i have just got a new laptop and during the first few moments of use i have managed to get a whole bunch of viral type issues
18:50:27.840 Disk 0 Vendor: BHT_WR202A1032G_670290F5 90014a Size: 29824MB BusType: 11
18:50:27.873 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
18:50:43.290 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
18:50:43.337 3 CLASSPNP.SYS[fffff8014c04827b] -> nt!IofCallDriver -> [0xffffe0001bd4fb30]
18:50:43.353 5 amdxata.sys[fffff8014bf536b4] -> nt!IofCallDriver -> \Device\00000024[0xffffe0001bd4c7f0]
18:51:06.486 Disk 0 MBR has been saved successfully to "C:\Users\kevin\Desktop\MBR.dat"
18:51:06.533 The log file has been saved successfully to "C:\Users\kevin\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014
Ran by kevin (administrator) on MY-LAPTOP on 25-12-2014 18:54:42
Running from C:\Users\kevin\Downloads
Loaded Profile: kevin (Available profiles: kevin)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe.691e.deleteme
() C:\Windows\rcore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McA8B28.tmp
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcu9109.tmp
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [702808 2014-06-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.youtube.com/user/swiftmini?feature=mhee
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate={installDate}", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=e7334c78-6978-4a90-9bd0-e472dab29d1a&searchtype=hp&installDate=04/03/2013", "hxxp://www.google.com/"
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Write Space) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-12-25]
CHR Extension: (Screenr) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajmdmhlhifnkjklgeikfdmffiigfoged [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (Webpage Screenshot) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2014-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-25]
CHR Extension: (Gliffy Diagrams) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-12-25]
CHR Extension: (YouTube) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Solitaire) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2014-12-25]
CHR Extension: (Adblock Plus) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-25]
CHR Extension: (Google Search) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (Facebook for Chrome) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2014-12-25]
CHR Extension: (F1 News) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk [2014-12-25]
CHR Extension: (Start - A Better New Tab) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgifkabikplflflabkllnpidlbjjpgbp [2014-12-25]
CHR Extension: (Facebook Messenger) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-12-25]
CHR Extension: (Quick Note) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-12-25]
CHR Extension: (MONOPOLY: The World Edition) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkedhiolniniodbokjinplhaleemnfbe [2014-12-25]
CHR Extension: (Google Wallet) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]
CHR Extension: (Instagram for Chrome) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-12-25]
CHR Extension: (Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]
CHR Extension: (Type Fu) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk [2014-12-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0044571419532266mcinstcleanup; C:\Windows\TEMP\004457~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-05] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [492344 2014-07-08] (Hewlett-Packard Development Company, L.P.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 rcores; C:\Windows\rcore.exe [4959232 2014-12-24] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-17] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-17] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2014-11-13] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
U3 mfehidk01; No ImagePath
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
U3 mfencbdc02; No ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64; C:\Windows\System32\drivers\{f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64.sys [48784 2014-12-24] (StdLib)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftA079.tmp\amifldrv64.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
U3 aswMBR; \??\C:\Users\kevin\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\kevin\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-25 18:54 - 2014-12-25 18:55 - 00019089 _____ () C:\Users\kevin\Downloads\FRST.txt
2014-12-25 18:54 - 2014-12-25 18:54 - 00000000 ____D () C:\FRST
2014-12-25 18:51 - 2014-12-25 18:51 - 00001631 _____ () C:\Users\kevin\Desktop\aswMBR.txt
2014-12-25 18:51 - 2014-12-25 18:51 - 00000512 _____ () C:\Users\kevin\Desktop\MBR.dat
2014-12-25 18:49 - 2014-12-25 18:49 - 02122240 _____ (Farbar) C:\Users\kevin\Downloads\FRST64.exe
2014-12-25 18:48 - 2014-12-25 18:48 - 05198336 _____ (AVAST Software) C:\Users\kevin\Downloads\aswMBR.exe
2014-12-25 18:32 - 2014-12-25 18:32 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-25 18:30 - 2014-12-25 18:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 18:30 - 2014-12-25 18:35 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 18:30 - 2014-12-25 18:30 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-25 18:30 - 2014-12-25 18:30 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-25 16:19 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-25 16:14 - 2014-12-25 16:19 - 36904648 _____ (Microsoft Corporation) C:\Users\kevin\Downloads\Windows-KB890830-x64-V5.19.exe
