Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows 8 laptop slow, stops responding and error messages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows 8 laptop slow, stops responding and error messages

Unread postby Gmic » December 12th, 2015, 8:01 am

Hi there,

I'm trying to help my parents with their painfully slow laptop, it takes ages to start up, internet pages don't load properly and it stops responding to anything and has to be shut down & restarted. I have done disk clean up, it's set to automatically defrag once a week and I downloaded startlite to disable any unnecessary start up programs.

I have posted the requested logs in the hope that you may be able to help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by George (administrator) on GEORGEANDSHEILA (12-12-2015 11:44:40)
Running from C:\Users\George\AppData\Local\Microsoft\Windows\INetCache\IE\RAOML9WV
Loaded Profiles: George (Available Profiles: George & Sheila & Administrator)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2015-11-10] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-01-30] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{58AC4E6F-EF92-40CE-A950-0174E5E96D1E}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{F383CDAF-82E0-4032-9154-81ECE708E122}: [DhcpNameServer] 127.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.talktalk.co.uk/
SearchScopes: HKU\S-1-5-21-2769808783-2912023770-2790341647-1001 -> {475A70F7-D218-4701-AA37-B90EDABCE070} URL =
SearchScopes: HKU\S-1-5-21-2769808783-2912023770-2790341647-1001 -> {D5B43340-F237-4E0B-98CD-D1D840B29D43} URL = hxxps://uk.search.yahoo.com/search?fr=m ... 0151119&p={searchTerms}
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-11-10] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0318861449904641mcinstcleanup; C:\WINDOWS\TEMP\031886~1.EXE [883024 2015-10-28] (McAfee, Inc.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-11-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-05] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [502904 2015-11-24] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2015-11-24] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2015-11-24] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2015-11-24] (IBM Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 11:42 - 2015-12-12 11:44 - 00000000 ____D C:\FRST
2015-12-12 07:25 - 2015-12-12 07:25 - 00000285 _____ C:\Users\George\Desktop\BBC Weather - Woking.url
2015-12-11 22:19 - 2015-12-12 11:21 - 00003846 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2015-12-09 11:46 - 2015-12-12 07:14 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2015-11-20 13:49 - 2015-11-20 22:46 - 00023040 _____ C:\Users\George\Downloads\Dorothy_E_Michie_1939_reg.wps
2015-11-19 18:10 - 2015-11-19 18:10 - 00001947 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk
2015-11-19 18:10 - 2015-11-19 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-19 18:06 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-11-19 18:03 - 2015-11-28 07:44 - 00003064 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-11-19 18:03 - 2015-11-28 07:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-11-19 18:02 - 2015-11-19 18:02 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-11-19 18:00 - 2015-11-19 18:00 - 00000000 ____D C:\Program Files\McAfee.com
2015-11-19 17:59 - 2015-11-19 18:07 - 00000000 ____D C:\Program Files\McAfee
2015-11-19 17:59 - 2015-11-19 17:59 - 00003344 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2015-11-19 17:59 - 2015-11-19 17:59 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-19 17:58 - 2015-12-08 22:36 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-19 17:22 - 2015-09-21 13:33 - 00256840 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2015-11-19 14:10 - 2015-12-12 07:17 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-14 16:19 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-14 16:17 - 2015-09-29 12:24 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-14 16:16 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-14 16:16 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-14 16:15 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-14 16:15 - 2014-10-29 00:34 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2015-11-14 16:14 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-14 16:14 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-14 13:12 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-14 13:12 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-14 13:11 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-14 13:11 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-14 13:11 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-14 13:11 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-14 13:11 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-14 13:11 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-14 13:11 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-14 13:11 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-14 13:11 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-14 13:11 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-14 13:11 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-14 13:11 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-14 13:11 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-14 13:11 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-14 13:11 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-14 13:11 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-14 13:11 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-14 13:10 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-14 13:10 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-14 13:10 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-14 13:10 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-14 13:10 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-14 13:10 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-14 13:10 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-14 13:10 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-14 13:10 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-14 13:10 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-14 13:09 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-14 13:09 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-14 13:09 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-14 13:09 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-14 13:08 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-14 13:08 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-14 13:08 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-14 13:06 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-14 13:06 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-14 13:06 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-13 22:18 - 2015-09-12 13:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-13 15:59 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-13 15:59 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-13 15:59 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-13 15:59 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-13 15:59 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-13 15:59 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-13 15:59 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-13 15:57 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-13 15:56 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-13 15:56 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-13 15:56 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-13 15:56 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-13 15:56 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-13 15:56 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-13 15:56 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-13 15:56 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-13 15:56 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-13 15:56 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-13 15:56 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-13 15:56 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-13 15:56 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-13 15:56 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-13 15:56 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-13 15:56 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-13 15:56 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-13 15:56 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-13 15:56 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-13 15:56 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-13 15:56 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-13 15:56 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-13 15:56 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-12 20:01 - 2015-11-12 20:03 - 00000000 ____D C:\e2396f2cd87038440a992c
2015-11-12 19:06 - 2015-11-12 19:06 - 00000000 ____D C:\073bd85516a27c63eccd77a5100d9eed

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 11:44 - 2014-01-04 15:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2769808783-2912023770-2790341647-1001
2015-12-12 11:43 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-12-12 11:41 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-12 11:27 - 2015-08-24 14:02 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-12 11:27 - 2012-07-26 08:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-12 11:27 - 2012-07-26 07:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-12 10:32 - 2014-12-28 16:00 - 00000000 __RDO C:\Users\George\OneDrive
2015-12-12 07:03 - 2014-12-28 15:12 - 00000000 ____D C:\Users\George
2015-12-12 07:02 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 22:28 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-11 17:20 - 2014-01-04 15:55 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2769808783-2912023770-2790341647-1004
2015-12-11 17:15 - 2014-12-28 17:14 - 00000000 ___RD C:\Users\Sheila\OneDrive
2015-12-11 17:15 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-11 09:30 - 2014-03-04 00:16 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C81CBCA4-B3E1-4EE0-A093-D2097994EB5E}
2015-12-09 16:40 - 2014-12-28 15:12 - 00000000 ____D C:\Users\Sheila
2015-12-09 15:42 - 2015-01-19 15:42 - 00000368 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - George).job
2015-12-05 07:24 - 2014-03-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-11-30 18:54 - 2013-09-28 14:09 - 00000595 _____ C:\Users\George\Desktop\Santander Online Banking.website
2015-11-29 17:48 - 2014-12-28 17:29 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5BCE6F2-D17D-414B-B937-195E0C70F8D6}
2015-11-28 13:59 - 2013-05-03 06:17 - 00000000 ____D C:\ProgramData\McAfee
2015-11-28 07:47 - 2012-07-26 08:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-24 16:27 - 2014-03-03 17:40 - 00396152 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-11-24 16:27 - 2014-03-03 17:40 - 00141304 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-11-22 16:58 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-21 14:59 - 2014-01-04 15:22 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\Adobe
2015-11-20 22:46 - 2015-11-03 16:11 - 22908888 _____ (Malwarebytes ) C:\Users\George\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-18 06:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-17 10:15 - 2015-11-03 17:06 - 00000000 ____D C:\Users\Sheila\AppData\LocalLow\Adblock Plus for IE
2015-11-16 06:38 - 2013-08-22 15:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-15 22:15 - 2013-08-22 13:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-11-13 22:11 - 2013-08-22 14:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-13 17:05 - 2014-01-09 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 16:58 - 2014-01-09 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-09 11:41

