68864.exe C:\Users\Terry\AppData\Local\Temp\SP69229.exe C:\Users\Terry\AppData\Local\Temp\SP69401.exe C:\Users\Terry\AppData\Local\Temp\SP69411.exe C:\Users\Terry\AppData\Local\Temp\SP69846.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {c9064ae1-3f67-11e4-a253-8555f0593f90} {c9064ae5-3f67-11e4-a253-8555f0593f90} {c9064ae6-3f67-11e4-a253-8555f0593f90} timeout 0 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale en-US inherit {globalsettings} integrityservices Enable default {current} resumeobject {c9064ae7-3f67-11e4-a253-8555f0593f90} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {c9064ae1-3f67-11e4-a253-8555f0593f90} device partition=\Device\HarddiskVolume2 description Internal Hard Disk Firmware Application (101fffff) ------------------------------- identifier {c9064ae5-3f67-11e4-a253-8555f0593f90} description Internal CD/DVD ROM Drive(UEFI) Firmware Application (101fffff) ------------------------------- identifier {c9064ae6-3f67-11e4-a253-8555f0593f90} description USB Drive (UEFI) Windows Boot Loader ------------------- identifier {5239a60e-3f73-11e4-825b-8cdcd48b5a76} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5239a60f-3f73-11e4-825b-8cdcd48b5a76} path \windows\system32\winload.efi description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5239a60f-3f73-11e4-825b-8cdcd48b5a76} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.efi description Windows 8.1 locale en-US inherit {bootloadersettings} recoverysequence {5239a60e-3f73-11e4-825b-8cdcd48b5a76} integrityservices Enable recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {c9064ae7-3f67-11e4-a253-8555f0593f90} nx OptIn bootmenupolicy Standard bootlog No Resume from Hibernate --------------------- identifier {c9064ae7-3f67-11e4-a253-8555f0593f90} device partition=C: path \Windows\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {5239a60e-3f73-11e4-825b-8cdcd48b5a76} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {5239a60f-3f73-11e4-825b-8cdcd48b5a76} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2014-12-20 09:08 ==================== End Of Log ============================