2014-12-25 13:56 - 2014-12-25 13:56 - 00001095 _____ () C:\Users\kevin\Desktop\Continue Live Installation.lnk
2014-12-25 13:54 - 2014-12-25 13:54 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\hpqlog
2014-12-25 13:54 - 2014-12-25 13:54 - 00000000 ____D () C:\Users\kevin\AppData\Local\Hewlett-Packard
2014-12-25 13:51 - 2014-12-25 13:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-25 13:47 - 2014-12-25 13:47 - 00003414 _____ () C:\Windows\System32\Tasks\temp_a774e592-8f36-4e30-b4a3-c0024526fb2e-2
2014-12-25 12:25 - 2014-12-25 13:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-12-25 12:25 - 2014-12-25 13:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-12-25 12:25 - 2014-12-25 13:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-12-25 12:25 - 2014-12-25 12:37 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-12-25 12:25 - 2014-12-25 12:37 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-12-25 12:25 - 2014-12-25 12:37 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-12-25 12:25 - 2014-12-25 12:25 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-12-25 12:24 - 2014-12-25 12:25 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-12-25 12:24 - 2014-12-25 12:24 - 00628496 _____ (CMI Limited) C:\Users\kevin\AppData\Local\nsd4B1C.tmp
2014-12-25 12:24 - 2014-12-25 12:24 - 00000000 __SHD () C:\Users\kevin\AppData\Roaming\AnyProtectEx
2014-12-25 11:38 - 2014-12-25 18:30 - 00000000 ____D () C:\Users\kevin\AppData\Local\Deployment
2014-12-25 11:38 - 2014-12-25 11:38 - 00000000 ____D () C:\Users\kevin\AppData\Local\Apps\2.0
2014-12-25 11:27 - 2014-12-25 11:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-12-25 11:27 - 2014-12-24 18:52 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{f95b3c8f-44d2-4a2c-9d3a-e8ecddb746c5}Gw64.sys
2014-12-25 11:13 - 2014-12-25 11:13 - 00004026 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-12-25 11:09 - 2014-12-25 11:09 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\QuickScan
2014-12-25 11:08 - 2014-12-25 13:54 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-25 11:07 - 2014-12-25 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-25 11:05 - 2014-12-25 18:32 - 00000000 ____D () C:\Users\kevin\AppData\Local\Google
2014-12-25 11:05 - 2014-12-25 18:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 11:05 - 2014-12-25 17:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-25 11:05 - 2014-12-25 17:09 - 00001706 _____ () C:\Windows\Tasks\RETHQXQE.job
2014-12-25 11:05 - 2014-12-25 14:10 - 00000000 ____D () C:\Program Files (x86)\Popcornew
2014-12-25 11:05 - 2014-12-25 11:07 - 00000000 ____D () C:\Users\kevin\AppData\Local\Popcornew
2014-12-25 11:05 - 2014-12-25 11:05 - 01952744 _____ (Cinema Plus2.7gV25.12) C:\Users\kevin\AppData\Roaming\RETHQXQE.exe
2014-12-25 11:05 - 2014-12-25 11:05 - 00004712 _____ () C:\Windows\System32\Tasks\RETHQXQE
2014-12-25 11:05 - 2014-12-25 11:05 - 00000000 ____D () C:\Users\kevin\AppData\Local\globalUpdate
2014-12-25 11:05 - 2014-12-25 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-12-25 11:05 - 2014-12-25 11:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-25 11:05 - 2014-12-24 10:00 - 04959232 _____ () C:\Windows\rcore.exe
2014-12-25 11:01 - 2014-12-25 11:01 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{23B17B40-E5D9-43C2-B5BD-02F3087C443B}
2014-12-25 11:01 - 2014-12-25 11:01 - 00000000 __SHD () C:\Users\kevin\AppData\Local\EmieUserList
2014-12-25 11:01 - 2014-12-25 11:01 - 00000000 __SHD () C:\Users\kevin\AppData\Local\EmieSiteList
2014-12-25 10:59 - 2014-12-25 17:09 - 00000000 __RDO () C:\Users\kevin\OneDrive
2014-12-25 10:59 - 2014-12-25 10:59 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Macromedia
2014-12-25 10:57 - 2014-12-25 18:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1559278574-202871057-2195148621-1002
2014-12-25 10:56 - 2014-12-25 11:13 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Hewlett-Packard
2014-12-25 10:52 - 2014-12-25 11:13 - 00000000 ____D () C:\Users\kevin\AppData\Local\Packages
2014-12-25 10:52 - 2014-12-25 10:59 - 00000000 ____D () C:\Users\kevin
2014-12-25 10:52 - 2014-12-25 10:52 - 00003566 _____ () C:\Windows\System32\Tasks\HPCheckDropBoxStatus
2014-12-25 10:52 - 2014-12-25 10:52 - 00001442 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 10:52 - 2014-12-25 10:52 - 00000184 _____ () C:\Windows\insFileSpec
2014-12-25 10:52 - 2014-12-25 10:52 - 00000020 ___SH () C:\Users\kevin\ntuser.ini
2014-12-25 10:52 - 2014-12-25 10:52 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Adobe
2014-12-25 10:52 - 2014-12-25 10:52 - 00000000 ____D () C:\Users\kevin\AppData\Local\VirtualStore
2014-12-25 10:52 - 2014-07-19 10:00 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-25 10:52 - 2014-07-19 01:21 - 00000000 ___HD () C:\Users\kevin\Documents\hp.system.package.metadata
2014-12-25 10:52 - 2014-03-18 10:06 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-25 10:52 - 2014-03-18 09:54 - 00000369 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-25 10:52 - 2014-03-18 09:54 - 00000369 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-25 10:52 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-25 10:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-25 10:45 - 2014-12-25 17:20 - 00274569 _____ () C:\Windows\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-25 18:31 - 2014-11-13 09:38 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-12-25 18:30 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-25 18:29 - 2014-11-13 09:38 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-25 18:29 - 2014-07-19 09:13 - 00000000 ___HD () C:\HP