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by George (2015-12-12 11:48:14)
Running from C:\Users\George\AppData\Local\Microsoft\Windows\INetCache\IE\RAOML9WV
Windows 8.1 (X64) (2014-12-28 15:48:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2769808783-2912023770-2790341647-500 - Administrator - Disabled) => C:\Users\Administrator
George (S-1-5-21-2769808783-2912023770-2790341647-1001 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-2769808783-2912023770-2790341647-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2769808783-2912023770-2790341647-1003 - Limited - Enabled)
Sheila (S-1-5-21-2769808783-2912023770-2790341647-1004 - Limited - Enabled) => C:\Users\Sheila

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Basic Operation Guide EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson Network Guide EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
McAfee® AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.6120 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Rapport (x32 Version: 3.5.1507.99 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.1.42 - iolo technologies, LLC)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124 - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
User's Guide EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version: - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-11-2015 14:57:21 Installed Adblock Plus for IE (32-bit and 64-bit)
13-11-2015 16:41:21 Windows Update
28-11-2015 14:18:24 McAfee Vulnerability Scanner
05-12-2015 07:20:13 Installed Rapport

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {134F79F6-5922-44E4-9000-687E791086CF} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {1380F526-5A0F-4A3B-B299-039C52383A4B} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {35856D18-463F-4680-A462-97ABFB119A82} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {37EA2781-4462-48D6-89F8-253DF8B4F835} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {3E5C43A9-3B13-42DE-BDB8-6E3370261B43} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {41665443-13A8-4C02-B904-AD2D45090426} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4466DF6A-7858-4375-A0DC-162B1A424876} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {63963299-DABF-4FF1-BFC7-7AAC86422CA7} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {9161598D-B8FF-49A4-9CDA-7C19E9AFD984} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A8B91B88-D394-45B3-A2B7-1FEF72DDC8BD} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {B68D6F9C-9C08-447F-997C-5AB71F7C3558} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - George) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {C9C23B2B-D55E-45E6-B286-E64417E74C14} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {D1848CA7-4181-4645-937D-AC9CE20B6CD0} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2015-08-21] ()
Task: {D8AFAAB0-E205-4CF6-8519-FB56C8E41479} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - George).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\George\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-16576146740.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xab42bf87 -pinnedTimeHigh 0x01cebc4b -securityFlags 0x00000000 -url 0x0000003c hxxp://windows.microsoft.com/en-gb/inte ... er/browser <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 12:38 - 2011-10-13 12:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 14:15 - 2012-10-31 14:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 18:13 - 2012-08-13 18:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-05-03 05:52 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\...\santander.co.uk -> hxxps://retail.santander.co.uk

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1524D938-DCEF-4E7A-95E5-ACB0752196ED}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{02404A6F-A78C-46C1-8349-5051873E3D6C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{FE962503-FCF7-4FB1-9EF1-5B815F4B8419}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{EC07643F-E948-4008-A50D-479EC77D482F}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{5172CB4F-FC3C-4AAC-9B41-A524C8E4FC1D}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{50C9B0D6-D27F-494E-8D8D-660519E1204D}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E862F4AE-E2AD-4AC5-B709-11265F3B1840}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{34A3033C-AA6F-4E5B-9533-8EC25B409F69}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{12F6BF14-C051-4622-A73F-5A11A067BD2D}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{BDD6B7A0-2D97-4293-B453-285EE419F0E5}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{3A1AFAFC-DADA-4B80-83EC-B41F90640DE0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{2FE2DD0C-530B-4B70-888D-D17966C89BE1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{3F64B2D0-2BC7-41EF-B03B-F799C69163AC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C74C99E9-A871-4E25-9690-C00F507930BF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{148AC277-70C1-4EDB-B500-96770959267F}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{2DA97164-2451-4654-9184-1F03CFCF88F3}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2015 11:30:24 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/12/2015 10:57:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d48

Start Time: 01d134cb55835820

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 26f42682-a0bf-11e5-bfeb-7c050778a97b

Faulting package full name:

Faulting package-relative application ID:

Error: (12/12/2015 07:11:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10c4

Start Time: 01d134ab88d8fc08

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 7abe20af-a09f-11e5-bfeb-7c050778a97b

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (12/12/2015 07:09:27 AM) (Source: AVLogEvent) (EventID: 5006) (User: NT AUTHORITY)
Description: Content is corrupt.
Error Code:a7f42015

Error: (12/12/2015 07:02:30 AM) (Source: AVLogEvent) (EventID: 5006) (User: NT AUTHORITY)
Description: Content is corrupt.
Error Code:a7f42015

Error: (12/11/2015 06:38:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c88

Start Time: 01d13442621923cf

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5586a776-a036-11e5-bfea-7c050778a97b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/11/2015 12:52:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.7.64, time stamp: 0x5091827a
Faulting module name: SynCOM.dll_unloaded, version: 16.3.4.0, time stamp: 0x50b86421
Exception code: 0xc0000005
Fault offset: 0x000000000001f368
Faulting process ID: 0x1600
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report ID: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5

Error: (12/11/2015 12:38:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc
Exception code: 0xe06d7363
Fault offset: 0x00015b68
Faulting process ID: 0x19a0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/11/2015 07:10:00 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/11/2015 07:05:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.7.64, time stamp: 0x5091827a
Faulting module name: SynCOM.dll_unloaded, version: 16.3.4.0, time stamp: 0x50b86421
Exception code: 0xc0000005
Fault offset: 0x000000000001f368
Faulting process ID: 0xb54
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report ID: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5


System errors:
=============
Error: (12/12/2015 11:20:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/12/2015 11:20:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/12/2015 07:27:32 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

Error: (12/12/2015 07:27:02 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

Error: (12/12/2015 07:26:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

Error: (12/12/2015 07:25:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

Error: (12/12/2015 07:24:36 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/12/2015 07:24:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/12/2015 07:23:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (12/12/2015 07:23:02 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}


CodeIntegrity:
===================================
Date: 2015-12-12 07:05:38.464
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-10 09:57:08.828
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-10 07:13:36.033
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 85%
Total physical RAM: 1931.22 MB
Available physical RAM: 284.81 MB
Total Virtual: 3595.22 MB
Available Virtual: 1402.07 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:285.85 GB) (Free:239.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Many thanks

Ann
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am
Advertisement
Register to Remove

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby nunped » December 13th, 2015, 6:40 am

Hello Gmic, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby nunped » December 13th, 2015, 5:18 pm

Hi Gmic,

Please run these additional scans:
Step 1 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  • Close ALL open programs, including your Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  • Press the Report button to produce the scan report.
  • A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  • Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.


