BIOS_Pherecydes
2015-01-20, 14:52
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 03
Ran by UserPrime (administrator) on MASTERCOMP on 18-01-2015 19:51:14
Running from C:\Users\UserPrime\Desktop
Loaded Profiles: UserPrime (Available profiles: UserPrime)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Flux Software LLC) C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe
(Dell) C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-03] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-10-02] (Unified Intents AB)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [f.lux] => C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4217552 2015-01-13] (Unified Intents AB)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [DellSystemDetect] => C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-07] (Dell)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\MountPoints2: {8caec898-737e-11e4-8288-485ab6b2d0e6} - "F:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.msn.com%2F%3Fpc%3DMSE1&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26sourceid%3Die7%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%7D%26ie%3D%7BinputEncoding%3F%7D%26oe%3D%7BoutputEncoding%3F%7D
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950
FF DefaultSearchEngine: Google
FF Homepage: google.com
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Redirect Bypasser - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\redirectbypasser@moonlight21.com [2015-01-14]
FF Extension: BetterSearch - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509} [2015-01-14]
FF Extension: FEBE - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-14]
FF Extension: DownloadHelper - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27]
FF Extension: AdBan - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\adban@ad-ban.appspot.com.xpi [2015-01-15]
FF Extension: Anti Linkbucks - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\antilinkbucks@mozilla.org.xpi [2015-01-14]
FF Extension: Customizable Shortcuts - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\customizable-shortcuts@timtaubert.de.xpi [2014-04-12]
FF Extension: Duplicate in Tab Context Menu - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2014-06-08]
FF Extension: Hide My Ass Proxy Extension - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\extension@hidemyass.com.xpi [2015-01-14]
FF Extension: Fast Image Research - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\fastimageresearch@usacyborg.com.xpi [2015-01-15]
FF Extension: MEGA - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\firefox@mega.co.nz.xpi [2014-04-05]
FF Extension: Foobar - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\foobar@unnecessarilylongurl.com.xpi [2014-03-29]
FF Extension: Google Search by Image - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\google@hitachi.com.xpi [2014-03-29]
FF Extension: Google UnTracker - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\googlelinkremover@websiteconnect.com.au.xpi [2015-01-14]
FF Extension: Browse By Name - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-BJHK9jcBnvyTwamzSSjJvyQXmOE@jetpack.xpi [2015-01-14]
FF Extension: Fake Domain - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-RC7UmNN5T3bzcD6KftfnEckAFR8@jetpack.xpi [2015-01-14]
FF Extension: google-no-tracking-url - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2015-01-14]
FF Extension: New Tab Tools - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\newtabtools@darktrojan.net.xpi [2014-12-27]
FF Extension: Restartless Restart - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\restartless.restart@erikvold.com.xpi [2014-03-29]
FF Extension: Save Session - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\savesession@noasobi.net.xpi [2015-01-14]
FF Extension: The Addon Bar (restored) - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-01-14]
FF Extension: UnPlug - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\unplug@compunach.xpi [2014-05-15]
FF Extension: عارض PDF - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\uriloader@pdf.js.xpi [2014-12-14]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-04-05]
FF Extension: Unshorten.It! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2015-01-17]
FF Extension: Session Manager - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-01-14]
FF Extension: Clean Links - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2015-01-14]
FF Extension: Tab Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi [2015-01-14]
FF Extension: BypassAdfly - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2d916c01-db0e-4de7-85a3-3fb22ca2d95e}.xpi [2015-01-14]
FF Extension: NoScript - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-29]
FF Extension: Abduction! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2014-04-05]
FF Extension: NoRedirect - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2015-01-14]
FF Extension: Web Developer - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-28]
FF Extension: Image Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}.xpi [2015-01-14]
FF Extension: BreakItDown - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{dc0fa146-3db5-73f1-e852-912722c85300}.xpi [2015-01-14]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2014-03-29]
FF Extension: Adblock Edge - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-29]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-28]
CHR Extension: (Google Docs) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28]
CHR Extension: (Google Drive) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (YouTube) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28]
CHR Extension: (Google Search) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28]
CHR Extension: (Google Sheets) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-28]
CHR Extension: (Google Wallet) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28]
CHR Extension: (Gmail) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28]
CHR Extension: (unnissaLes) - C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\ [2014-11-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0143991395633463mcinstcleanup; C:\Windows\TEMP\014399~1.EXE [834664 2013-07-13] (McAfee, Inc.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-11] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-11] (CyberLink)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [8616080 2014-04-18] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-01-13] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\PC Monitor\PCMonitorSrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 19:51 - 2015-01-18 19:52 - 00029255 _____ () C:\Users\UserPrime\Desktop\FRST.txt
2015-01-18 19:47 - 2015-01-18 19:51 - 00000000 ____D () C:\FRST