2014-12-25 18:27 - 2014-11-13 09:38 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-25 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-25 17:11 - 2014-07-19 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-25 17:08 - 2014-03-18 09:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 17:01 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 17:00 - 2014-11-13 09:32 - 00201256 _____ () C:\Windows\SysWOW64\rootpa.e2e
2014-12-25 17:00 - 2014-11-13 09:26 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-25 17:00 - 2014-07-19 01:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-25 17:00 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-25 16:19 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-25 13:51 - 2014-03-18 09:44 - 00005072 _____ () C:\Windows\PFRO.log
2014-12-25 12:27 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-25 11:27 - 2013-08-22 14:46 - 00019472 _____ () C:\Windows\setupact.log
2014-12-25 11:27 - 2013-08-22 13:25 - 00000226 _____ () C:\Windows\win.ini
2014-12-25 10:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-25 10:52 - 2014-04-03 00:40 - 00000000 ___HD () C:\SYSTEM.SAV
2014-12-25 10:52 - 2014-04-02 23:51 - 00000000 ____D () C:\Windows\Panther
2014-12-25 10:43 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Recovery
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-13 10:54
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014
Ran by kevin at 2014-12-25 18:56:39
Running from C:\Users\kevin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1205.1711.109 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{83073B80-279B-2579-750E-43BE6DAC6412}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9810 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{854337D7-A7FF-4944-AF74-369213E2EB24}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1134A9E2-42FF-44DA-9CCB-64894105DB04}) (Version: 1.2.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0048B5E1-1E3E-41E2-AE02-418D1C03E745} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {09DC78FA-5009-42F2-9237-CF6783EA423F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {1184CC2B-E719-4C90-BB26-F77FA1AD9873} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {233CD257-55A8-4928-9F41-2EBA775D010D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-12-25] (AnyProtect.com) <==== ATTENTION
Task: {237A20B3-BB35-4D5F-AA01-E980486FECD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {59663827-C976-4427-9279-33642F778DE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {8DEA7CB6-CCD6-4296-8D7F-529BD98F2664} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-05-15] ()
Task: {913B38E5-E21C-48F4-97B0-375822016651} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {91B3971C-379E-4CB4-B2AF-0E605E3F072F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-12-25] (AnyProtect.com) <==== ATTENTION
Task: {A8984C00-F619-4345-9846-4C0DEBEF034A} - System32\Tasks\temp_a774e592-8f36-4e30-b4a3-c0024526fb2e-2 => C:\Users\kevin\AppData\Local\Temp\nsz22EB.tmp\a774e592-8f36-4e30-b4a3-c0024526fb2e-2.exe <==== ATTENTION
Task: {B0361E29-ABF7-4B74-9DF5-8CC9991FDC81} - System32\Tasks\HPCheckDropBoxStatus => c:\HP\HPQWare\DropBox\HPAppDetector.exe [2014-06-19] ()
Task: {BE328DA5-220C-4B96-BDC6-4C413D03B728} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-12-25] (AnyProtect.com) <==== ATTENTION
Task: {E4361F73-1BF5-4417-813D-925E96882FF2} - System32\Tasks\RETHQXQE => C:\Users\kevin\AppData\Roaming\RETHQXQE.exe [2014-12-25] (Cinema Plus2.7gV25.12) <==== ATTENTION
Task: {ED6CBE00-EDB9-47B2-BF37-DC861A9EC75F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RETHQXQE.job => C:\Users\kevin\AppData\Roaming\RETHQXQE.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-06-05 22:42 - 2014-06-05 22:42 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-06-05 22:40 - 2014-06-05 22:40 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-25 11:05 - 2014-12-24 10:00 - 04959232 _____ () C:\Windows\rcore.exe
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-12-25 18:32 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-25 18:32 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-25 18:32 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-25 18:32 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\kevin\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1559278574-202871057-2195148621-500 - Administrator - Disabled)
Guest (S-1-5-21-1559278574-202871057-2195148621-501 - Limited - Disabled)
kevin (S-1-5-21-1559278574-202871057-2195148621-1002 - Administrator - Enabled) => C:\Users\kevin
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/25/2014 06:30:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPCD.exe version 1.1.12.59 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 884
Start Time: 01d02070ae642b9b
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6\HPCD.exe
Report Id: ffbdc926-8c63-11e4-8261-38b1dbe9bd20
Faulting package full name: AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6
Faulting package-relative application ID: App
Error: (12/25/2014 06:29:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MY-LAPTOP)
Description: App AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6+App did not launch within its allotted time.