Step 2 - ESET NOD32 Online Scan
Vista - W7 -W8 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  1. Click the blue [Run ESET Online Scanner] button.
  2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  3. Click the green [Start] button.
  4. Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  5. Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  6. Click Advanced settings ... select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  7. Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  8. When the scan completes... press the text: Image
  9. Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  10. Press the [Back] button... then press the [Finish] button.
  11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection... before continuing!



Please, post both logs on your next answer.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby Gmic » December 15th, 2015, 4:58 pm

Hi nunped,
Thanks for taking the time to help us. Logs as requested below.

# AdwCleaner v5.025 - Logfile created 15/12/2015 at 16:58:12
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : George - GEORGEANDSHEILA
# Running from : C:\Users\George\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c6319b9-312c-4bdf-b75e-e9dd16ae0f1c}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [884 bytes] ##########

C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29barsvc.exe.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29bprtct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29dlghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29dlghk64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29feedmg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29highin.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29htmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29httpct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29idle.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29medint.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29regfft.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29regiet.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29script.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29skplay.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29tpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\APPINTEGRATOR.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\APPINTEGRATORSTUB.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\AppIntegratorStub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\ASSISTMONITOR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\ASSISTMONITOR64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\CrExtP29.exe.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\FF-NativeMessagingDispatcher.dll.vir a variant of Win32/Toolbar.MyWebSearch.AO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\HiddenToolbarReminder.dll.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\HKFXMGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\HKFXMGR64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\INSTALLENABLER.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8EPMSUP.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8EXTEX.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\TOOLBARGUARD.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\TOOLBARGUARD64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\TPIMANAGERCONSOLE.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\VERIFY.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\ARBITER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\ARBITER64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\bar\ASSIST.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\dialog\ASSIST.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_default_search_provider\ARBITER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_default_search_provider\ARBITER64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_default_search_provider\ASSIST.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_enable\ARBITER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_enable\ARBITER64.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bprtct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dlghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39feedmg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39hkstub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39httpct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39idle.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39ieovr.dll.vir a variant of Win32/Toolbar.MyWebSearch.AG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39mlbtn.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39Plugin.dll.vir Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39radio.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regfft.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39reghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regiet.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39script.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39srchmr.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\BOOTSTRAP.JS.vir JS/Mindspark.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\EXEMANAGER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\FF-NativeMessagingDispatcher.dll.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EPMSUP.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\UNIFIEDLOGGING.DLL.vir Win32/Toolbar.MyWebSearch.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\VERIFY.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\George\AppData\LocalLow\HeadlineAlley_29\bar\Cache\144D7C94.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\Users\George\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0F42C5D9.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\PKIJ841O\MapsGalaxy.e2fdab645017410ba89cd128ebaf270a.exe Win32/Toolbar.MyWebSearch.AV potentially unwanted application
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\OnlineMapFinder.81d5b2d54b6e4e19a42cd181f10f145f.exe Win32/Toolbar.MyWebSearch.AV potentially unwanted application
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\TelevisionFanatic.exe a variant of Win32/AdInstaller potentially unwanted application

I hope I've done them correctly

Regards
Gmic
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby Gmic » December 15th, 2015, 5:35 pm

Hi nunped,

Thanks for helping me, logs as requested.

# AdwCleaner v5.025 - Logfile created 15/12/2015 at 16:58:12
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : George - GEORGEANDSHEILA
# Running from : C:\Users\George\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c6319b9-312c-4bdf-b75e-e9dd16ae0f1c}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [884 bytes] ##########

C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29bar.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29barsvc.exe.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29bprtct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29dlghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29dlghk64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29feedmg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29highin.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29htmlmu.dll.vir a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29httpct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29idle.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29medint.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29regfft.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29regiet.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29script.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29skplay.exe.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\29tpinst.dll.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\APPINTEGRATOR.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\APPINTEGRATORSTUB.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\AppIntegratorStub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\ASSISTMONITOR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\ASSISTMONITOR64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\CrExtP29.exe.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\FF-NativeMessagingDispatcher.dll.vir a variant of Win32/Toolbar.MyWebSearch.AO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\HiddenToolbarReminder.dll.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\HKFXMGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\HKFXMGR64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\INSTALLENABLER.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8EPMSUP.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8EXTEX.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8HTML.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\TOOLBARGUARD.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\TOOLBARGUARD64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\TPIMANAGERCONSOLE.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\VERIFY.DLL.vir Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\ARBITER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\ARBITER64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\bar\ASSIST.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\APA\dialog\ASSIST.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_default_search_provider\ARBITER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_default_search_provider\ARBITER64.DLL.vir a variant of Win64/Toolbar.MyWebSearch.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_default_search_provider\ASSIST.EXE.vir a variant of Win32/Toolbar.MyWebSearch.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_enable\ARBITER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HeadlineAlley_29\bar\4.bin\assists\ie_enable\ARBITER64.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bprtct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub64.dll.vir a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dlghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39feedmg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39hkstub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39httpct.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39idle.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39ieovr.dll.vir a variant of Win32/Toolbar.MyWebSearch.AG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39mlbtn.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39Plugin.dll.vir Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39radio.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regfft.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39reghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regiet.dll.vir a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39script.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39srchmr.dll.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\BOOTSTRAP.JS.vir JS/Mindspark.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\DPNMNGR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\EXEMANAGER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\FF-NativeMessagingDispatcher.dll.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll.vir a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EPMSUP.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8TICKER.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\UNIFIEDLOGGING.DLL.vir Win32/Toolbar.MyWebSearch.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39\bar\1.bin\VERIFY.DLL.vir a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\George\AppData\LocalLow\HeadlineAlley_29\bar\Cache\144D7C94.vir a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\Users\George\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0F42C5D9.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\PKIJ841O\MapsGalaxy.e2fdab645017410ba89cd128ebaf270a.exe Win32/Toolbar.MyWebSearch.AV potentially unwanted application
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\OnlineMapFinder.81d5b2d54b6e4e19a42cd181f10f145f.exe Win32/Toolbar.MyWebSearch.AV potentially unwanted application
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\TelevisionFanatic.exe a variant of Win32/AdInstaller potentially unwanted application

Regards
Gmic
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby nunped » December 16th, 2015, 1:41 pm

Hi Gmic,

Step 1 - AdwCleaner logs
I see you have run AdwCleaner previously. I'd like to see the logs.
You should find them at C:\AdwCleaner\AdwCleaner[C].txt (or C:\AdwCleaner\AdwCleaner[C1].txt)
Please post them in your next reply.

