PDA

View Full Version : Can't remove win32.2urface.bho



BIOS_Pherecydes
2015-01-20, 14:52
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 03
Ran by UserPrime (administrator) on MASTERCOMP on 18-01-2015 19:51:14
Running from C:\Users\UserPrime\Desktop
Loaded Profiles: UserPrime (Available profiles: UserPrime)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Flux Software LLC) C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe
(Dell) C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-03] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-10-02] (Unified Intents AB)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [f.lux] => C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4217552 2015-01-13] (Unified Intents AB)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [DellSystemDetect] => C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-07] (Dell)
HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\MountPoints2: {8caec898-737e-11e4-8288-485ab6b2d0e6} - "F:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.msn.com%2F%3Fpc%3DMSE1&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26sourceid%3Die7%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%7D%26ie%3D%7BinputEncoding%3F%7D%26oe%3D%7BoutputEncoding%3F%7D
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950
FF DefaultSearchEngine: Google
FF Homepage: google.com
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Redirect Bypasser - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\redirectbypasser@moonlight21.com [2015-01-14]
FF Extension: BetterSearch - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509} [2015-01-14]
FF Extension: FEBE - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-14]
FF Extension: DownloadHelper - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27]
FF Extension: AdBan - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\adban@ad-ban.appspot.com.xpi [2015-01-15]
FF Extension: Anti Linkbucks - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\antilinkbucks@mozilla.org.xpi [2015-01-14]
FF Extension: Customizable Shortcuts - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\customizable-shortcuts@timtaubert.de.xpi [2014-04-12]
FF Extension: Duplicate in Tab Context Menu - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2014-06-08]
FF Extension: Hide My Ass Proxy Extension - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\extension@hidemyass.com.xpi [2015-01-14]
FF Extension: Fast Image Research - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\fastimageresearch@usacyborg.com.xpi [2015-01-15]
FF Extension: MEGA - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\firefox@mega.co.nz.xpi [2014-04-05]
FF Extension: Foobar - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\foobar@unnecessarilylongurl.com.xpi [2014-03-29]
FF Extension: Google Search by Image - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\google@hitachi.com.xpi [2014-03-29]
FF Extension: Google UnTracker - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\googlelinkremover@websiteconnect.com.au.xpi [2015-01-14]
FF Extension: Browse By Name - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-BJHK9jcBnvyTwamzSSjJvyQXmOE@jetpack.xpi [2015-01-14]
FF Extension: Fake Domain - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-RC7UmNN5T3bzcD6KftfnEckAFR8@jetpack.xpi [2015-01-14]
FF Extension: google-no-tracking-url - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2015-01-14]
FF Extension: New Tab Tools - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\newtabtools@darktrojan.net.xpi [2014-12-27]
FF Extension: Restartless Restart - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\restartless.restart@erikvold.com.xpi [2014-03-29]
FF Extension: Save Session - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\savesession@noasobi.net.xpi [2015-01-14]
FF Extension: The Addon Bar (restored) - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-01-14]
FF Extension: UnPlug - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\unplug@compunach.xpi [2014-05-15]
FF Extension: عارض PDF - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\uriloader@pdf.js.xpi [2014-12-14]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-04-05]
FF Extension: Unshorten.It! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2015-01-17]
FF Extension: Session Manager - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-01-14]
FF Extension: Clean Links - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2015-01-14]
FF Extension: Tab Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi [2015-01-14]
FF Extension: BypassAdfly - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2d916c01-db0e-4de7-85a3-3fb22ca2d95e}.xpi [2015-01-14]