Error: (12/25/2014 05:00:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MY-LAPTOP)
Description: Activation of application Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278
Error: (12/25/2014 11:47:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opbhobrokerdsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0xf30
Faulting application start time: 0xopbhobrokerdsktop.exe0
Faulting application path: opbhobrokerdsktop.exe1
Faulting module path: opbhobrokerdsktop.exe2
Report ID: opbhobrokerdsktop.exe3
Faulting package full name: opbhobrokerdsktop.exe4
Faulting package-relative application ID: opbhobrokerdsktop.exe5
Error: (12/25/2014 11:37:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17037, time stamp: 0x5312c30a
Faulting module name: KrabWebbho.dll, version: 1.0.0.5, time stamp: 0x54943652
Exception code: 0xc0000005
Fault offset: 0x00003421
Faulting process ID: 0x1a28
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at HPMetrics.ScheduleTask.DeleteTask(String TaskName)
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)
Error: (12/25/2014 11:10:36 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.25.11\PopcornewUpdateHelper.msi
System errors:
=============
Error: (12/25/2014 06:33:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (12/25/2014 06:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053
Error: (12/25/2014 06:33:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (12/25/2014 06:33:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}
Error: (12/25/2014 06:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053
Error: (12/25/2014 06:33:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (12/25/2014 06:32:59 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{26608B46-476A-4BF1-9CC6-AFEA28EBBC17}
Error: (12/25/2014 06:32:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053
Error: (12/25/2014 06:32:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
Error: (12/25/2014 06:32:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{26608B46-476A-4BF1-9CC6-AFEA28EBBC17}
Microsoft Office Sessions:
=========================
Error: (12/25/2014 06:30:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPCD.exe1.1.12.5988401d02070ae642b9b4294967295C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6\HPCD.exeffbdc926-8c63-11e4-8261-38b1dbe9bd20AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6App
Error: (12/25/2014 06:29:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MY-LAPTOP)
Description: AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6+App
Error: (12/25/2014 05:00:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MY-LAPTOP)
Description: Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance-2144927141
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727
Error: (12/25/2014 05:00:08 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278
Error: (12/25/2014 11:47:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: opbhobrokerdsktop.exe8.0.1.115335c3d5unknown0.0.0.000000000c00000050000000000000000f3001d02030f113cd16C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exeunknowndaf2834f-8c2b-11e4-825f-38b1dbe9bd20
Error: (12/25/2014 11:37:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.170375312c30aKrabWebbho.dll1.0.0.554943652c0000005000034211a2801d0203733e7c311C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Krab Web\KrabWebbho.dll729a35e8-8c2a-11e4-825f-38b1dbe9bd20
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at HPMetrics.ScheduleTask.DeleteTask(String TaskName)
Error: (12/25/2014 11:13:41 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002) at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
at RegDataUtil.ScheduleTask.DeleteTask(String TaskName)
Error: (12/25/2014 11:10:36 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.25.11\PopcornewUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: AMD A4 Micro-6400T APU + AMD Radeon R3 Graphics
Percentage of memory in use: 69%
Total physical RAM: 1747.11 MB
Available physical RAM: 531.62 MB
Total Pagefile: 2899.11 MB
Available Pagefile: 989.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:22.94 GB) (Free:17.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: E8FB648C)
Partition: GPT Partition Type.
==================== End Of Log ============================
I hope someone can help me and i will appreciate any help i can get
thanks
kevin