Step 2 - Online Multi Antivirus file scan
Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:
C:\Users\George\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0F42C5D9.exe
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\PKIJ841O\MapsGalaxy.e2fdab645017410ba89cd128ebaf270a.exe
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\OnlineMapFinder.81d5b2d54b6e4e19a42cd181f10f145f.exe
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\TelevisionFanatic.exe


  • Press the Browse button and navigate to -one- of the files in the list.
  • Double click the located file name. The file name should now appear in the online scanner's text entry box.
  • Click on Send File button.
  • The file will be queued, uploaded and scanned by various antivirus scanners. This may take a few minutes.
    If you receive the message: File has already been analysed:
    Please press the Reanalyse file now button, so your file will be scanned.
  • When all scans have completed the results page is displayed
  • Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  • Please repeat this procedure for each file listed above.
  • Paste the Web address link(s) for the scan results in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby Gmic » December 17th, 2015, 8:48 am

Hi nunped,

Logs as requested.

# AdwCleaner v5.017 - Logfile created 03/11/2015 at 15:57:04
# Updated 03/11/2015 by Xplode
# Database : 2015-11-01.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : George - GEORGEANDSHEILA
# Running from : C:\Users\George\Downloads\adwcleaner_5.017.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : HeadlineAlley_29Service

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\slimcleaner plus
[-] Folder Deleted : C:\Program Files\slimservice
[-] Folder Deleted : C:\Program Files (x86)\HeadlineAlley_29
[-] Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39
[-] Folder Deleted : C:\ProgramData\slimware utilities inc
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
[-] Folder Deleted : C:\Users\George\AppData\Local\iac
[-] Folder Deleted : C:\Users\George\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\George\AppData\Local\HeadlineAlley_29
[-] Folder Deleted : C:\Users\George\AppData\Local\MapsGalaxy_39
[-] Folder Deleted : C:\Users\George\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\George\AppData\LocalLow\HeadlineAlley_29
[-] Folder Deleted : C:\Users\George\AppData\LocalLow\MapsGalaxy_39
[-] Folder Deleted : C:\Users\Sheila\AppData\Local\HeadlineAlley_29
[-] Folder Deleted : C:\Users\Sheila\AppData\Local\MapsGalaxy_39
[-] Folder Deleted : C:\Users\Sheila\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\Sheila\AppData\LocalLow\HeadlineAlley_29
[-] Folder Deleted : C:\Users\Sheila\AppData\LocalLow\MapsGalaxy_39

***** [ Files ] *****

[-] File Deleted : C:\Users\Administrator\Favorites\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\slimcleaner plus.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@HeadlineAlley_29.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.FeedManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.FeedManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.HTMLMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.HTMLMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.HTMLPanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.HTMLPanel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.MultipleButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.MultipleButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.PseudoTransparentPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.PseudoTransparentPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.Radio
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.Radio.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.RadioSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.RadioSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.ScriptButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.ScriptButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.SettingsPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.SettingsPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.ThirdPartyInstaller
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.ThirdPartyInstaller.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.ToolbarProtector
[-] Key Deleted : HKLM\SOFTWARE\Classes\HeadlineAlley_29.ToolbarProtector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.FeedManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.FeedManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLPanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.HTMLPanel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.MultipleButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.MultipleButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.PseudoTransparentPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.PseudoTransparentPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.Radio
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.Radio.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.RadioSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.RadioSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ScriptButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ScriptButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SettingsPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.SettingsPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ThirdPartyInstaller
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ThirdPartyInstaller.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector
[-] Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MapsGalaxy_39 Browser Plugin Loader 64]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HeadlineAlley EPM Support]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MapsGalaxy EPM Support]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HeadlineAlley Search Scope Monitor]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Search Scope Monitor]
[!] Value Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MapsGalaxy_39 Browser Plugin Loader 64]
[-] Key Deleted : HKCU\Software\Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07686242-e711-4ade-804f-7b91600e071e}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1241cebd-9777-4bc6-aae5-2a77e25db246}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14955909-6b2d-4a8b-bf1e-497d4ad7f794}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{173a5778-34bf-48a2-8a5e-6963ce922fed}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2a7560c0-8bc4-4087-bbb0-d307c8f7e95e}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2d081902-5ca0-4645-b767-cd5fb0ac06b5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2f929a33-87fe-42a6-ab43-8ef920a34c2a}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37ed966d-4d0e-4d66-9633-bea542c92860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4369f96e-4071-43e7-8fd2-4d8f96918ef3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4465e725-ed03-4227-995a-c2e51ac5bc54}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4b7d0b0c-cff3-49c5-9bc3-ffabc031c822}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4f28fa5f-7d15-4753-b4fc-d548a0f02bfb}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5e1bdcf6-dd5f-4dd3-8783-b1454aef1830}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{724e9f12-9c72-4475-b963-fe290934dc66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7ad4c0aa-a484-4330-862c-74a40f587cbc}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7d4dfaf7-f2ce-4c91-91a4-514c9612914d}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8f61e414-ea79-4559-8bb6-61d956f70306}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B2FB732-5D3C-4C2A-A53B-DC1BEDFD8B00}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9b58a6ce-b337-43d5-9c2f-8c6d92fba094}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9dc134b0-9913-4d9b-b8ab-69eda881a4bc}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a35ff019-6dbe-4044-b080-6f3fa78a947f}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a6b53354-4f5e-46d3-b722-9f2620ad3758}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bc5d2791-ed53-427a-8915-0dab12b9b42c}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bf49b0a2-8252-4656-8ccc-aae14cde8c10}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c40cb9d6-d375-46fe-997b-cac7af3bef9c}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c4a25b73-8ef5-4282-9d21-c8920dd577a1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{cae88e60-cea5-4fcb-b611-54ea6305d8ab}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{da974ecc-1b4f-49ce-967a-0e4261fa3292}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{db1384d8-1bda-4c8d-a743-e9ca671feb00}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e045df14-bf1d-405c-a37b-a75c1551ad17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f3477e9d-d2f6-49f0-9b23-854d7958d07e}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f8acf502-727b-4d05-9994-9eab5691e439}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0396D01A-1323-4A15-BD0C-1BC7510F46C6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15106AE4-6BDF-443E-80B0-3E38B59D26EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1F2316ED-10F9-4DE5-86E6-1AA53A633DD1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C4A366F-2830-423C-BCC5-FEFF73BA0AD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3CCF7447-D257-4552-B693-F995281F9E19}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{46C2A50F-39BF-4344-82CD-F0F032F246A6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{530E1961-8D61-4C07-981E-36611C9E8AF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{64FBF8B6-C770-401A-8B84-F630EDAF4448}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69D0BAC4-A1B1-45CE-944F-9EEB1479F059}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E95D1D3-A691-44AC-AB5B-731312C2D69D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{87792411-B73A-435E-86F3-AE633A690E84}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FEEDA9E-8F71-45DF-A797-468226D1D35B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C11415-E270-493B-9C89-EF9E348A05A2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A549A4F7-FA70-421C-B0F2-8F6C0B4B85A8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B46B1675-EA32-47FA-B6A4-F6B75C0DAA44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5025785-47CC-463D-AA96-07DFB989A726}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF78452B-F168-4310-9EC0-4B9B66B845F0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D833690C-6E56-46C2-A19F-CF5FD81C9C9A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB74EA0A-6AD3-4884-87F5-6FFC220FA3BF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E38FA7CB-C053-4B07-84AD-BCA6D2BE4FE7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E82C1803-3EBF-4209-952A-A4C5FDBBF9F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F9B90065-CD7A-4439-B311-B292299182A9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14955909-6b2d-4a8b-bf1e-497d4ad7f794}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364ea597-e728-4ce4-bb4a-ed846ef47970}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b7d0b0c-cff3-49c5-9bc3-ffabc031c822}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71c1d63a-c944-428a-a5bd-ba513190e5d2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f61e414-ea79-4559-8bb6-61d956f70306}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364ea597-e728-4ce4-bb4a-ed846ef47970}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71c1d63a-c944-428a-a5bd-ba513190e5d2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8f61e414-ea79-4559-8bb6-61d956f70306}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{14955909-6b2d-4a8b-bf1e-497d4ad7f794}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{173a5778-34bf-48a2-8a5e-6963ce922fed}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4465e725-ed03-4227-995a-c2e51ac5bc54}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4b7d0b0c-cff3-49c5-9bc3-ffabc031c822}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9B2FB732-5D3C-4C2A-A53B-DC1BEDFD8B00}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9dc134b0-9913-4d9b-b8ab-69eda881a4bc}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a35ff019-6dbe-4044-b080-6f3fa78a947f}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bc5d2791-ed53-427a-8915-0dab12b9b42c}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e045df14-bf1d-405c-a37b-a75c1551ad17}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07686242-e711-4ade-804f-7b91600e071e}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1241cebd-9777-4bc6-aae5-2a77e25db246}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{364ea597-e728-4ce4-bb4a-ed846ef47970}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{26842a09-ffa8-4e2c-ae12-0c80f01c3295}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
[-] Key Deleted : HKCU\Software\Vittalia
[-] Key Deleted : HKCU\Software\HeadlineAlley_29
[-] Key Deleted : HKCU\Software\MapsGalaxy_39
[-] Key Deleted : HKCU\Software\AppDataLow\Software\HeadlineAlley_29
[-] Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\HeadlineAlley_29
[-] Key Deleted : HKLM\SOFTWARE\MapsGalaxy_39
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HeadlineAlley_29bar Uninstall Firefox
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall Internet Explorer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall Firefox
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall Internet Explorer
[-] Key Deleted : [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16486 bytes] ##########