FF Extension: NoScript - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-29]
FF Extension: Abduction! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2014-04-05]
FF Extension: NoRedirect - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2015-01-14]
FF Extension: Web Developer - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-28]
FF Extension: Image Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}.xpi [2015-01-14]
FF Extension: BreakItDown - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{dc0fa146-3db5-73f1-e852-912722c85300}.xpi [2015-01-14]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2014-03-29]
FF Extension: Adblock Edge - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-28]
CHR Extension: (Google Docs) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28]
CHR Extension: (Google Drive) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (YouTube) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28]
CHR Extension: (Google Search) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28]
CHR Extension: (Google Sheets) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-28]
CHR Extension: (Google Wallet) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28]
CHR Extension: (Gmail) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28]
CHR Extension: (unnissaLes) - C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\ [2014-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0143991395633463mcinstcleanup; C:\Windows\TEMP\014399~1.EXE [834664 2013-07-13] (McAfee, Inc.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-11] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-11] (CyberLink)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [8616080 2014-04-18] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-01-13] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\PC Monitor\PCMonitorSrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 19:51 - 2015-01-18 19:52 - 00029255 _____ () C:\Users\UserPrime\Desktop\FRST.txt
2015-01-18 19:47 - 2015-01-18 19:51 - 00000000 ____D () C:\FRST
2015-01-18 19:46 - 2015-01-18 19:46 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MASTERCOMP-Microsoft-Windows-8.1-(64-bit).dat
2015-01-18 19:44 - 2015-01-18 19:44 - 00000000 ____D () C:\RegBackup
2015-01-18 19:43 - 2015-01-18 19:43 - 00002258 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-18 19:33 - 2015-01-18 19:33 - 02126848 _____ (Farbar) C:\Users\UserPrime\Desktop\FRST64.exe
2015-01-18 19:28 - 2015-01-18 19:32 - 04215584 _____ () C:\Users\UserPrime\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-18 19:14 - 2015-01-18 19:18 - 00000000 ____D () C:\Users\UserPrime\Documents\New folder
2015-01-18 09:15 - 2015-01-18 19:31 - 00000000 ____D () C:\Users\UserPrime\Desktop\Anti-Malware
2015-01-18 08:15 - 2015-01-18 08:15 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-18 06:58 - 2015-01-18 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-18 06:56 - 2015-01-18 19:03 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-18 06:55 - 2015-01-18 06:56 - 173521968 _____ (Emsisoft Ltd. ) C:\Users\UserPrime\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-17 20:05 - 2015-01-17 20:05 - 00280808 _____ () C:\Windows\Minidump\011715-32828-01.dmp
2015-01-17 19:58 - 2015-01-17 19:58 - 00280864 _____ () C:\Windows\Minidump\011715-35343-01.dmp
2015-01-17 19:56 - 2015-01-17 20:05 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-17 19:54 - 2015-01-17 19:54 - 00001988 _____ () C:\Windows\system32\.crusader
2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-17 19:42 - 2015-01-17 19:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-17 19:41 - 2015-01-17 19:42 - 11225840 _____ (SurfRight B.V.) C:\Users\UserPrime\Downloads\HitmanPro_x64.exe
2015-01-17 19:17 - 2015-01-18 19:29 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\ClassicShell
2015-01-17 19:17 - 2015-01-17 19:17 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\Program Files\Classic Shell
2015-01-17 19:05 - 2015-01-17 19:05 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0 (1).exe
2015-01-17 18:56 - 2015-01-17 18:56 - 00001026 _____ () C:\Users\Public\Desktop\TweakUAC.lnk
2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakUAC
2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\Program Files (x86)\TweakUAC
2015-01-17 18:54 - 2015-01-17 18:54 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0.exe
2015-01-17 07:10 - 2015-01-17 07:11 - 00000000 ____D () C:\ProgramData\Unified Remote
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Users\UserPrime\Documents\Unified Remote
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Program Files (x86)\Unified Remote 3
2015-01-17 07:10 - 2015-01-13 18:13 - 00025592 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\uvhid.sys
2015-01-17 07:10 - 2015-01-13 18:13 - 00007680 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-01-17 07:07 - 2015-01-17 07:07 - 16224072 _____ (Unified Intents AB ) C:\Users\UserPrime\Downloads\ServerSetup-3-1-1-675.exe
2015-01-15 05:26 - 2015-01-15 05:26 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install(1).exe
2015-01-15 05:00 - 2015-01-14 15:22 - 00001501 _____ () C:\Windows\system32\Drivers\etc\hosts.20150115-050056.backup
2015-01-15 01:51 - 2015-01-15 04:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-15 01:49 - 2015-01-15 01:49 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install.exe
2015-01-15 01:47 - 2015-01-15 01:49 - 16409960 _____ (Safer Networking Limited ) C:\Users\UserPrime\Downloads\spybotsd162.exe
2015-01-15 01:40 - 2015-01-15 01:40 - 00654587 _____ (GlobFX Technologies ) C:\Users\UserPrime\Downloads\SWFRESetup23.exe
2015-01-14 22:18 - 2015-01-18 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 22:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 22:17 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 22:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 22:16 - 2015-01-14 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\UserPrime\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 22:00 - 2015-01-14 22:00 - 37987520 _____ (Microsoft Corporation) C:\Users\UserPrime\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-14 21:39 - 2015-01-14 21:39 - 00000000 _____ () C:\autoexec.bat
2015-01-14 21:37 - 2015-01-14 21:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\UserPrime\Downloads\SpyHunter-Installer.exe
2015-01-14 17:32 - 2015-01-14 17:33 - 00346528 _____ (WinAbility Software Corp. ) C:\Users\UserPrime\Downloads\TweakUAC-v.1.1-setup.exe
2015-01-14 17:23 - 2015-01-14 17:23 - 35226936 _____ (Security Stronghold ) C:\Users\UserPrime\Downloads\ReplaceUAC.exe
2015-01-14 17:15 - 2014-04-13 23:49 - 00003029 _____ () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pulseway Manager.lnk
2015-01-14 16:56 - 2015-01-14 16:56 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\HermanCompute
2015-01-14 16:55 - 2015-01-14 16:55 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-01-14 16:55 - 2015-01-14 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-01-14 15:14 - 2015-01-14 15:14 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Amazing
2015-01-09 06:03 - 2015-01-09 06:03 - 00000000 _____ () C:\Users\UserPrime\Downloads\My_Little_Pony_Friendship_is_Magic_Season_2_Episode_3_Lesson_Zero___Video_102950062_mp4_h264_aac_hd_2.flv
2015-01-08 05:59 - 2015-01-08 05:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Sun
2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25.exe
2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25 (1).exe
2015-01-08 05:55 - 2015-01-08 05:55 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\jxpiinstall.exe
2015-01-06 08:45 - 2015-01-06 08:45 - 01920640 _____ (TODO: <Company name>) C:\Users\UserPrime\Downloads\FlashPlayerPro_Setup.exe
2015-01-05 07:29 - 2015-01-05 07:29 - 00000000 _____ () C:\Users\UserPrime\Downloads\The_Mouse_Glove___Scientific_Tuesdays_scientifictuesdays_0030_mouseglove_large.h264.mp4
2015-01-03 12:49 - 2015-01-03 12:49 - 00597304 _____ () C:\Users\UserPrime\Downloads\flux-setup.exe
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\FluxSoftware
2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-31 18:25 - 2015-01-14 22:45 - 00000000 ____D () C:\Program Files (x86)\unnissaLes
2014-12-31 18:24 - 2014-12-31 18:24 - 00000000 ____D () C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf
2014-12-31 04:43 - 2011-06-23 11:34 - 00835584 _____ (KastorSoft) C:\Users\UserPrime\Desktop\KastorFreeAudioExtractor.exe
2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\Linkin_Park___BURN_IT_DOWN__Official_Music_Video.mp4
2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶ Linkin Park - BURN IT DOWN (Official Music Video) - YouTube [360p].mp4
2014-12-31 03:11 - 2015-01-13 04:43 - 00000000 ____D () C:\Users\UserPrime\Downloads\dwhelper
2014-12-31 03:04 - 2014-12-31 03:04 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Ozzy_Osbourne____Bark_at_the_Moon.mp4
2014-12-31 03:01 - 2014-12-31 03:01 - 00000000 ____D () C:\Users\UserPrime\Documents\audio
2014-12-27 21:25 - 2014-12-27 21:25 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Allele_by_Michael_Zev_Gordon_edYpybD1Y8jC.128.peg
2014-12-25 18:30 - 2014-12-25 18:30 - 00001311 _____ () C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2014-12-25 18:30 - 2014-12-25 18:30 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-25 18:29 - 2014-12-25 18:29 - 02018936 _____ (WiseCleaner.com ) C:\Users\UserPrime\Downloads\WPUSetup.exe
2014-12-25 18:04 - 2014-12-25 18:04 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\No Company Name

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 19:50 - 2014-03-23 23:02 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-614374451-640586071-3639636259-1002
2015-01-18 19:28 - 2014-11-28 01:23 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 19:18 - 2014-03-23 22:56 - 01784286 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-18 09:11 - 2014-11-28 01:23 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 09:10 - 2013-08-26 01:01 - 00022312 _____ () C:\Windows\PFRO.log
2015-01-18 09:10 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 09:09 - 2014-11-20 01:38 - 00000000 ____D () C:\AdwCleaner
2015-01-18 08:16 - 2014-11-15 17:15 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2015-01-18 05:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-18 04:12 - 2014-05-04 20:13 - 00000000 ____D () C:\Users\UserPrime\Desktop\FlashVault
2015-01-18 02:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-18 02:00 - 2014-03-29 13:45 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Adobe
2015-01-17 20:05 - 2014-05-11 19:58 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 20:04 - 2014-05-11 19:58 - 371566633 _____ () C:\Windows\MEMORY.DMP
2015-01-17 18:58 - 2014-03-24 06:58 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\vlc
2015-01-17 07:10 - 2014-08-29 04:21 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Unified Remote
2015-01-14 22:45 - 2014-04-05 13:07 - 00000000 ____D () C:\Program Files\SWF Opener
2015-01-14 21:55 - 2014-04-05 13:04 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-14 17:18 - 2014-04-13 23:49 - 00000000 ____D () C:\Program Files\PC Monitor
2015-01-12 08:00 - 2014-03-29 18:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-12 07:59 - 2014-03-29 18:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-07 05:37 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 09:03 - 2013-09-06 12:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 12:13 - 2014-04-26 23:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-03 03:08 - 2013-08-22 09:44 - 06465048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 03:07 - 2014-03-23 22:56 - 00000000 ____D () C:\Users\UserPrime
2015-01-03 00:58 - 2014-12-05 03:25 - 00000000 ____D () C:\Program Files\Recuva
2014-12-31 19:36 - 2014-04-26 23:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-31 19:34 - 2014-04-26 23:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-31 19:32 - 2014-04-26 23:30 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-31 13:12 - 2014-04-13 23:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 06:14 - 2014-03-29 18:55 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 03:11 - 2014-12-06 21:46 - 00000000 ____D () C:\Users\UserPrime\dwhelper
2014-12-27 23:33 - 2014-06-09 04:06 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Windows Live
2014-12-26 02:47 - 2014-12-15 00:33 - 00000000 ____D () C:\ProgramData\Chasys Draw IES
2014-12-25 18:35 - 2013-10-07 13:28 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 18:20 - 2014-12-15 00:13 - 00000000 ____D () C:\Program Files (x86)\Eltima Software
2014-12-25 04:20 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-25 03:18 - 2013-08-22 09:46 - 00035441 _____ () C:\Windows\setupact.log

==================== Files in the root of some directories =======
2014-05-04 19:59 - 2014-05-04 19:59 - 0000288 _____ () C:\Users\UserPrime\AppData\Roaming\.backup.dm

Some content of TEMP:
====================
C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 02:17

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 03
Ran by UserPrime at 2015-01-18 19:52:50
Running from C:\Users\UserPrime\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{05D12146-31FA-CB4C-C780-8E450FCC5F2E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
f.lux (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Flux) (Version: - )
FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.8.4.4 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HideVPN (HKLM-x32\...\HideVPN) (Version: 1.0.0 - WebSafeVPN)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kastor Free Audio Extractor V1.4 (HKLM-x32\...\Kastor Free Audio Extractor_is1) (Version: 1.4.0.0 - KastorSoft)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LibreOffice 4.2 Help Pack (English (United States)) (HKLM-x32\...\{9B197B38-038D-47B5-9572-AE07E34F6AD0}) (Version: 4.2.2.1 - The Document Foundation)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.2) (Version: 7.2 - Applian Technologies Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.1 - Unified Intents AB)
Unified Remote (HKLM-x32\...\{D7930C67-5816-417B-BF28-54BB75EFDAF9}) (Version: 2.14.4.0 - Unified Remote)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Video Download Capture version 4.9.2 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.2 - APOWERSOFT LIMITED)
Video Time Reversal 2.07 (HKLM-x32\...\Video Time Reversal 2_is1) (Version: 2.07 - Xander)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)
Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File

==================== Restore Points =========================

04-01-2015 01:54:49 Scheduled Checkpoint
14-01-2015 17:17:27 Removed PC Monitor
17-01-2015 19:06:41 Installed Classic Shell

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-01-15 05:00 - 00451393 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E0F9862-0643-44B6-9DBC-1E84EC888C78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {143616EB-5EEC-460C-8CD7-ECCEE7B123CA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {14F01E9E-A75A-49E0-8832-89E51C1A99C8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {19C28DC4-E382-4D71-9D17-344CD905310F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {1ECEF5E8-3ACE-41C7-BB0E-7E6C0403413A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {20C3ED1E-1F50-404C-A790-FA89C9D13712} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {27DFD6B6-181E-4E71-9E23-FB5DD52E7D16} - System32\Tasks\{1B78B6A5-57CB-4EC6-ACFB-25B6208B1092} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe" -c REPAIRUI RERUNMODE
Task: {59246BE6-D37E-41BA-AC12-48A350707FAD} - System32\Tasks\AdobeAAMUpdater-1.0-MASTERCOMP-UserPrime => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {5B30D3AC-0AED-4FE7-856B-5A89B367CE91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8A4C4001-C2F6-42FE-8E57-FFC8C7B81D21} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {8C9E2623-C996-4A6E-AF4F-D83C4441B0DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {9579F257-F07D-43FC-B534-19B5E91FE613} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A28FD34C-1DBC-410F-8FED-F81F140B5422} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {A2CA1690-824A-47AA-88A0-6F0C65DD927B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {A7C9B5E8-4FFD-4463-AC98-85CC812886F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {A9E2CB50-529E-4CE1-BA43-FDB33E6C3596} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {BFE2C1D0-6004-49F0-8759-FA853D51FA8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F79AAE4B-411F-4E40-9C5D-2E9D64AD8E30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC3C34CC-D48E-4F90-977D-C0E9A7E1838D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-23 03:08 - 2013-08-23 03:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-08-23 03:13 - 2013-08-23 03:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-08-23 03:09 - 2013-08-23 03:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-08-19 15:47 - 2013-08-19 15:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-18 09:19 - 2014-04-18 09:19 - 08616080 _____ () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
2013-08-23 03:12 - 2013-08-23 03:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-08-19 15:47 - 2013-08-19 15:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-10-07 13:31 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-14 01:28 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-15 01:51 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2015-01-15 01:51 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2015-01-15 01:51 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2015-01-15 01:51 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2015-01-15 01:51 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:DED17083
AlternateDataStreams: C:\Users\UserPrime\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-614374451-640586071-3639636259-500 - Administrator - Enabled)
Guest (S-1-5-21-614374451-640586071-3639636259-501 - Limited - Disabled)
UserPrime (S-1-5-21-614374451-640586071-3639636259-1002 - Administrator - Enabled) => C:\Users\UserPrime

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17039 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e5c

Start Time: 01d03328a9d1ee35

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 7628c335-9f72-11e4-8297-485ab6b2d0e6

Faulting package full name:

Faulting package-relative application ID:

Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4156

Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4156

Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2797

Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2797

Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1391

Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1391

Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/18/2015 07:31:52 PM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/18/2015 09:55:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/18/2015 09:19:01 AM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0143991395633463) service terminated unexpectedly. It has done this 1 time(s).

Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2

Error: (01/18/2015 09:11:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LighterRunner service to connect.

Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V12 service terminated unexpectedly. It has done this 1 time(s).

Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17039e5c01d03328a9d1ee350C:\Windows\Explorer.EXE7628c335-9f72-11e4-8297-485ab6b2d0e6

Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4156

Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4156

Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2797

Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2797

Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1391

Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1391

Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 7366.26 MB
Available physical RAM: 5008.02 MB
Total Pagefile: 14790.26 MB
Available Pagefile: 11585.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.38 GB) (Free:724.88 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 429EAAF4)

Partition: GPT Partition Type.

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-18 21:53:20
-----------------------------
21:53:20.818 OS Version: Windows x64 6.2.9200
21:53:20.818 Number of processors: 4 586 0x1301
21:53:20.818 ComputerName: MASTERCOMP UserName: UserPrime
21:53:37.209 Initialize success
21:53:37.381 VM: initialized successfully
21:53:37.397 VM: Amd CPU BiosDisabled
21:54:41.578 AVAST engine defs: 15011801
21:54:44.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
21:54:44.392 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2BA30001 Size: 953869MB BusType: 11
21:54:44.579 Disk 0 MBR read successfully
21:54:44.595 Disk 0 MBR scan
21:54:44.626 Disk 0 unknown MBR code
21:54:44.642 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
21:54:44.907 Disk 0 scanning C:\Windows\system32\drivers
21:55:06.419 Service scanning
21:55:41.071 Modules scanning
21:55:41.071 Disk 0 trace - called modules:
21:55:41.118 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amdxata.sys storport.sys hal.dll amdsata.sys
21:55:41.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001117fb060]
21:55:41.634 3 CLASSPNP.SYS[fffff801fdba027b] -> nt!IofCallDriver -> [0xffffe00111797040]
21:55:41.649 5 hpdskflt.sys[fffff801fe17542b] -> nt!IofCallDriver -> [0xffffe00110d04b30]
21:55:41.649 7 amdxata.sys[fffff801fd6ba6b4] -> nt!IofCallDriver -> \Device\0000002e[0xffffe00110428330]
21:55:44.884 AVAST engine scan C:\Windows
21:55:47.759 AVAST engine scan C:\Windows\system32
22:00:24.100 AVAST engine scan C:\Windows\system32\drivers
22:00:48.287 AVAST engine scan C:\Users\UserPrime
22:14:55.976 AVAST engine scan C:\ProgramData
22:18:43.376 Disk 0 statistics 3943786/0/0 @ 1.85 MB/s
22:18:43.378 Scan finished successfully
22:21:09.007 Disk 0 MBR has been saved successfully to "C:\Users\UserPrime\Desktop\MBR.dat"
22:21:09.017 The log file has been saved successfully to "C:\Users\UserPrime\Desktop\aswMBR.txt"


Win32.2UrFace.bho: [SBI $51263573] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2015-01-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-11-28 Includes\Adware-000.sbi (*)
2014-12-05 Includes\Adware-001.sbi (*)
2015-01-14 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-07-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-14 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-14 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-12-04 Includes\Spyware-000.sbi (*)
2014-12-09 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-10-02 Includes\Trojans-005.sbi (*)
2014-09-02 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-11-03 Includes\Trojans-009.sbi (*)
2015-01-14 Includes\Trojans-C.sbi (*)
2014-04-25 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-10-06 Includes\Trojans-ZB-000.sbi (*)
2014-10-27 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Additionally I have run adwcleaner, emisoft anti-malware trial version, hitman pro trial version and malwarebytes anti-malware to no result. Help, please.

Juliet
2015-01-22, 15:53
Sorry for the delay.

We will need to uninstall Google Chrome completely, then reinstall.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.


http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)

***

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click on Google Chrome
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.



You can redownload Google Chrome from this link.
http://www.google.com/chrome/
~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
c:\Program Files (x86)\LighterRunner\LighterRunner.dll
C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File
AlternateDataStreams: C:\ProgramData\Temp:DED17083
DeleteKey: HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~
Please locate adwcleaner and delete it.

I want you to download a current updated copy.

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

BIOS_Pherecydes
2015-01-23, 14:09
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 03
Ran by UserPrime at 2015-01-23 05:20:44 Run:1
Running from C:\Users\UserPrime\Desktop
Loaded Profiles: UserPrime (Available profiles: UserPrime)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
c:\Program Files (x86)\LighterRunner\LighterRunner.dll
C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File
AlternateDataStreams: C:\ProgramData\Temp:DED17083
DeleteKey: HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
eb1f7708 => Service deleted successfully.
"c:\Program Files (x86)\LighterRunner\LighterRunner.dll" => File/Directory not found.
C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll => Moved successfully.
"HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}" => Key deleted successfully.
"HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}" => Key deleted successfully.
C:\ProgramData\Temp => ":DED17083" ADS removed successfully.
HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5} => Key not found.
EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 05:22:17 ====


# AdwCleaner v4.108 - Report created 23/01/2015 at 06:07:19
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : UserPrime - MASTERCOMP
# Running from : C:\Users\UserPrime\Desktop\Anti-Malware\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v

[C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [1215 octets] - [23/01/2015 05:34:56]
AdwCleaner[R1].txt - [1285 octets] - [23/01/2015 05:40:42]
AdwCleaner[S0].txt - [1212 octets] - [23/01/2015 06:07:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1272 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by UserPrime on Fri 01/23/2015 at 5:42:21.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\UserPrime\AppData\Roaming\mozilla\firefox\profiles\swnccxfp.default-1396138438950\prefs.js

user_pref("extensions.eT4EUY3dRbXPuv4Q.url", "hxxp://firstynan.net/sync2/?q=hfZ9ofV9CShEAen0rTa5rHsMg708BNmGWj8lkGhGheDUojw9rjwFqjsGrjk9pchIC7n0rjnFrjsErdg9qds6tNhVCT94tMVKhd9
user_pref("extensions.sxAeiZEPSU6hZogp.url", "hxxp://supercept.info/sync2/?q=hfZ9ofV9CShEAen0rTwEqHrMg708BNmGWj8lkGhGheDUojw9rjsHrjsHrTk9qShIC7n0rjnFrTrFrTrGpdsEtNhVCT94tMVKhd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/23/2015 at 6:05:50.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2015-01-23, 19:15
uninstall Google Chrome?

Tell me what the computer is doing now?

BIOS_Pherecydes
2015-01-25, 11:54
Chrome is uninstalled and their are no unwanted ads anymore. As far as i can tell there is no other change. I reran Spybot and it still shows the presence of the virus in the registry.

Juliet
2015-01-25, 13:09
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content inside of the following codebox into the main textfield:


:folderfind
2YourFace
:filefind
2YourFace
:regfind
2YourFace
D3388703-5092-487C-8217-11ADA1CA68B5

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

BIOS_Pherecydes
2015-01-25, 14:23
SystemLook 30.07.11 by jpshortstuff
Log created at 07:02 on 25/01/2015 by UserPrime
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "2YourFace"
No folders found.

========== filefind ==========

Searching for "2YourFace"
No files found.

========== regfind ==========

Searching for "2YourFace"
No data found.

Searching for "D3388703-5092-487C-8217-11ADA1CA68B5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]

-= EOF =-

Juliet
2015-01-25, 14:48
Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste Windows Registry Editor Version 5.00):



Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]


Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as to All Files" ..Double click on the delete.reg file and choose Yes to merge/add it to the registry. It will look like this http://i204.photobucket.com/albums/bb106/Juliet702/regMiekie.png
.. You may delete the file afterwards.

BIOS_Pherecydes
2015-01-26, 01:29
Thanks, problem appears to be solved. Is there any followup information required to verify?

Juliet
2015-01-26, 01:44
Thanks, problem appears to be solved. Is there any followup information required to verify?

Yes, I think an online scan would be best to run now.
Might not find anything but we should.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.

BIOS_Pherecydes
2015-01-26, 05:30
C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Program Files (x86)\DeltaFix\DeltaFix.dll.vir a variant of Win32/Adware.MultiPlug.DX application
C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\ProgramData\Trusted Publisher\SW-Booster\SW-Booster.exe.vir Win32/TrojanDownloader.Agent.ACF trojan
C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjlbpeobfoehgedfokphelfpbhmdphco\1\tFeo.js.vir JS/Kryptik.ATB trojan
C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\kE@I3AZM.com\content\bg.js.vir JS/Kryptik.ATB trojan
C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\kxm0TR@p.com\content\bg.js.vir JS/Kryptik.ATB trojan
C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\tfQ@S.com\content\bg.js.vir JS/Kryptik.ATB trojan
C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js JS/Kryptik.ATB trojan
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js JS/Kryptik.ATB trojan
C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js JS/Kryptik.ATB trojan
C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js JS/Kryptik.ATB trojan
C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png HTML/Iframe.B.Gen virus
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg HTML/Iframe.B.Gen virus
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\UserPrime\Downloads\setup-adblock-master.exe Win32/Somoto.E potentially unwanted application
C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe a variant of Win32/SoftonicDownloader.G potentially unwanted application
C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Juliet
2015-01-26, 12:14
C:\$Recycle.Bin <-- remove/empty what you have in your Recycle bin.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe
C:\Users\UserPrime\Downloads\setup-adblock-master.exe
C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe
C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe
C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


How's your computer?

BIOS_Pherecydes
2015-01-27, 21:11
Ran by UserPrime at 2015-01-27 14:04:17 Run:2
Running from C:\Users\UserPrime\Desktop
Loaded Profiles: UserPrime (Available profiles: UserPrime)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe
C:\Users\UserPrime\Downloads\setup-adblock-master.exe
C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe
C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe
C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe
EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll => Moved successfully.
C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll => Moved successfully.
C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll => Moved successfully.
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js => Moved successfully.
C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js => Moved successfully.
"C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll" => File/Directory not found.
"C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll" => File/Directory not found.
"C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll" => File/Directory not found.
"C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js" => File/Directory not found.
"C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js" => File/Directory not found.
C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe => Moved successfully.
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png => Moved successfully.
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg jpg => Moved successfully.
C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe => Moved successfully.
C:\Users\UserPrime\Downloads\setup-adblock-master.exe => Moved successfully.
C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe => Moved successfully.
C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe => Moved successfully.
C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe => Moved successfully.
EmptyTemp: => Removed 436 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:04:29 ====


Reran Spybot, Emisoft and ESET. No problems found, ESET reported previous issues in quarantine. Is there anything else I need to do?

Juliet
2015-01-27, 23:06
If the computer feels back to normal I think we can finish up now?

BIOS_Pherecydes
2015-01-28, 10:44
It does. I've restarted Emisoft active protection and Spybot teatimer so hopefully that should prevent future issues. Thank your for your help.

Juliet
2015-01-28, 12:28
http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup



~~~~

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Juliet
2015-02-07, 14:35
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.