2015-01-18 19:46 - 2015-01-18 19:46 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MASTERCOMP-Microsoft-Windows-8.1-(64-bit).dat
2015-01-18 19:44 - 2015-01-18 19:44 - 00000000 ____D () C:\RegBackup
2015-01-18 19:43 - 2015-01-18 19:43 - 00002258 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-18 19:33 - 2015-01-18 19:33 - 02126848 _____ (Farbar) C:\Users\UserPrime\Desktop\FRST64.exe
2015-01-18 19:28 - 2015-01-18 19:32 - 04215584 _____ () C:\Users\UserPrime\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-18 19:14 - 2015-01-18 19:18 - 00000000 ____D () C:\Users\UserPrime\Documents\New folder
2015-01-18 09:15 - 2015-01-18 19:31 - 00000000 ____D () C:\Users\UserPrime\Desktop\Anti-Malware
2015-01-18 08:15 - 2015-01-18 08:15 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-18 06:58 - 2015-01-18 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-18 06:56 - 2015-01-18 19:03 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-18 06:55 - 2015-01-18 06:56 - 173521968 _____ (Emsisoft Ltd. ) C:\Users\UserPrime\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-17 20:05 - 2015-01-17 20:05 - 00280808 _____ () C:\Windows\Minidump\011715-32828-01.dmp
2015-01-17 19:58 - 2015-01-17 19:58 - 00280864 _____ () C:\Windows\Minidump\011715-35343-01.dmp
2015-01-17 19:56 - 2015-01-17 20:05 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-17 19:54 - 2015-01-17 19:54 - 00001988 _____ () C:\Windows\system32\.crusader
2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-17 19:42 - 2015-01-17 19:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-17 19:41 - 2015-01-17 19:42 - 11225840 _____ (SurfRight B.V.) C:\Users\UserPrime\Downloads\HitmanPro_x64.exe
2015-01-17 19:17 - 2015-01-18 19:29 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\ClassicShell
2015-01-17 19:17 - 2015-01-17 19:17 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\Program Files\Classic Shell
2015-01-17 19:05 - 2015-01-17 19:05 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0 (1).exe
2015-01-17 18:56 - 2015-01-17 18:56 - 00001026 _____ () C:\Users\Public\Desktop\TweakUAC.lnk
2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakUAC
2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\Program Files (x86)\TweakUAC
2015-01-17 18:54 - 2015-01-17 18:54 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0.exe
2015-01-17 07:10 - 2015-01-17 07:11 - 00000000 ____D () C:\ProgramData\Unified Remote
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Users\UserPrime\Documents\Unified Remote
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Program Files (x86)\Unified Remote 3
2015-01-17 07:10 - 2015-01-13 18:13 - 00025592 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\uvhid.sys
2015-01-17 07:10 - 2015-01-13 18:13 - 00007680 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-01-17 07:07 - 2015-01-17 07:07 - 16224072 _____ (Unified Intents AB ) C:\Users\UserPrime\Downloads\ServerSetup-3-1-1-675.exe
2015-01-15 05:26 - 2015-01-15 05:26 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install(1).exe
2015-01-15 05:00 - 2015-01-14 15:22 - 00001501 _____ () C:\Windows\system32\Drivers\etc\hosts.20150115-050056.backup
2015-01-15 01:51 - 2015-01-15 04:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-15 01:49 - 2015-01-15 01:49 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install.exe
2015-01-15 01:47 - 2015-01-15 01:49 - 16409960 _____ (Safer Networking Limited ) C:\Users\UserPrime\Downloads\spybotsd162.exe
2015-01-15 01:40 - 2015-01-15 01:40 - 00654587 _____ (GlobFX Technologies ) C:\Users\UserPrime\Downloads\SWFRESetup23.exe
2015-01-14 22:18 - 2015-01-18 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 22:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 22:17 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 22:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 22:16 - 2015-01-14 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\UserPrime\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 22:00 - 2015-01-14 22:00 - 37987520 _____ (Microsoft Corporation) C:\Users\UserPrime\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-14 21:39 - 2015-01-14 21:39 - 00000000 _____ () C:\autoexec.bat
2015-01-14 21:37 - 2015-01-14 21:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\UserPrime\Downloads\SpyHunter-Installer.exe
2015-01-14 17:32 - 2015-01-14 17:33 - 00346528 _____ (WinAbility Software Corp. ) C:\Users\UserPrime\Downloads\TweakUAC-v.1.1-setup.exe
2015-01-14 17:23 - 2015-01-14 17:23 - 35226936 _____ (Security Stronghold ) C:\Users\UserPrime\Downloads\ReplaceUAC.exe
2015-01-14 17:15 - 2014-04-13 23:49 - 00003029 _____ () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pulseway Manager.lnk
2015-01-14 16:56 - 2015-01-14 16:56 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\HermanCompute
2015-01-14 16:55 - 2015-01-14 16:55 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-01-14 16:55 - 2015-01-14 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-01-14 15:14 - 2015-01-14 15:14 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Amazing
2015-01-09 06:03 - 2015-01-09 06:03 - 00000000 _____ () C:\Users\UserPrime\Downloads\My_Little_Pony_Friendship_is_Magic_Season_2_Episode_3_Lesson_Zero___Video_102950062_mp4_h264_aac_hd_2.flv
2015-01-08 05:59 - 2015-01-08 05:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Sun
2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25.exe
2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25 (1).exe
2015-01-08 05:55 - 2015-01-08 05:55 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\jxpiinstall.exe
2015-01-06 08:45 - 2015-01-06 08:45 - 01920640 _____ (TODO: <Company name>) C:\Users\UserPrime\Downloads\FlashPlayerPro_Setup.exe
2015-01-05 07:29 - 2015-01-05 07:29 - 00000000 _____ () C:\Users\UserPrime\Downloads\The_Mouse_Glove___Scientific_Tuesdays_scientifictuesdays_0030_mouseglove_large.h264.mp4
2015-01-03 12:49 - 2015-01-03 12:49 - 00597304 _____ () C:\Users\UserPrime\Downloads\flux-setup.exe
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\FluxSoftware
2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-31 18:25 - 2015-01-14 22:45 - 00000000 ____D () C:\Program Files (x86)\unnissaLes
2014-12-31 18:24 - 2014-12-31 18:24 - 00000000 ____D () C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf
2014-12-31 04:43 - 2011-06-23 11:34 - 00835584 _____ (KastorSoft) C:\Users\UserPrime\Desktop\KastorFreeAudioExtractor.exe
2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\Linkin_Park___BURN_IT_DOWN__Official_Music_Video.mp4
2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶ Linkin Park - BURN IT DOWN (Official Music Video) - YouTube [360p].mp4
2014-12-31 03:11 - 2015-01-13 04:43 - 00000000 ____D () C:\Users\UserPrime\Downloads\dwhelper
2014-12-31 03:04 - 2014-12-31 03:04 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Ozzy_Osbourne____Bark_at_the_Moon.mp4
2014-12-31 03:01 - 2014-12-31 03:01 - 00000000 ____D () C:\Users\UserPrime\Documents\audio
2014-12-27 21:25 - 2014-12-27 21:25 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Allele_by_Michael_Zev_Gordon_edYpybD1Y8jC.128.peg
2014-12-25 18:30 - 2014-12-25 18:30 - 00001311 _____ () C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2014-12-25 18:30 - 2014-12-25 18:30 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-25 18:29 - 2014-12-25 18:29 - 02018936 _____ (WiseCleaner.com ) C:\Users\UserPrime\Downloads\WPUSetup.exe
2014-12-25 18:04 - 2014-12-25 18:04 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\No Company Name
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 19:50 - 2014-03-23 23:02 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-614374451-640586071-3639636259-1002
2015-01-18 19:28 - 2014-11-28 01:23 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 19:18 - 2014-03-23 22:56 - 01784286 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-18 09:11 - 2014-11-28 01:23 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 09:10 - 2013-08-26 01:01 - 00022312 _____ () C:\Windows\PFRO.log
2015-01-18 09:10 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 09:09 - 2014-11-20 01:38 - 00000000 ____D () C:\AdwCleaner
2015-01-18 08:16 - 2014-11-15 17:15 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2015-01-18 05:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-18 04:12 - 2014-05-04 20:13 - 00000000 ____D () C:\Users\UserPrime\Desktop\FlashVault
2015-01-18 02:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-18 02:00 - 2014-03-29 13:45 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Adobe
2015-01-17 20:05 - 2014-05-11 19:58 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 20:04 - 2014-05-11 19:58 - 371566633 _____ () C:\Windows\MEMORY.DMP
2015-01-17 18:58 - 2014-03-24 06:58 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\vlc
2015-01-17 07:10 - 2014-08-29 04:21 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Unified Remote
2015-01-14 22:45 - 2014-04-05 13:07 - 00000000 ____D () C:\Program Files\SWF Opener
2015-01-14 21:55 - 2014-04-05 13:04 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-14 17:18 - 2014-04-13 23:49 - 00000000 ____D () C:\Program Files\PC Monitor
2015-01-12 08:00 - 2014-03-29 18:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-12 07:59 - 2014-03-29 18:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-07 05:37 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 09:03 - 2013-09-06 12:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 12:13 - 2014-04-26 23:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-03 03:08 - 2013-08-22 09:44 - 06465048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 03:07 - 2014-03-23 22:56 - 00000000 ____D () C:\Users\UserPrime
2015-01-03 00:58 - 2014-12-05 03:25 - 00000000 ____D () C:\Program Files\Recuva
2014-12-31 19:36 - 2014-04-26 23:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-31 19:34 - 2014-04-26 23:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-31 19:32 - 2014-04-26 23:30 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-31 13:12 - 2014-04-13 23:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 06:14 - 2014-03-29 18:55 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 03:11 - 2014-12-06 21:46 - 00000000 ____D () C:\Users\UserPrime\dwhelper
2014-12-27 23:33 - 2014-06-09 04:06 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Windows Live
2014-12-26 02:47 - 2014-12-15 00:33 - 00000000 ____D () C:\ProgramData\Chasys Draw IES
2014-12-25 18:35 - 2013-10-07 13:28 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 18:20 - 2014-12-15 00:13 - 00000000 ____D () C:\Program Files (x86)\Eltima Software
2014-12-25 04:20 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-25 03:18 - 2013-08-22 09:46 - 00035441 _____ () C:\Windows\setupact.log
==================== Files in the root of some directories =======
2014-05-04 19:59 - 2014-05-04 19:59 - 0000288 _____ () C:\Users\UserPrime\AppData\Roaming\.backup.dm
Some content of TEMP:
====================
C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-18 02:17
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 03
Ran by UserPrime at 2015-01-18 19:52:50
Running from C:\Users\UserPrime\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{05D12146-31FA-CB4C-C780-8E450FCC5F2E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
f.lux (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Flux) (Version: - )
FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.8.4.4 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HideVPN (HKLM-x32\...\HideVPN) (Version: 1.0.0 - WebSafeVPN)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kastor Free Audio Extractor V1.4 (HKLM-x32\...\Kastor Free Audio Extractor_is1) (Version: 1.4.0.0 - KastorSoft)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LibreOffice 4.2 Help Pack (English (United States)) (HKLM-x32\...\{9B197B38-038D-47B5-9572-AE07E34F6AD0}) (Version: 4.2.2.1 - The Document Foundation)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.2) (Version: 7.2 - Applian Technologies Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.1 - Unified Intents AB)
Unified Remote (HKLM-x32\...\{D7930C67-5816-417B-BF28-54BB75EFDAF9}) (Version: 2.14.4.0 - Unified Remote)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Video Download Capture version 4.9.2 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.2 - APOWERSOFT LIMITED)
Video Time Reversal 2.07 (HKLM-x32\...\Video Time Reversal 2_is1) (Version: 2.07 - Xander)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)
Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File
==================== Restore Points =========================
04-01-2015 01:54:49 Scheduled Checkpoint
14-01-2015 17:17:27 Removed PC Monitor
17-01-2015 19:06:41 Installed Classic Shell
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-01-15 05:00 - 00451393 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E0F9862-0643-44B6-9DBC-1E84EC888C78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {143616EB-5EEC-460C-8CD7-ECCEE7B123CA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {14F01E9E-A75A-49E0-8832-89E51C1A99C8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {19C28DC4-E382-4D71-9D17-344CD905310F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {1ECEF5E8-3ACE-41C7-BB0E-7E6C0403413A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {20C3ED1E-1F50-404C-A790-FA89C9D13712} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {27DFD6B6-181E-4E71-9E23-FB5DD52E7D16} - System32\Tasks\{1B78B6A5-57CB-4EC6-ACFB-25B6208B1092} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe" -c REPAIRUI RERUNMODE
Task: {59246BE6-D37E-41BA-AC12-48A350707FAD} - System32\Tasks\AdobeAAMUpdater-1.0-MASTERCOMP-UserPrime => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {5B30D3AC-0AED-4FE7-856B-5A89B367CE91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8A4C4001-C2F6-42FE-8E57-FFC8C7B81D21} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {8C9E2623-C996-4A6E-AF4F-D83C4441B0DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {9579F257-F07D-43FC-B534-19B5E91FE613} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A28FD34C-1DBC-410F-8FED-F81F140B5422} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {A2CA1690-824A-47AA-88A0-6F0C65DD927B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {A7C9B5E8-4FFD-4463-AC98-85CC812886F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {A9E2CB50-529E-4CE1-BA43-FDB33E6C3596} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {BFE2C1D0-6004-49F0-8759-FA853D51FA8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F79AAE4B-411F-4E40-9C5D-2E9D64AD8E30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC3C34CC-D48E-4F90-977D-C0E9A7E1838D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-23 03:08 - 2013-08-23 03:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-08-23 03:13 - 2013-08-23 03:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-08-23 03:09 - 2013-08-23 03:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-08-19 15:47 - 2013-08-19 15:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-18 09:19 - 2014-04-18 09:19 - 08616080 _____ () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
2013-08-23 03:12 - 2013-08-23 03:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-08-19 15:47 - 2013-08-19 15:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-10-07 13:31 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-14 01:28 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-15 01:51 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2015-01-15 01:51 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2015-01-15 01:51 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2015-01-15 01:51 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2015-01-15 01:51 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:DED17083
AlternateDataStreams: C:\Users\UserPrime\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-614374451-640586071-3639636259-500 - Administrator - Enabled)
Guest (S-1-5-21-614374451-640586071-3639636259-501 - Limited - Disabled)
UserPrime (S-1-5-21-614374451-640586071-3639636259-1002 - Administrator - Enabled) => C:\Users\UserPrime
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17039 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e5c
Start Time: 01d03328a9d1ee35
Termination Time: 0
Application Path: C:\Windows\Explorer.EXE
Report Id: 7628c335-9f72-11e4-8297-485ab6b2d0e6
Faulting package full name:
Faulting package-relative application ID:
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/18/2015 07:31:52 PM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/18/2015 09:55:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2015 09:19:01 AM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0143991395633463) service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2
Error: (01/18/2015 09:11:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LighterRunner service to connect.
Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V12 service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17039e5c01d03328a9d1ee350C:\Windows\Explorer.EXE7628c335-9f72-11e4-8297-485ab6b2d0e6
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 7366.26 MB
Available physical RAM: 5008.02 MB
Total Pagefile: 14790.26 MB
Available Pagefile: 11585.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:910.38 GB) (Free:724.88 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 429EAAF4)
Partition: GPT Partition Type.
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-18 21:53:20
-----------------------------
21:53:20.818 OS Version: Windows x64 6.2.9200
21:53:20.818 Number of processors: 4 586 0x1301
21:53:20.818 ComputerName: MASTERCOMP UserName: UserPrime
21:53:37.209 Initialize success
21:53:37.381 VM: initialized successfully
21:53:37.397 VM: Amd CPU BiosDisabled
21:54:41.578 AVAST engine defs: 15011801
21:54:44.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
21:54:44.392 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2BA30001 Size: 953869MB BusType: 11
21:54:44.579 Disk 0 MBR read successfully
21:54:44.595 Disk 0 MBR scan
21:54:44.626 Disk 0 unknown MBR code
21:54:44.642 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
21:54:44.907 Disk 0 scanning C:\Windows\system32\drivers
21:55:06.419 Service scanning
21:55:41.071 Modules scanning
21:55:41.071 Disk 0 trace - called modules:
21:55:41.118 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amdxata.sys storport.sys hal.dll amdsata.sys
21:55:41.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001117fb060]
21:55:41.634 3 CLASSPNP.SYS[fffff801fdba027b] -> nt!IofCallDriver -> [0xffffe00111797040]
21:55:41.649 5 hpdskflt.sys[fffff801fe17542b] -> nt!IofCallDriver -> [0xffffe00110d04b30]
21:55:41.649 7 amdxata.sys[fffff801fd6ba6b4] -> nt!IofCallDriver -> \Device\0000002e[0xffffe00110428330]
21:55:44.884 AVAST engine scan C:\Windows
21:55:47.759 AVAST engine scan C:\Windows\system32
22:00:24.100 AVAST engine scan C:\Windows\system32\drivers
22:00:48.287 AVAST engine scan C:\Users\UserPrime
22:14:55.976 AVAST engine scan C:\ProgramData
22:18:43.376 Disk 0 statistics 3943786/0/0 @ 1.85 MB/s
22:18:43.378 Scan finished successfully
22:21:09.007 Disk 0 MBR has been saved successfully to "C:\Users\UserPrime\Desktop\MBR.dat"
22:21:09.017 The log file has been saved successfully to "C:\Users\UserPrime\Desktop\aswMBR.txt"
Win32.2UrFace.bho: [SBI $51263573] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2015-01-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-11-28 Includes\Adware-000.sbi (*)
2014-12-05 Includes\Adware-001.sbi (*)
2015-01-14 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-07-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-14 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-14 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-12-04 Includes\Spyware-000.sbi (*)
2014-12-09 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-10-02 Includes\Trojans-005.sbi (*)
2014-09-02 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-11-03 Includes\Trojans-009.sbi (*)
2015-01-14 Includes\Trojans-C.sbi (*)
2014-04-25 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-10-06 Includes\Trojans-ZB-000.sbi (*)
2014-10-27 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Additionally I have run adwcleaner, emisoft anti-malware trial version, hitman pro trial version and malwarebytes anti-malware to no result. Help, please.
Ran by UserPrime (administrator) on MASTERCOMP on 18-01-2015 19:51:14
Running from C:\Users\UserPrime\Desktop
Loaded Profiles: UserPrime (Available profiles: UserPrime)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Flux Software LLC) C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe
(Dell) C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-03] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-10-02] (Unified Intents AB)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [f.lux] => C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4217552 2015-01-13] (Unified Intents AB)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [DellSystemDetect] => C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-07] (Dell)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\MountPoints2: {8caec898-737e-11e4-8288-485ab6b2d0e6} - "F:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.msn.com%2F%3Fpc%3DMSE1&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26sourceid%3Die7%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%7D%26ie%3D%7BinputEncoding%3F%7D%26oe%3D%7BoutputEncoding%3F%7D
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950
FF DefaultSearchEngine: Google
FF Homepage: google.com
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Redirect Bypasser - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\redirectbypasser@moonlight21.com [2015-01-14]
FF Extension: BetterSearch - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509} [2015-01-14]
FF Extension: FEBE - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-14]
FF Extension: DownloadHelper - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27]
FF Extension: AdBan - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\adban@ad-ban.appspot.com.xpi [2015-01-15]
FF Extension: Anti Linkbucks - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\antilinkbucks@mozilla.org.xpi [2015-01-14]
FF Extension: Customizable Shortcuts - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\customizable-shortcuts@timtaubert.de.xpi [2014-04-12]
FF Extension: Duplicate in Tab Context Menu - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2014-06-08]
FF Extension: Hide My Ass Proxy Extension - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\extension@hidemyass.com.xpi [2015-01-14]
FF Extension: Fast Image Research - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\fastimageresearch@usacyborg.com.xpi [2015-01-15]
FF Extension: MEGA - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\firefox@mega.co.nz.xpi [2014-04-05]
FF Extension: Foobar - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\foobar@unnecessarilylongurl.com.xpi [2014-03-29]
FF Extension: Google Search by Image - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\google@hitachi.com.xpi [2014-03-29]
FF Extension: Google UnTracker - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\googlelinkremover@websiteconnect.com.au.xpi [2015-01-14]
FF Extension: Browse By Name - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-BJHK9jcBnvyTwamzSSjJvyQXmOE@jetpack.xpi [2015-01-14]
FF Extension: Fake Domain - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-RC7UmNN5T3bzcD6KftfnEckAFR8@jetpack.xpi [2015-01-14]
FF Extension: google-no-tracking-url - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2015-01-14]
FF Extension: New Tab Tools - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\newtabtools@darktrojan.net.xpi [2014-12-27]
FF Extension: Restartless Restart - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\restartless.restart@erikvold.com.xpi [2014-03-29]
FF Extension: Save Session - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\savesession@noasobi.net.xpi [2015-01-14]
FF Extension: The Addon Bar (restored) - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-01-14]
FF Extension: UnPlug - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\unplug@compunach.xpi [2014-05-15]
FF Extension: عارض PDF - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\uriloader@pdf.js.xpi [2014-12-14]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-04-05]
FF Extension: Unshorten.It! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2015-01-17]
FF Extension: Session Manager - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-01-14]
FF Extension: Clean Links - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2015-01-14]
FF Extension: Tab Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi [2015-01-14]
FF Extension: BypassAdfly - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2d916c01-db0e-4de7-85a3-3fb22ca2d95e}.xpi [2015-01-14]
FF Extension: NoScript - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-29]
FF Extension: Abduction! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2014-04-05]
FF Extension: NoRedirect - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2015-01-14]
FF Extension: Web Developer - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-28]
FF Extension: Image Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}.xpi [2015-01-14]
FF Extension: BreakItDown - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{dc0fa146-3db5-73f1-e852-912722c85300}.xpi [2015-01-14]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2014-03-29]
FF Extension: Adblock Edge - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-29]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-28]
CHR Extension: (Google Docs) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28]
CHR Extension: (Google Drive) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (YouTube) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28]
CHR Extension: (Google Search) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28]
CHR Extension: (Google Sheets) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-28]
CHR Extension: (Google Wallet) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28]
CHR Extension: (Gmail) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28]
CHR Extension: (unnissaLes) - C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\ [2014-11-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0143991395633463mcinstcleanup; C:\Windows\TEMP\014399~1.EXE [834664 2013-07-13] (McAfee, Inc.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-11] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-11] (CyberLink)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [8616080 2014-04-18] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-01-13] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\PC Monitor\PCMonitorSrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 19:51 - 2015-01-18 19:52 - 00029255 _____ () C:\Users\UserPrime\Desktop\FRST.txt
2015-01-18 19:47 - 2015-01-18 19:51 - 00000000 ____D () C:\FRST
2015-01-18 19:46 - 2015-01-18 19:46 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MASTERCOMP-Microsoft-Windows-8.1-(64-bit).dat
2015-01-18 19:44 - 2015-01-18 19:44 - 00000000 ____D () C:\RegBackup
2015-01-18 19:43 - 2015-01-18 19:43 - 00002258 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-18 19:33 - 2015-01-18 19:33 - 02126848 _____ (Farbar) C:\Users\UserPrime\Desktop\FRST64.exe
2015-01-18 19:28 - 2015-01-18 19:32 - 04215584 _____ () C:\Users\UserPrime\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-18 19:14 - 2015-01-18 19:18 - 00000000 ____D () C:\Users\UserPrime\Documents\New folder
2015-01-18 09:15 - 2015-01-18 19:31 - 00000000 ____D () C:\Users\UserPrime\Desktop\Anti-Malware
2015-01-18 08:15 - 2015-01-18 08:15 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-18 06:58 - 2015-01-18 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-18 06:56 - 2015-01-18 19:03 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-18 06:55 - 2015-01-18 06:56 - 173521968 _____ (Emsisoft Ltd. ) C:\Users\UserPrime\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-17 20:05 - 2015-01-17 20:05 - 00280808 _____ () C:\Windows\Minidump\011715-32828-01.dmp
2015-01-17 19:58 - 2015-01-17 19:58 - 00280864 _____ () C:\Windows\Minidump\011715-35343-01.dmp
2015-01-17 19:56 - 2015-01-17 20:05 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-17 19:54 - 2015-01-17 19:54 - 00001988 _____ () C:\Windows\system32\.crusader
2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-17 19:42 - 2015-01-17 19:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-17 19:41 - 2015-01-17 19:42 - 11225840 _____ (SurfRight B.V.) C:\Users\UserPrime\Downloads\HitmanPro_x64.exe
2015-01-17 19:17 - 2015-01-18 19:29 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\ClassicShell
2015-01-17 19:17 - 2015-01-17 19:17 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\Program Files\Classic Shell
2015-01-17 19:05 - 2015-01-17 19:05 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0 (1).exe
2015-01-17 18:56 - 2015-01-17 18:56 - 00001026 _____ () C:\Users\Public\Desktop\TweakUAC.lnk
2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakUAC
2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\Program Files (x86)\TweakUAC
2015-01-17 18:54 - 2015-01-17 18:54 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0.exe
2015-01-17 07:10 - 2015-01-17 07:11 - 00000000 ____D () C:\ProgramData\Unified Remote
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Users\UserPrime\Documents\Unified Remote
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Program Files (x86)\Unified Remote 3
2015-01-17 07:10 - 2015-01-13 18:13 - 00025592 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\uvhid.sys
2015-01-17 07:10 - 2015-01-13 18:13 - 00007680 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-01-17 07:07 - 2015-01-17 07:07 - 16224072 _____ (Unified Intents AB ) C:\Users\UserPrime\Downloads\ServerSetup-3-1-1-675.exe
2015-01-15 05:26 - 2015-01-15 05:26 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install(1).exe
2015-01-15 05:00 - 2015-01-14 15:22 - 00001501 _____ () C:\Windows\system32\Drivers\etc\hosts.20150115-050056.backup
2015-01-15 01:51 - 2015-01-15 04:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-15 01:49 - 2015-01-15 01:49 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install.exe
2015-01-15 01:47 - 2015-01-15 01:49 - 16409960 _____ (Safer Networking Limited ) C:\Users\UserPrime\Downloads\spybotsd162.exe
2015-01-15 01:40 - 2015-01-15 01:40 - 00654587 _____ (GlobFX Technologies ) C:\Users\UserPrime\Downloads\SWFRESetup23.exe
2015-01-14 22:18 - 2015-01-18 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 22:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 22:17 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 22:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 22:16 - 2015-01-14 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\UserPrime\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 22:00 - 2015-01-14 22:00 - 37987520 _____ (Microsoft Corporation) C:\Users\UserPrime\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-14 21:39 - 2015-01-14 21:39 - 00000000 _____ () C:\autoexec.bat
2015-01-14 21:37 - 2015-01-14 21:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\UserPrime\Downloads\SpyHunter-Installer.exe
2015-01-14 17:32 - 2015-01-14 17:33 - 00346528 _____ (WinAbility Software Corp. ) C:\Users\UserPrime\Downloads\TweakUAC-v.1.1-setup.exe
2015-01-14 17:23 - 2015-01-14 17:23 - 35226936 _____ (Security Stronghold ) C:\Users\UserPrime\Downloads\ReplaceUAC.exe
2015-01-14 17:15 - 2014-04-13 23:49 - 00003029 _____ () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pulseway Manager.lnk
2015-01-14 16:56 - 2015-01-14 16:56 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\HermanCompute
2015-01-14 16:55 - 2015-01-14 16:55 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-01-14 16:55 - 2015-01-14 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-01-14 15:14 - 2015-01-14 15:14 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Amazing
2015-01-09 06:03 - 2015-01-09 06:03 - 00000000 _____ () C:\Users\UserPrime\Downloads\My_Little_Pony_Friendship_is_Magic_Season_2_Episode_3_Lesson_Zero___Video_102950062_mp4_h264_aac_hd_2.flv
2015-01-08 05:59 - 2015-01-08 05:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Sun
2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25.exe
2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25 (1).exe
2015-01-08 05:55 - 2015-01-08 05:55 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\jxpiinstall.exe
2015-01-06 08:45 - 2015-01-06 08:45 - 01920640 _____ (TODO: <Company name>) C:\Users\UserPrime\Downloads\FlashPlayerPro_Setup.exe
2015-01-05 07:29 - 2015-01-05 07:29 - 00000000 _____ () C:\Users\UserPrime\Downloads\The_Mouse_Glove___Scientific_Tuesdays_scientifictuesdays_0030_mouseglove_large.h264.mp4
2015-01-03 12:49 - 2015-01-03 12:49 - 00597304 _____ () C:\Users\UserPrime\Downloads\flux-setup.exe
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\FluxSoftware
2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-31 18:25 - 2015-01-14 22:45 - 00000000 ____D () C:\Program Files (x86)\unnissaLes
2014-12-31 18:24 - 2014-12-31 18:24 - 00000000 ____D () C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf
2014-12-31 04:43 - 2011-06-23 11:34 - 00835584 _____ (KastorSoft) C:\Users\UserPrime\Desktop\KastorFreeAudioExtractor.exe
2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\Linkin_Park___BURN_IT_DOWN__Official_Music_Video.mp4
2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶ Linkin Park - BURN IT DOWN (Official Music Video) - YouTube [360p].mp4
2014-12-31 03:11 - 2015-01-13 04:43 - 00000000 ____D () C:\Users\UserPrime\Downloads\dwhelper
2014-12-31 03:04 - 2014-12-31 03:04 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Ozzy_Osbourne____Bark_at_the_Moon.mp4
2014-12-31 03:01 - 2014-12-31 03:01 - 00000000 ____D () C:\Users\UserPrime\Documents\audio
2014-12-27 21:25 - 2014-12-27 21:25 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Allele_by_Michael_Zev_Gordon_edYpybD1Y8jC.128.peg
2014-12-25 18:30 - 2014-12-25 18:30 - 00001311 _____ () C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2014-12-25 18:30 - 2014-12-25 18:30 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-25 18:29 - 2014-12-25 18:29 - 02018936 _____ (WiseCleaner.com ) C:\Users\UserPrime\Downloads\WPUSetup.exe
2014-12-25 18:04 - 2014-12-25 18:04 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\No Company Name
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 19:50 - 2014-03-23 23:02 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-614374451-640586071-3639636259-1002
2015-01-18 19:28 - 2014-11-28 01:23 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 19:18 - 2014-03-23 22:56 - 01784286 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-18 09:11 - 2014-11-28 01:23 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 09:10 - 2013-08-26 01:01 - 00022312 _____ () C:\Windows\PFRO.log
2015-01-18 09:10 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 09:09 - 2014-11-20 01:38 - 00000000 ____D () C:\AdwCleaner
2015-01-18 08:16 - 2014-11-15 17:15 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2015-01-18 05:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-18 04:12 - 2014-05-04 20:13 - 00000000 ____D () C:\Users\UserPrime\Desktop\FlashVault
2015-01-18 02:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-18 02:00 - 2014-03-29 13:45 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Adobe
2015-01-17 20:05 - 2014-05-11 19:58 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 20:04 - 2014-05-11 19:58 - 371566633 _____ () C:\Windows\MEMORY.DMP
2015-01-17 18:58 - 2014-03-24 06:58 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\vlc
2015-01-17 07:10 - 2014-08-29 04:21 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Unified Remote
2015-01-14 22:45 - 2014-04-05 13:07 - 00000000 ____D () C:\Program Files\SWF Opener
2015-01-14 21:55 - 2014-04-05 13:04 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-14 17:18 - 2014-04-13 23:49 - 00000000 ____D () C:\Program Files\PC Monitor
2015-01-12 08:00 - 2014-03-29 18:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-12 07:59 - 2014-03-29 18:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-07 05:37 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 09:03 - 2013-09-06 12:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 12:13 - 2014-04-26 23:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-03 03:08 - 2013-08-22 09:44 - 06465048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 03:07 - 2014-03-23 22:56 - 00000000 ____D () C:\Users\UserPrime
2015-01-03 00:58 - 2014-12-05 03:25 - 00000000 ____D () C:\Program Files\Recuva
2014-12-31 19:36 - 2014-04-26 23:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-31 19:34 - 2014-04-26 23:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-31 19:32 - 2014-04-26 23:30 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-31 13:12 - 2014-04-13 23:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 06:14 - 2014-03-29 18:55 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 03:11 - 2014-12-06 21:46 - 00000000 ____D () C:\Users\UserPrime\dwhelper
2014-12-27 23:33 - 2014-06-09 04:06 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Windows Live
2014-12-26 02:47 - 2014-12-15 00:33 - 00000000 ____D () C:\ProgramData\Chasys Draw IES
2014-12-25 18:35 - 2013-10-07 13:28 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 18:20 - 2014-12-15 00:13 - 00000000 ____D () C:\Program Files (x86)\Eltima Software
2014-12-25 04:20 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-25 03:18 - 2013-08-22 09:46 - 00035441 _____ () C:\Windows\setupact.log
==================== Files in the root of some directories =======
2014-05-04 19:59 - 2014-05-04 19:59 - 0000288 _____ () C:\Users\UserPrime\AppData\Roaming\.backup.dm
Some content of TEMP:
====================
C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-18 02:17
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 03
Ran by UserPrime at 2015-01-18 19:52:50
Running from C:\Users\UserPrime\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{05D12146-31FA-CB4C-C780-8E450FCC5F2E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
f.lux (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Flux) (Version: - )
FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.8.4.4 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HideVPN (HKLM-x32\...\HideVPN) (Version: 1.0.0 - WebSafeVPN)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kastor Free Audio Extractor V1.4 (HKLM-x32\...\Kastor Free Audio Extractor_is1) (Version: 1.4.0.0 - KastorSoft)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LibreOffice 4.2 Help Pack (English (United States)) (HKLM-x32\...\{9B197B38-038D-47B5-9572-AE07E34F6AD0}) (Version: 4.2.2.1 - The Document Foundation)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.2) (Version: 7.2 - Applian Technologies Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.1 - Unified Intents AB)
Unified Remote (HKLM-x32\...\{D7930C67-5816-417B-BF28-54BB75EFDAF9}) (Version: 2.14.4.0 - Unified Remote)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Video Download Capture version 4.9.2 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.2 - APOWERSOFT LIMITED)
Video Time Reversal 2.07 (HKLM-x32\...\Video Time Reversal 2_is1) (Version: 2.07 - Xander)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)
Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File
==================== Restore Points =========================
04-01-2015 01:54:49 Scheduled Checkpoint
14-01-2015 17:17:27 Removed PC Monitor
17-01-2015 19:06:41 Installed Classic Shell
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-01-15 05:00 - 00451393 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E0F9862-0643-44B6-9DBC-1E84EC888C78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {143616EB-5EEC-460C-8CD7-ECCEE7B123CA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {14F01E9E-A75A-49E0-8832-89E51C1A99C8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {19C28DC4-E382-4D71-9D17-344CD905310F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {1ECEF5E8-3ACE-41C7-BB0E-7E6C0403413A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {20C3ED1E-1F50-404C-A790-FA89C9D13712} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {27DFD6B6-181E-4E71-9E23-FB5DD52E7D16} - System32\Tasks\{1B78B6A5-57CB-4EC6-ACFB-25B6208B1092} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe" -c REPAIRUI RERUNMODE
Task: {59246BE6-D37E-41BA-AC12-48A350707FAD} - System32\Tasks\AdobeAAMUpdater-1.0-MASTERCOMP-UserPrime => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {5B30D3AC-0AED-4FE7-856B-5A89B367CE91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8A4C4001-C2F6-42FE-8E57-FFC8C7B81D21} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {8C9E2623-C996-4A6E-AF4F-D83C4441B0DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {9579F257-F07D-43FC-B534-19B5E91FE613} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A28FD34C-1DBC-410F-8FED-F81F140B5422} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {A2CA1690-824A-47AA-88A0-6F0C65DD927B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {A7C9B5E8-4FFD-4463-AC98-85CC812886F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {A9E2CB50-529E-4CE1-BA43-FDB33E6C3596} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {BFE2C1D0-6004-49F0-8759-FA853D51FA8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F79AAE4B-411F-4E40-9C5D-2E9D64AD8E30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC3C34CC-D48E-4F90-977D-C0E9A7E1838D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-23 03:08 - 2013-08-23 03:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-08-23 03:13 - 2013-08-23 03:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-08-23 03:09 - 2013-08-23 03:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-08-19 15:47 - 2013-08-19 15:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-18 09:19 - 2014-04-18 09:19 - 08616080 _____ () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
2013-08-23 03:12 - 2013-08-23 03:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-08-19 15:47 - 2013-08-19 15:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-10-07 13:31 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-14 01:28 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-15 01:51 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2015-01-15 01:51 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2015-01-15 01:51 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2015-01-15 01:51 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2015-01-15 01:51 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:DED17083
AlternateDataStreams: C:\Users\UserPrime\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-614374451-640586071-3639636259-500 - Administrator - Enabled)
Guest (S-1-5-21-614374451-640586071-3639636259-501 - Limited - Disabled)
UserPrime (S-1-5-21-614374451-640586071-3639636259-1002 - Administrator - Enabled) => C:\Users\UserPrime
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17039 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e5c
Start Time: 01d03328a9d1ee35
Termination Time: 0
Application Path: C:\Windows\Explorer.EXE
Report Id: 7628c335-9f72-11e4-8297-485ab6b2d0e6
Faulting package full name:
Faulting package-relative application ID:
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/18/2015 07:31:52 PM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/18/2015 09:55:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2015 09:19:01 AM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0143991395633463) service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2
Error: (01/18/2015 09:11:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LighterRunner service to connect.
Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V12 service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17039e5c01d03328a9d1ee350C:\Windows\Explorer.EXE7628c335-9f72-11e4-8297-485ab6b2d0e6
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4156
Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2797
Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1391
Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 7366.26 MB
Available physical RAM: 5008.02 MB
Total Pagefile: 14790.26 MB
Available Pagefile: 11585.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:910.38 GB) (Free:724.88 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 429EAAF4)
Partition: GPT Partition Type.
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-18 21:53:20
-----------------------------
21:53:20.818 OS Version: Windows x64 6.2.9200
21:53:20.818 Number of processors: 4 586 0x1301
21:53:20.818 ComputerName: MASTERCOMP UserName: UserPrime
21:53:37.209 Initialize success
21:53:37.381 VM: initialized successfully
21:53:37.397 VM: Amd CPU BiosDisabled
21:54:41.578 AVAST engine defs: 15011801
21:54:44.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
21:54:44.392 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2BA30001 Size: 953869MB BusType: 11
21:54:44.579 Disk 0 MBR read successfully
21:54:44.595 Disk 0 MBR scan
21:54:44.626 Disk 0 unknown MBR code
21:54:44.642 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
21:54:44.907 Disk 0 scanning C:\Windows\system32\drivers
21:55:06.419 Service scanning
21:55:41.071 Modules scanning
21:55:41.071 Disk 0 trace - called modules:
21:55:41.118 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amdxata.sys storport.sys hal.dll amdsata.sys
21:55:41.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001117fb060]
21:55:41.634 3 CLASSPNP.SYS[fffff801fdba027b] -> nt!IofCallDriver -> [0xffffe00111797040]
21:55:41.649 5 hpdskflt.sys[fffff801fe17542b] -> nt!IofCallDriver -> [0xffffe00110d04b30]
21:55:41.649 7 amdxata.sys[fffff801fd6ba6b4] -> nt!IofCallDriver -> \Device\0000002e[0xffffe00110428330]
21:55:44.884 AVAST engine scan C:\Windows
21:55:47.759 AVAST engine scan C:\Windows\system32
22:00:24.100 AVAST engine scan C:\Windows\system32\drivers
22:00:48.287 AVAST engine scan C:\Users\UserPrime
22:14:55.976 AVAST engine scan C:\ProgramData
22:18:43.376 Disk 0 statistics 3943786/0/0 @ 1.85 MB/s
22:18:43.378 Scan finished successfully
22:21:09.007 Disk 0 MBR has been saved successfully to "C:\Users\UserPrime\Desktop\MBR.dat"
22:21:09.017 The log file has been saved successfully to "C:\Users\UserPrime\Desktop\aswMBR.txt"
Win32.2UrFace.bho: [SBI $51263573] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2015-01-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-11-28 Includes\Adware-000.sbi (*)
2014-12-05 Includes\Adware-001.sbi (*)
2015-01-14 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-07-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-14 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-14 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-12-04 Includes\Spyware-000.sbi (*)
2014-12-09 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-10-02 Includes\Trojans-005.sbi (*)
2014-09-02 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-11-03 Includes\Trojans-009.sbi (*)
2015-01-14 Includes\Trojans-C.sbi (*)
2014-04-25 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-10-06 Includes\Trojans-ZB-000.sbi (*)
2014-10-27 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Additionally I have run adwcleaner, emisoft anti-malware trial version, hitman pro trial version and malwarebytes anti-malware to no result. Help, please.