https://www.virustotal.com/en/file/0a4b ... 450346916/

others to follow
Gmic
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am


Re: Windows 8 laptop slow, stops responding and error messag

Unread postby nunped » December 18th, 2015, 6:53 am

Hi Gmic,

Good job :)

Step 1 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    CreateRestorePoint:
    C:\Users\George\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0F42C5D9.exe
    C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\PKIJ841O\MapsGalaxy.e2fdab645017410ba89cd128ebaf270a.exe
    C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\OnlineMapFinder.81d5b2d54b6e4e19a42cd181f10f145f.exe
    C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\TelevisionFanatic.exe
    EmptyTemp:
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Step 2 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  • Close ALL open programs, including your Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Scan. When the scan finishes...the Clean button will become active.
  • Click on Clean.
  • Select OK at each prompt... to reboot the computer.
  • A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  • Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.

Step 3 - Scan with FRST
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

In your next reply, please post:
  1. Both logs from FRST
  2. Log from AdwCleaner
  3. How is the computer behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby Gmic » December 18th, 2015, 11:08 am

Hi nunped,

Logs as requested, it still seems sluggish and unresponsive, it takes a long time to do simple tasks like open a folder or load an internet page.

# AdwCleaner v5.025 - Logfile created 18/12/2015 at 13:29:14
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : George - GEORGEANDSHEILA
# Running from : C:\Users\George\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c6319b9-312c-4bdf-b75e-e9dd16ae0f1c}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [884 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by George (administrator) on GEORGEANDSHEILA (18-12-2015 13:49:11)
Running from C:\Users\George\Downloads
Loaded Profiles: George (Available Profiles: George & Sheila & Administrator)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723392 2015-12-03] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-01-30] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{58AC4E6F-EF92-40CE-A950-0174E5E96D1E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F383CDAF-82E0-4032-9154-81ECE708E122}: [DhcpNameServer] 127.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.talktalk.co.uk/
SearchScopes: HKU\S-1-5-21-2769808783-2912023770-2790341647-1001 -> {475A70F7-D218-4701-AA37-B90EDABCE070} URL =
SearchScopes: HKU\S-1-5-21-2769808783-2912023770-2790341647-1001 -> {D5B43340-F237-4E0B-98CD-D1D840B29D43} URL = hxxps://uk.search.yahoo.com/search?fr=m ... 0151119&p={searchTerms}
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0208701450443123mcinstcleanup; C:\WINDOWS\TEMP\020870~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-05] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [502904 2015-11-24] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2015-11-24] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2015-11-24] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2015-11-24] (IBM Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 12:55 - 2015-12-18 13:14 - 00001473 _____ C:\Users\George\Downloads\Fixlog.txt
2015-12-18 12:54 - 2015-12-18 12:54 - 00000000 ____D C:\Users\George\Downloads\FRST-OlderVersion
2015-12-18 12:51 - 2015-12-18 12:51 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2015-12-17 14:03 - 2015-12-17 14:03 - 00000017 _____ C:\Users\George\AppData\Local\resmon.resmoncfg
2015-12-17 13:17 - 2015-12-17 13:17 - 06468104 _____ ( ) C:\Users\George\Downloads\adblockplusie-1.5.exe
2015-12-17 12:17 - 2015-12-17 12:17 - 00000374 _____ C:\Users\Sheila\Desktop\virustotalmum.txt
2015-12-17 11:04 - 2015-12-17 12:32 - 00000126 _____ C:\Users\George\Desktop\virustotalresults.txt
2015-12-17 09:54 - 2015-12-17 09:54 - 00016602 _____ C:\Users\George\Desktop\AdwCleaner[C1].txt
2015-12-15 20:26 - 2015-12-15 20:26 - 00029800 _____ C:\Users\George\Desktop\eset.txt
2015-12-15 18:17 - 2015-12-15 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4100 series
2015-12-15 18:17 - 2015-12-15 18:17 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-12-15 18:16 - 2015-12-18 13:32 - 00003846 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2015-12-15 18:15 - 2015-12-15 18:15 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-12-15 18:14 - 2011-05-23 05:00 - 00385536 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAS.DLL
2015-12-15 17:18 - 2015-12-15 17:18 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-15 17:04 - 2015-12-15 17:04 - 00000962 _____ C:\Users\George\Desktop\AdwCleaner[S2].txt
2015-12-15 16:55 - 2015-12-15 16:55 - 01740288 _____ C:\Users\George\Downloads\AdwCleaner.exe
2015-12-12 14:28 - 2015-10-10 17:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-12 14:26 - 2015-11-11 16:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-12 14:26 - 2015-11-11 16:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-12 14:26 - 2015-11-11 15:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-12 14:26 - 2015-11-09 23:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-12 14:26 - 2015-11-08 22:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-12 14:26 - 2015-11-08 22:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-12 14:26 - 2015-11-08 22:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-12 14:26 - 2015-11-08 22:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-12 14:26 - 2015-11-08 21:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-12 14:26 - 2015-11-08 21:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-12 14:26 - 2015-11-08 21:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-12 14:26 - 2015-11-08 20:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-12 14:26 - 2015-11-08 20:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-12 14:26 - 2015-11-08 20:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-12 14:25 - 2015-11-11 15:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-12 14:25 - 2015-11-11 15:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-12 14:25 - 2015-11-11 15:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-12 14:25 - 2015-11-10 00:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-12 14:25 - 2015-11-10 00:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-12 14:25 - 2015-11-10 00:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-12 14:25 - 2015-11-10 00:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-12 14:25 - 2015-11-10 00:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-12 14:25 - 2015-11-09 23:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-12 14:25 - 2015-11-09 23:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-12 14:25 - 2015-11-09 23:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-12 14:25 - 2015-11-09 23:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-12 14:25 - 2015-11-09 23:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-12 14:25 - 2015-11-09 23:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-12 14:25 - 2015-11-09 23:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-12 14:25 - 2015-11-09 23:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-12 14:25 - 2015-11-09 23:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-12 14:25 - 2015-11-08 22:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-12 14:25 - 2015-11-08 21:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-12 14:25 - 2015-11-08 21:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-12 14:25 - 2015-11-08 21:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-12 14:25 - 2015-11-08 21:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-12 14:25 - 2015-11-08 21:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-12 14:25 - 2015-11-08 21:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-12 14:25 - 2015-11-08 20:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-12 14:24 - 2015-11-05 08:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-12 14:24 - 2014-10-29 02:42 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-12 14:24 - 2014-10-29 01:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshrm.dll
2015-12-12 12:48 - 2015-11-22 06:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-12 12:48 - 2015-11-22 06:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-12 12:48 - 2015-11-22 06:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-12 12:48 - 2015-11-22 06:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-12 12:48 - 2015-11-22 06:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-12 12:48 - 2015-11-22 06:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-12 12:48 - 2015-11-22 06:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-12 12:48 - 2015-11-21 18:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-12 12:48 - 2015-11-21 17:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-12 12:48 - 2015-11-21 16:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-12 12:48 - 2015-11-21 16:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-12 12:48 - 2015-11-21 16:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-12 12:48 - 2015-11-21 16:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-12 12:35 - 2015-12-12 12:40 - 00030971 _____ C:\Users\George\Downloads\Addition.txt
2015-12-12 12:26 - 2015-12-18 13:49 - 00016161 _____ C:\Users\George\Downloads\FRST.txt
2015-12-12 12:24 - 2015-12-18 12:54 - 02370048 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2015-12-12 11:42 - 2015-12-18 13:49 - 00000000 ____D C:\FRST
2015-12-12 07:25 - 2015-12-12 07:25 - 00000285 _____ C:\Users\George\Desktop\BBC Weather - Woking.url
2015-12-11 17:48 - 2015-11-09 00:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-11 17:48 - 2015-11-08 22:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-11 17:48 - 2015-11-08 21:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-11 17:48 - 2015-11-08 21:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-11 17:48 - 2015-11-08 21:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-11 17:48 - 2015-11-08 20:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-11 17:48 - 2015-11-08 20:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-11 17:48 - 2015-11-08 20:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-11 17:45 - 2015-11-20 22:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-11 17:45 - 2015-11-20 18:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-11 17:45 - 2015-11-20 16:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-11 17:45 - 2015-11-20 16:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-11 17:45 - 2015-11-20 16:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-11 17:45 - 2015-11-20 16:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-11 17:45 - 2015-11-20 16:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-11 17:45 - 2015-11-20 16:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-11 17:45 - 2015-11-20 16:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-11 17:45 - 2015-11-20 16:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-11 17:45 - 2015-11-20 16:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-11 17:45 - 2015-11-20 16:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-11 17:45 - 2015-11-20 16:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-11 17:43 - 2015-10-28 15:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-11 17:43 - 2015-10-28 15:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-11 17:41 - 2015-10-08 16:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-11 17:41 - 2015-10-08 15:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-11 17:37 - 2015-10-11 06:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-11 17:37 - 2015-10-11 06:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-11 17:37 - 2015-10-11 06:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-11 17:37 - 2015-10-11 06:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-11 17:37 - 2015-10-11 06:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-11 17:37 - 2015-10-10 18:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-11 17:37 - 2015-10-10 18:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-11 13:06 - 2015-10-05 18:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-11 13:06 - 2015-10-05 18:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-11 13:06 - 2014-10-29 01:05 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmsgapi.dll
2015-11-20 13:49 - 2015-11-20 22:46 - 00023040 _____ C:\Users\George\Downloads\Dorothy_E_Michie_1939_reg.wps
2015-11-19 18:10 - 2015-11-19 18:10 - 00001947 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk
2015-11-19 18:10 - 2015-11-19 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-19 18:06 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-11-19 18:03 - 2015-12-18 12:52 - 00003080 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-11-19 18:03 - 2015-11-28 07:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-11-19 18:02 - 2015-11-19 18:02 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-11-19 18:00 - 2015-11-19 18:00 - 00000000 ____D C:\Program Files\McAfee.com
2015-11-19 17:59 - 2015-11-19 18:07 - 00000000 ____D C:\Program Files\McAfee
2015-11-19 17:59 - 2015-11-19 17:59 - 00003344 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2015-11-19 17:59 - 2015-11-19 17:59 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-19 17:58 - 2015-12-08 22:36 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-19 17:22 - 2015-09-21 13:33 - 00256840 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2015-11-19 14:10 - 2015-12-12 07:17 - 00000000 ____D C:\Program Files\Common Files\McAfee

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 13:45 - 2014-12-28 16:00 - 00000000 __RDO C:\Users\George\OneDrive
2015-12-18 13:45 - 2014-03-04 00:16 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C81CBCA4-B3E1-4EE0-A093-D2097994EB5E}
2015-12-18 13:42 - 2014-01-04 15:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2769808783-2912023770-2790341647-1001
2015-12-18 13:36 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-18 13:35 - 2013-08-22 13:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-12-18 13:33 - 2015-11-03 15:52 - 00000000 ____D C:\AdwCleaner
2015-12-18 13:23 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-18 12:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-17 13:10 - 2014-12-28 17:14 - 00000000 ___RD C:\Users\Sheila\OneDrive
2015-12-17 13:03 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-17 13:03 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-17 13:02 - 2012-07-26 07:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-17 12:55 - 2014-12-28 15:12 - 00000000 ____D C:\Users\George
2015-12-17 12:11 - 2014-01-04 15:55 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2769808783-2912023770-2790341647-1004
2015-12-17 11:32 - 2013-08-22 14:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-17 11:16 - 2014-01-09 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-17 11:11 - 2014-01-09 08:38 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-17 10:43 - 2015-11-03 17:06 - 00000000 ____D C:\Users\Sheila\AppData\LocalLow\Adblock Plus for IE
2015-12-15 17:23 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-12-15 17:18 - 2013-08-22 15:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-15 10:17 - 2014-12-28 15:12 - 00000000 ____D C:\Users\Sheila
2015-12-15 07:44 - 2013-09-28 14:09 - 00000595 _____ C:\Users\George\Desktop\Santander Online Banking.website
2015-12-14 22:37 - 2014-12-28 17:29 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5BCE6F2-D17D-414B-B937-195E0C70F8D6}
2015-12-12 11:27 - 2015-08-24 14:02 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-12 11:27 - 2012-07-26 08:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-11 22:28 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-09 15:42 - 2015-01-19 15:42 - 00000368 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - George).job
2015-12-05 07:24 - 2014-03-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-11-28 13:59 - 2013-05-03 06:17 - 00000000 ____D C:\ProgramData\McAfee
2015-11-28 07:47 - 2012-07-26 08:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-24 16:27 - 2014-03-03 17:40 - 00396152 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-11-24 16:27 - 2014-03-03 17:40 - 00141304 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-11-22 16:58 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-21 14:59 - 2014-01-04 15:22 - 00000000 ____D C:\Users\Sheila\AppData\Roaming\Adobe
2015-11-18 06:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2015-12-17 14:03 - 2015-12-17 14:03 - 0000017 _____ () C:\Users\George\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-17 14:41

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by George (2015-12-18 13:51:24)
Running from C:\Users\George\Downloads
Windows 8.1 (X64) (2014-12-28 15:48:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2769808783-2912023770-2790341647-500 - Administrator - Disabled) => C:\Users\Administrator
George (S-1-5-21-2769808783-2912023770-2790341647-1001 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-2769808783-2912023770-2790341647-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2769808783-2912023770-2790341647-1003 - Limited - Enabled)
Sheila (S-1-5-21-2769808783-2912023770-2790341647-1004 - Limited - Enabled) => C:\Users\Sheila

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Basic Operation Guide EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson Network Guide EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
McAfee® AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Rapport (x32 Version: 3.5.1507.99 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.1.42 - iolo technologies, LLC)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124 - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
User's Guide EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version: - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-11-2015 16:41:21 Windows Update
28-11-2015 14:18:24 McAfee Vulnerability Scanner
05-12-2015 07:20:13 Installed Rapport
17-12-2015 11:06:06 Windows Update
18-12-2015 12:55:25 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {134F79F6-5922-44E4-9000-687E791086CF} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {313D169E-124F-4A5F-9708-229A5D83A5DB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-17] (Microsoft Corporation)
Task: {3E5C43A9-3B13-42DE-BDB8-6E3370261B43} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {41665443-13A8-4C02-B904-AD2D45090426} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4466DF6A-7858-4375-A0DC-162B1A424876} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {63963299-DABF-4FF1-BFC7-7AAC86422CA7} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {9120A71A-9B05-41C8-8A4A-54A6B7E55749} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {9161598D-B8FF-49A4-9CDA-7C19E9AFD984} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A8B91B88-D394-45B3-A2B7-1FEF72DDC8BD} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {B58A8ECD-936B-460C-9B53-404F2431336E} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {B68D6F9C-9C08-447F-997C-5AB71F7C3558} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - George) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {C9C23B2B-D55E-45E6-B286-E64417E74C14} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {CD94F67F-134B-4C05-951C-1764573CFD0F} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {D1848CA7-4181-4645-937D-AC9CE20B6CD0} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2015-08-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - George).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\George\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-16576146740.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xab42bf87 -pinnedTimeHigh 0x01cebc4b -securityFlags 0x00000000 -url 0x0000003c hxxp://windows.microsoft.com/en-gb/inte ... er/browser

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 12:38 - 2011-10-13 12:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 14:15 - 2012-10-31 14:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 18:13 - 2012-08-13 18:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-01-30 19:02 - 2012-12-18 21:13 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2013-05-03 05:52 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\...\santander.co.uk -> hxxps://retail.santander.co.uk

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2769808783-2912023770-2790341647-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1524D938-DCEF-4E7A-95E5-ACB0752196ED}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{02404A6F-A78C-46C1-8349-5051873E3D6C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{FE962503-FCF7-4FB1-9EF1-5B815F4B8419}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{EC07643F-E948-4008-A50D-479EC77D482F}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{5172CB4F-FC3C-4AAC-9B41-A524C8E4FC1D}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{50C9B0D6-D27F-494E-8D8D-660519E1204D}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E862F4AE-E2AD-4AC5-B709-11265F3B1840}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{34A3033C-AA6F-4E5B-9533-8EC25B409F69}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{12F6BF14-C051-4622-A73F-5A11A067BD2D}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{BDD6B7A0-2D97-4293-B453-285EE419F0E5}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{3A1AFAFC-DADA-4B80-83EC-B41F90640DE0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{2FE2DD0C-530B-4B70-888D-D17966C89BE1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{3F64B2D0-2BC7-41EF-B03B-F799C69163AC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C74C99E9-A871-4E25-9690-C00F507930BF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{148AC277-70C1-4EDB-B500-96770959267F}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{2DA97164-2451-4654-9184-1F03CFCF88F3}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2015 01:45:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1278

Start Time: 01d13999a5a7279f

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 97cd933e-a58d-11e5-bff4-7c050778a97b

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (12/18/2015 01:42:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bd4

Start Time: 01d1399931ed99f5

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2c72d4b5-a58d-11e5-bff4-7c050778a97b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/18/2015 01:42:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a18

Start Time: 01d13999803a83a3

Termination Time: 4640

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 36b8ba28-a58d-11e5-bff4-7c050778a97b

Faulting package full name:

Faulting package-relative application ID:

Error: (12/18/2015 01:01:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.7.64, time stamp: 0x5091827a
Faulting module name: SynCOM.dll_unloaded, version: 16.3.4.0, time stamp: 0x50b86421
Exception code: 0xc0000005
Fault offset: 0x000000000001f368
Faulting process ID: 0x1164
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report ID: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5

Error: (12/18/2015 12:55:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b9b29ead-5f6a-4079-a3d3-f1c95aeacbd3}

Error: (12/17/2015 12:55:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEORGEANDSHEILA)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/17/2015 12:44:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEORGEANDSHEILA)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/17/2015 12:44:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2168

Start Time: 01d138c8972f970c

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: e0b0e4ba-a4bb-11e5-bff1-7c050778a97b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.WindowsLive.People

Error: (12/17/2015 12:44:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: GEORGEANDSHEILA)
Description: Package microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.People was terminated because it took too long to suspend.

Error: (12/17/2015 12:44:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: GEORGEANDSHEILA)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.People did not launch within its allotted time.


System errors:
=============
Error: (12/18/2015 01:41:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/18/2015 01:40:13 PM) (Source: DCOM) (EventID: 10010) (User: GEORGEANDSHEILA)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/18/2015 01:40:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (12/18/2015 01:35:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (12/18/2015 01:35:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.

Error: (12/18/2015 01:35:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.

Error: (12/18/2015 01:34:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a pre-shutdown control.

Error: (12/18/2015 01:33:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/18/2015 01:33:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/18/2015 01:33:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2015-12-18 13:40:02.926
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-18 13:21:36.374
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-17 13:08:41.563
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-17 11:32:54.636
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-15 07:20:39.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-14 22:22:13.468
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-14 07:05:38.037
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 22:30:37.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 07:23:20.751
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-12 07:05:38.464
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 85%
Total physical RAM: 1931.22 MB
Available physical RAM: 281.52 MB
Total Virtual: 3595.22 MB
Available Virtual: 1470 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:285.85 GB) (Free:243.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Many thanks
Gmic
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby Gmic » December 18th, 2015, 1:27 pm

Hi nunped,

Thought I should let you know that I can't open the Mcafee anti-virus program any more, I thought I'd check the settings for startup and discovered that it doesn't open any more. Also I think there maybe a problem with Internet explorer 11 and Windows 8.1 which is what's on this laptop which could be partly responsible for the non-responding web pages do you think that could be a possibility?

Thanks again for your time
Gmic
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby nunped » December 19th, 2015, 9:56 am

Hi Gmic,

Step 1 - Fix with FRST
You should have a log named Fixlog.txt on your Desktop.
Please post the content of the Fixlog.txt in your next reply.

Step 2 - AdwCleaner - Scan/Clean
You posted the log of a "Scan" only.
Did you run the "Clean" function?
If not, please repeat as in the Step 2 of my previous reply, and post the log.

Step 3 - Reinstall McAfee
McAfee can be the source of the symptoms. We'll uninstall it and you reinstall it afterwards.
  • From the top or bottom right corner... a widget panel appears, select Settings.
  • Select, click Control Panel to open.
  • Depending on your current view setting ...
    • Double click on Programs and Features.
      or
    • Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    McAfee® AntiVirus Plus
  • Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!

Step 4 - Reset - Internet Explorer
  • Launch Internet Explorer.
  • Under the Tools menu, click on Internet Options.
  • In the pop-up Internet Options window, click on the Advanced tab and then click on the Reset button.
  • Tick the Delete Personal Settings option.
  • Then click on the Reset button to process the browser reset.
  • When complete, click the Close button.
  • Click on the OK button in the Internet Explorer restart reminder window.
  • Restart Internet Explorer.

Please tell me how the computer is running after this.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby Gmic » December 20th, 2015, 7:38 am

Hi nunped,
Sorry for posting the wrong log! Also mcafee is running properly I didn't need to reinstall it, because it took so long to respond (about 15mins) I assumed that it wasn't working so apologies for creating extra work for you.

Fix result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by George (2015-12-18 12:55:05) Run:1
Running from C:\Users\George\Downloads
Loaded Profiles: George (Available Profiles: George & Sheila & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
C:\Users\George\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0F42C5D9.exe
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\PKIJ841O\MapsGalaxy.e2fdab645017410ba89cd128ebaf270a.exe
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\OnlineMapFinder.81d5b2d54b6e4e19a42cd181f10f145f.exe
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\TelevisionFanatic.exe
EmptyTemp:

*****************

Restore point was successfully created.
C:\Users\George\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0F42C5D9.exe => moved successfully
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\PKIJ841O\MapsGalaxy.e2fdab645017410ba89cd128ebaf270a.exe => moved successfully
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\OnlineMapFinder.81d5b2d54b6e4e19a42cd181f10f145f.exe => moved successfully
C:\Users\Sheila\AppData\Local\Microsoft\Windows\INetCache\IE\UV2O2DAG\TelevisionFanatic.exe => moved successfully
EmptyTemp: => 3.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:14:58 ====



# AdwCleaner v5.025 - Logfile created 18/12/2015 at 13:33:22
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : George - GEORGEANDSHEILA
# Running from : C:\Users\George\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c6319b9-312c-4bdf-b75e-e9dd16ae0f1c}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [994 bytes] ##########


Working so much better!

Many thanks

Gmic
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby nunped » December 20th, 2015, 12:51 pm

Hi Gmic,

Good job! Your computer appears to be free from malware. :cheers:

Now, some clean-up steps:

Delfix - Delete Fix Processes Image
  1. Please download delfix by Xplode and save it to your desktop.
  2. Right-click on delfix.exe and select " Run as administrator " to run it.
    An application window opens with check box options... The "Remove disinfection tools" option is checked by default.
  3. =================Check ALL the boxes... then press Run.
  4. Check the following boxes... then press Run:
    • Activate UAC
    • Remove disinfection tools --> keep this checked
    • Create registry backup
    • Purge system restore
    • Reset system settings
    When finished, Notepad will open DelFix.txt. The log will be located at the root of the system drive, C:\DelFix.txt.
  5. Please copy and paste the contents of the DelFix.txt file in your next reply.


Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Windows 8 laptop slow, stops responding and error messag

Unread postby Gmic » December 21st, 2015, 5:35 am

Hi nunped,

Log below

# DelFix v1.011 - Logfile created 21/12/2015 at 09:25:12
# Updated 18/08/2015 by Xplode
# Username : George - GEORGEANDSHEILA
# Operating System : Windows 8.1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\George\Downloads\FRST-OlderVersion
Deleted : C:\Users\George\Desktop\AdwCleaner[C1].txt
Deleted : C:\Users\George\Desktop\AdwCleaner[S2].txt
Deleted : C:\Users\George\Downloads\Addition.txt
Deleted : C:\Users\George\Downloads\AdwCleaner.exe
Deleted : C:\Users\George\Downloads\adwcleaner_5.017.exe
Deleted : C:\Users\George\Downloads\Fixlog.txt
Deleted : C:\Users\George\Downloads\FRST.txt
Deleted : C:\Users\George\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #46 [Installed Rapport | 12/05/2015 07:20:13]
Deleted : RP #48 [Windows Update | 12/17/2015 11:06:06]
Deleted : RP #50 [Restore Point Created by FRST | 12/18/2015 12:55:25]
Deleted : RP #51 [Windows Modules Installer | 12/18/2015 15:46:12]
Deleted : RP #52 [Windows Modules Installer | 12/18/2015 15:50:25]
Deleted : RP #53 [Windows Modules Installer | 12/18/2015 17:55:05]
Deleted : RP #54 [Windows Modules Installer | 12/20/2015 11:49:30]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
Running so much better!

Thank you for all your help. :P :P

Regards
Gmic
Gmic
Active Member
 
Posts: 9
Joined: December 12th, 2015, 7:18 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware