Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Can't remove win32.2urface.bho

  1. #1
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default Can't remove win32.2urface.bho

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 03
    Ran by UserPrime (administrator) on MASTERCOMP on 18-01-2015 19:51:14
    Running from C:\Users\UserPrime\Desktop
    Loaded Profiles: UserPrime (Available profiles: UserPrime)
    Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
    (Flux Software LLC) C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe
    (Dell) C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-03] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-10-02] (Unified Intents AB)
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [f.lux] => C:\Users\UserPrime\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4217552 2015-01-13] (Unified Intents AB)
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Run: [DellSystemDetect] => C:\Users\UserPrime\AppData\Local\Apps\2.0\DY7LGXW2.42P\XD40HT7R.OLJ\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-07] (Dell)
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\MountPoints2: {8caec898-737e-11e4-8288-485ab6b2d0e6} - "F:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    BootExecute: autocheck autochk * bootdelete
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Link...oogle.com&OSP=
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Link...oogle.com&OSP=
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Link...oogle.com&OSP=
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
    HKU\S-1-5-21-614374451-640586071-3639636259-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Link...Encoding%3F%7D
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-614374451-640586071-3639636259-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950
    FF DefaultSearchEngine: Google
    FF Homepage: google.com
    FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Extension: Redirect Bypasser - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\redirectbypasser@moonlight21.com [2015-01-14]
    FF Extension: BetterSearch - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509} [2015-01-14]
    FF Extension: FEBE - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-14]
    FF Extension: DownloadHelper - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27]
    FF Extension: AdBan - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\adban@ad-ban.appspot.com.xpi [2015-01-15]
    FF Extension: Anti Linkbucks - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\antilinkbucks@mozilla.org.xpi [2015-01-14]
    FF Extension: Customizable Shortcuts - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\customizable-shortcuts@timtaubert.de.xpi [2014-04-12]
    FF Extension: Duplicate in Tab Context Menu - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2014-06-08]
    FF Extension: Hide My Ass Proxy Extension - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\extension@hidemyass.com.xpi [2015-01-14]
    FF Extension: Fast Image Research - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\fastimageresearch@usacyborg.com.xpi [2015-01-15]
    FF Extension: MEGA - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\firefox@mega.co.nz.xpi [2014-04-05]
    FF Extension: Foobar - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\foobar@unnecessarilylongurl.com.xpi [2014-03-29]
    FF Extension: Google Search by Image - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\google@hitachi.com.xpi [2014-03-29]
    FF Extension: Google UnTracker - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\googlelinkremover@websiteconnect.com.au.xpi [2015-01-14]
    FF Extension: Browse By Name - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-BJHK9jcBnvyTwamzSSjJvyQXmOE@jetpack.xpi [2015-01-14]
    FF Extension: Fake Domain - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid0-RC7UmNN5T3bzcD6KftfnEckAFR8@jetpack.xpi [2015-01-14]
    FF Extension: google-no-tracking-url - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi [2015-01-14]
    FF Extension: New Tab Tools - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\newtabtools@darktrojan.net.xpi [2014-12-27]
    FF Extension: Restartless Restart - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\restartless.restart@erikvold.com.xpi [2014-03-29]
    FF Extension: Save Session - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\savesession@noasobi.net.xpi [2015-01-14]
    FF Extension: The Addon Bar (restored) - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-01-14]
    FF Extension: UnPlug - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\unplug@compunach.xpi [2014-05-15]
    FF Extension: عارض PDF - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\uriloader@pdf.js.xpi [2014-12-14]
    FF Extension: 1-Click YouTube Video Downloader - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-04-05]
    FF Extension: Unshorten.It! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2015-01-17]
    FF Extension: Session Manager - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-01-14]
    FF Extension: Clean Links - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2015-01-14]
    FF Extension: Tab Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi [2015-01-14]
    FF Extension: BypassAdfly - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{2d916c01-db0e-4de7-85a3-3fb22ca2d95e}.xpi [2015-01-14]
    FF Extension: NoScript - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-29]
    FF Extension: Abduction! - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2014-04-05]
    FF Extension: NoRedirect - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2015-01-14]
    FF Extension: Web Developer - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-28]
    FF Extension: Image Preview - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}.xpi [2015-01-14]
    FF Extension: BreakItDown - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{dc0fa146-3db5-73f1-e852-912722c85300}.xpi [2015-01-14]
    FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2014-03-29]
    FF Extension: Adblock Edge - C:\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-29]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-28]
    CHR Extension: (Google Docs) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28]
    CHR Extension: (Google Drive) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
    CHR Extension: (YouTube) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28]
    CHR Extension: (Google Search) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28]
    CHR Extension: (Google Sheets) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-28]
    CHR Extension: (Google Wallet) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28]
    CHR Extension: (Gmail) - C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28]
    CHR Extension: (unnissaLes) - C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\ [2014-11-28]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 0143991395633463mcinstcleanup; C:\Windows\TEMP\014399~1.EXE [834664 2013-07-13] (McAfee, Inc.)
    R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
    R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-11] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-11] (CyberLink)
    R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [8616080 2014-04-18] ()
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
    S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
    S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
    R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
    R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
    R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
    R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-17] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-01-13] (Windows (R) Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
    S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
    U3 McMPFSvc; No ImagePath
    U3 McNaiAnn; No ImagePath
    U3 mcpltsvc; No ImagePath
    U3 McProxy; No ImagePath
    U3 mfecore; No ImagePath
    U3 MSK80Service; No ImagePath
    S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
    S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files\PC Monitor\PCMonitorSrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-18 19:51 - 2015-01-18 19:52 - 00029255 _____ () C:\Users\UserPrime\Desktop\FRST.txt
    2015-01-18 19:47 - 2015-01-18 19:51 - 00000000 ____D () C:\FRST
    2015-01-18 19:46 - 2015-01-18 19:46 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MASTERCOMP-Microsoft-Windows-8.1-(64-bit).dat
    2015-01-18 19:44 - 2015-01-18 19:44 - 00000000 ____D () C:\RegBackup
    2015-01-18 19:43 - 2015-01-18 19:43 - 00002258 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-18 19:43 - 2015-01-18 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-18 19:33 - 2015-01-18 19:33 - 02126848 _____ (Farbar) C:\Users\UserPrime\Desktop\FRST64.exe
    2015-01-18 19:28 - 2015-01-18 19:32 - 04215584 _____ () C:\Users\UserPrime\Downloads\tweaking.com_registry_backup_setup.exe
    2015-01-18 19:14 - 2015-01-18 19:18 - 00000000 ____D () C:\Users\UserPrime\Documents\New folder
    2015-01-18 09:15 - 2015-01-18 19:31 - 00000000 ____D () C:\Users\UserPrime\Desktop\Anti-Malware
    2015-01-18 08:15 - 2015-01-18 08:15 - 00000000 ____D () C:\ProgramData\Emsisoft
    2015-01-18 06:58 - 2015-01-18 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    2015-01-18 06:56 - 2015-01-18 19:03 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
    2015-01-18 06:55 - 2015-01-18 06:56 - 173521968 _____ (Emsisoft Ltd. ) C:\Users\UserPrime\Downloads\EmsisoftAntiMalwareSetup.exe
    2015-01-17 20:05 - 2015-01-17 20:05 - 00280808 _____ () C:\Windows\Minidump\011715-32828-01.dmp
    2015-01-17 19:58 - 2015-01-17 19:58 - 00280864 _____ () C:\Windows\Minidump\011715-35343-01.dmp
    2015-01-17 19:56 - 2015-01-17 20:05 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-01-17 19:54 - 2015-01-17 19:54 - 00001988 _____ () C:\Windows\system32\.crusader
    2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\Program Files\HitmanPro
    2015-01-17 19:42 - 2015-01-17 19:54 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-01-17 19:41 - 2015-01-17 19:42 - 11225840 _____ (SurfRight B.V.) C:\Users\UserPrime\Downloads\HitmanPro_x64.exe
    2015-01-17 19:17 - 2015-01-18 19:29 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\ClassicShell
    2015-01-17 19:17 - 2015-01-17 19:17 - 00000000 ____D () C:\ProgramData\ClassicShell
    2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
    2015-01-17 19:07 - 2015-01-17 19:07 - 00000000 ____D () C:\Program Files\Classic Shell
    2015-01-17 19:05 - 2015-01-17 19:05 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0 (1).exe
    2015-01-17 18:56 - 2015-01-17 18:56 - 00001026 _____ () C:\Users\Public\Desktop\TweakUAC.lnk
    2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakUAC
    2015-01-17 18:56 - 2015-01-17 18:56 - 00000000 ____D () C:\Program Files (x86)\TweakUAC
    2015-01-17 18:54 - 2015-01-17 18:54 - 06791360 _____ (IvoSoft) C:\Users\UserPrime\Downloads\ClassicShellSetup_4_1_0.exe
    2015-01-17 07:10 - 2015-01-17 07:11 - 00000000 ____D () C:\ProgramData\Unified Remote
    2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Users\UserPrime\Documents\Unified Remote
    2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
    2015-01-17 07:10 - 2015-01-17 07:10 - 00000000 ____D () C:\Program Files (x86)\Unified Remote 3
    2015-01-17 07:10 - 2015-01-13 18:13 - 00025592 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\uvhid.sys
    2015-01-17 07:10 - 2015-01-13 18:13 - 00007680 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
    2015-01-17 07:07 - 2015-01-17 07:07 - 16224072 _____ (Unified Intents AB ) C:\Users\UserPrime\Downloads\ServerSetup-3-1-1-675.exe
    2015-01-15 05:26 - 2015-01-15 05:26 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install(1).exe
    2015-01-15 05:00 - 2015-01-14 15:22 - 00001501 _____ () C:\Windows\system32\Drivers\etc\hosts.20150115-050056.backup
    2015-01-15 01:51 - 2015-01-15 04:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2015-01-15 01:51 - 2015-01-15 01:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-01-15 01:49 - 2015-01-15 01:49 - 00204028 _____ () C:\Users\UserPrime\Downloads\swfrip-0.4-install.exe
    2015-01-15 01:47 - 2015-01-15 01:49 - 16409960 _____ (Safer Networking Limited ) C:\Users\UserPrime\Downloads\spybotsd162.exe
    2015-01-15 01:40 - 2015-01-15 01:40 - 00654587 _____ (GlobFX Technologies ) C:\Users\UserPrime\Downloads\SWFRESetup23.exe
    2015-01-14 22:18 - 2015-01-18 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-14 22:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-14 22:17 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-14 22:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-14 22:16 - 2015-01-14 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\UserPrime\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-14 22:00 - 2015-01-14 22:00 - 37987520 _____ (Microsoft Corporation) C:\Users\UserPrime\Downloads\Windows-KB890830-x64-V5.20.exe
    2015-01-14 21:39 - 2015-01-14 21:39 - 00000000 _____ () C:\autoexec.bat
    2015-01-14 21:37 - 2015-01-14 21:37 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\UserPrime\Downloads\SpyHunter-Installer.exe
    2015-01-14 17:32 - 2015-01-14 17:33 - 00346528 _____ (WinAbility Software Corp. ) C:\Users\UserPrime\Downloads\TweakUAC-v.1.1-setup.exe
    2015-01-14 17:23 - 2015-01-14 17:23 - 35226936 _____ (Security Stronghold ) C:\Users\UserPrime\Downloads\ReplaceUAC.exe
    2015-01-14 17:15 - 2014-04-13 23:49 - 00003029 _____ () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pulseway Manager.lnk
    2015-01-14 16:56 - 2015-01-14 16:56 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\HermanCompute
    2015-01-14 16:55 - 2015-01-14 16:55 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
    2015-01-14 16:55 - 2015-01-14 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
    2015-01-14 15:14 - 2015-01-14 15:14 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Amazing
    2015-01-09 06:03 - 2015-01-09 06:03 - 00000000 _____ () C:\Users\UserPrime\Downloads\My_Little_Pony_Friendship_is_Magic_Season_2_Episode_3_Lesson_Zero___Video_102950062_mp4_h264_aac_hd_2.flv
    2015-01-08 05:59 - 2015-01-08 05:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Sun
    2015-01-08 05:59 - 2015-01-08 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\ProgramData\Oracle
    2015-01-08 05:58 - 2015-01-08 05:58 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25.exe
    2015-01-08 05:57 - 2015-01-08 05:58 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\chromeinstall-8u25 (1).exe
    2015-01-08 05:55 - 2015-01-08 05:55 - 00638888 _____ (Oracle Corporation) C:\Users\UserPrime\Downloads\jxpiinstall.exe
    2015-01-06 08:45 - 2015-01-06 08:45 - 01920640 _____ (TODO: <Company name>) C:\Users\UserPrime\Downloads\FlashPlayerPro_Setup.exe
    2015-01-05 07:29 - 2015-01-05 07:29 - 00000000 _____ () C:\Users\UserPrime\Downloads\The_Mouse_Glove___Scientific_Tuesdays_scientifictuesdays_0030_mouseglove_large.h264.mp4
    2015-01-03 12:49 - 2015-01-03 12:49 - 00597304 _____ () C:\Users\UserPrime\Downloads\flux-setup.exe
    2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
    2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\FluxSoftware
    2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    2014-12-31 19:31 - 2014-12-31 19:31 - 00000000 ____D () C:\Program Files (x86)\Adobe Media Player
    2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
    2014-12-31 19:29 - 2014-12-31 19:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
    2014-12-31 18:25 - 2015-01-14 22:45 - 00000000 ____D () C:\Program Files (x86)\unnissaLes
    2014-12-31 18:24 - 2014-12-31 18:24 - 00000000 ____D () C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf
    2014-12-31 04:43 - 2011-06-23 11:34 - 00835584 _____ (KastorSoft) C:\Users\UserPrime\Desktop\KastorFreeAudioExtractor.exe
    2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\Linkin_Park___BURN_IT_DOWN__Official_Music_Video.mp4
    2014-12-31 03:43 - 2014-12-31 03:43 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶ Linkin Park - BURN IT DOWN (Official Music Video) - YouTube [360p].mp4
    2014-12-31 03:11 - 2015-01-13 04:43 - 00000000 ____D () C:\Users\UserPrime\Downloads\dwhelper
    2014-12-31 03:04 - 2014-12-31 03:04 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Ozzy_Osbourne____Bark_at_the_Moon.mp4
    2014-12-31 03:01 - 2014-12-31 03:01 - 00000000 ____D () C:\Users\UserPrime\Documents\audio
    2014-12-27 21:25 - 2014-12-27 21:25 - 00000000 _____ () C:\Users\UserPrime\Downloads\▶_Allele_by_Michael_Zev_Gordon_edYpybD1Y8jC.128.peg
    2014-12-25 18:30 - 2014-12-25 18:30 - 00001311 _____ () C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
    2014-12-25 18:30 - 2014-12-25 18:30 - 00000000 ____D () C:\Program Files (x86)\Wise
    2014-12-25 18:29 - 2014-12-25 18:29 - 02018936 _____ (WiseCleaner.com ) C:\Users\UserPrime\Downloads\WPUSetup.exe
    2014-12-25 18:04 - 2014-12-25 18:04 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\No Company Name

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-18 19:50 - 2014-03-23 23:02 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-614374451-640586071-3639636259-1002
    2015-01-18 19:28 - 2014-11-28 01:23 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-18 19:18 - 2014-03-23 22:56 - 01784286 _____ () C:\Windows\WindowsUpdate.log
    2015-01-18 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-01-18 09:11 - 2014-11-28 01:23 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-18 09:10 - 2013-08-26 01:01 - 00022312 _____ () C:\Windows\PFRO.log
    2015-01-18 09:10 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-18 09:09 - 2014-11-20 01:38 - 00000000 ____D () C:\AdwCleaner
    2015-01-18 08:16 - 2014-11-15 17:15 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
    2015-01-18 05:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-01-18 04:12 - 2014-05-04 20:13 - 00000000 ____D () C:\Users\UserPrime\Desktop\FlashVault
    2015-01-18 02:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-01-18 02:00 - 2014-03-29 13:45 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Adobe
    2015-01-17 20:05 - 2014-05-11 19:58 - 00000000 ____D () C:\Windows\Minidump
    2015-01-17 20:04 - 2014-05-11 19:58 - 371566633 _____ () C:\Windows\MEMORY.DMP
    2015-01-17 18:58 - 2014-03-24 06:58 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\vlc
    2015-01-17 07:10 - 2014-08-29 04:21 - 00000000 ____D () C:\Users\UserPrime\AppData\Roaming\Unified Remote
    2015-01-14 22:45 - 2014-04-05 13:07 - 00000000 ____D () C:\Program Files\SWF Opener
    2015-01-14 21:55 - 2014-04-05 13:04 - 00000000 ____D () C:\ProgramData\InstallMate
    2015-01-14 17:18 - 2014-04-13 23:49 - 00000000 ____D () C:\Program Files\PC Monitor
    2015-01-12 08:00 - 2014-03-29 18:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-12 07:59 - 2014-03-29 18:49 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-07 05:37 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-06 09:03 - 2013-09-06 12:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-03 12:13 - 2014-04-26 23:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
    2015-01-03 03:08 - 2013-08-22 09:44 - 06465048 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-03 03:07 - 2014-03-23 22:56 - 00000000 ____D () C:\Users\UserPrime
    2015-01-03 00:58 - 2014-12-05 03:25 - 00000000 ____D () C:\Program Files\Recuva
    2014-12-31 19:36 - 2014-04-26 23:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-12-31 19:34 - 2014-04-26 23:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-12-31 19:32 - 2014-04-26 23:30 - 00000000 ____D () C:\ProgramData\Adobe
    2014-12-31 13:12 - 2014-04-13 23:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-31 06:14 - 2014-03-29 18:55 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-31 03:11 - 2014-12-06 21:46 - 00000000 ____D () C:\Users\UserPrime\dwhelper
    2014-12-27 23:33 - 2014-06-09 04:06 - 00000000 ____D () C:\Users\UserPrime\AppData\Local\Windows Live
    2014-12-26 02:47 - 2014-12-15 00:33 - 00000000 ____D () C:\ProgramData\Chasys Draw IES
    2014-12-25 18:35 - 2013-10-07 13:28 - 00000000 ____D () C:\ProgramData\CyberLink
    2014-12-25 18:20 - 2014-12-15 00:13 - 00000000 ____D () C:\Program Files (x86)\Eltima Software
    2014-12-25 04:20 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-12-25 03:18 - 2013-08-22 09:46 - 00035441 _____ () C:\Windows\setupact.log

    ==================== Files in the root of some directories =======
    2014-05-04 19:59 - 2014-05-04 19:59 - 0000288 _____ () C:\Users\UserPrime\AppData\Roaming\.backup.dm

    Some content of TEMP:
    ====================
    C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-18 02:17

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 03
    Ran by UserPrime at 2015-01-18 19:52:50
    Running from C:\Users\UserPrime\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{05D12146-31FA-CB4C-C780-8E450FCC5F2E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
    Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3212 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3201 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell System Detect (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
    Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    f.lux (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\Flux) (Version: - )
    FastStone Image Viewer 4.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.8.4.4 - Siber Systems)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HideVPN (HKLM-x32\...\HideVPN) (Version: 1.0.0 - WebSafeVPN)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-614374451-640586071-3639636259-1002\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Kastor Free Audio Extractor V1.4 (HKLM-x32\...\Kastor Free Audio Extractor_is1) (Version: 1.4.0.0 - KastorSoft)
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    LibreOffice 4.2 Help Pack (English (United States)) (HKLM-x32\...\{9B197B38-038D-47B5-9572-AE07E34F6AD0}) (Version: 4.2.2.1 - The Document Foundation)
    LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
    Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.2) (Version: 7.2 - Applian Technologies Inc.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
    Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.1 - Unified Intents AB)
    Unified Remote (HKLM-x32\...\{D7930C67-5816-417B-BF28-54BB75EFDAF9}) (Version: 2.14.4.0 - Unified Remote)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Video Download Capture version 4.9.2 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.2 - APOWERSOFT LIMITED)
    Video Time Reversal 2.07 (HKLM-x32\...\Video Time Reversal 2_is1) (Version: 2.07 - Xander)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)
    Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
    CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File

    ==================== Restore Points =========================

    04-01-2015 01:54:49 Scheduled Checkpoint
    14-01-2015 17:17:27 Removed PC Monitor
    17-01-2015 19:06:41 Installed Classic Shell

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-01-15 05:00 - 00451393 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobeereg.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0E0F9862-0643-44B6-9DBC-1E84EC888C78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {143616EB-5EEC-460C-8CD7-ECCEE7B123CA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    Task: {14F01E9E-A75A-49E0-8832-89E51C1A99C8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {19C28DC4-E382-4D71-9D17-344CD905310F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
    Task: {1ECEF5E8-3ACE-41C7-BB0E-7E6C0403413A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {20C3ED1E-1F50-404C-A790-FA89C9D13712} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {27DFD6B6-181E-4E71-9E23-FB5DD52E7D16} - System32\Tasks\{1B78B6A5-57CB-4EC6-ACFB-25B6208B1092} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe" -c REPAIRUI RERUNMODE
    Task: {59246BE6-D37E-41BA-AC12-48A350707FAD} - System32\Tasks\AdobeAAMUpdater-1.0-MASTERCOMP-UserPrime => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
    Task: {5B30D3AC-0AED-4FE7-856B-5A89B367CE91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {8A4C4001-C2F6-42FE-8E57-FFC8C7B81D21} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {8C9E2623-C996-4A6E-AF4F-D83C4441B0DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {9579F257-F07D-43FC-B534-19B5E91FE613} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {A28FD34C-1DBC-410F-8FED-F81F140B5422} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
    Task: {A2CA1690-824A-47AA-88A0-6F0C65DD927B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {A7C9B5E8-4FFD-4463-AC98-85CC812886F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
    Task: {A9E2CB50-529E-4CE1-BA43-FDB33E6C3596} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
    Task: {BFE2C1D0-6004-49F0-8759-FA853D51FA8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F79AAE4B-411F-4E40-9C5D-2E9D64AD8E30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {FC3C34CC-D48E-4F90-977D-C0E9A7E1838D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-614374451-640586071-3639636259-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-08-23 03:08 - 2013-08-23 03:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-08-23 03:13 - 2013-08-23 03:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-08-23 03:09 - 2013-08-23 03:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-08-23 03:07 - 2013-08-23 03:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-08-23 03:07 - 2013-08-23 03:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-08-23 03:07 - 2013-08-23 03:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-08-23 03:20 - 2013-08-23 03:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-08-23 03:20 - 2013-08-23 03:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2013-08-19 15:47 - 2013-08-19 15:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-04-18 09:19 - 2014-04-18 09:19 - 08616080 _____ () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
    2013-08-23 03:12 - 2013-08-23 03:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2013-08-19 15:47 - 2013-08-19 15:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2013-10-07 13:31 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-12-14 01:28 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2015-01-15 01:51 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
    2015-01-15 01:51 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
    2015-01-15 01:51 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
    2015-01-15 01:51 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
    2015-01-15 01:51 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:DED17083
    AlternateDataStreams: C:\Users\UserPrime\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-614374451-640586071-3639636259-500 - Administrator - Enabled)
    Guest (S-1-5-21-614374451-640586071-3639636259-501 - Limited - Disabled)
    UserPrime (S-1-5-21-614374451-640586071-3639636259-1002 - Administrator - Enabled) => C:\Users\UserPrime

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.3.9600.17039 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: e5c

    Start Time: 01d03328a9d1ee35

    Termination Time: 0

    Application Path: C:\Windows\Explorer.EXE

    Report Id: 7628c335-9f72-11e4-8297-485ab6b2d0e6

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4156

    Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4156

    Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2797

    Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2797

    Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1391

    Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1391

    Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (01/18/2015 07:31:52 PM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (01/18/2015 09:55:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/18/2015 09:19:01 AM) (Source: DCOM) (EventID: 10010) (User: MASTERCOMP)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee Application Installer Cleanup (0143991395633463) service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/18/2015 09:11:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
    %%2

    Error: (01/18/2015 09:11:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the LighterRunner service to connect.

    Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1069

    Error: (01/18/2015 09:09:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
    %%50

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Active File Monitor V12 service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/18/2015 09:09:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (01/18/2015 07:32:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Explorer.EXE6.3.9600.17039e5c01d03328a9d1ee350C:\Windows\Explorer.EXE7628c335-9f72-11e4-8297-485ab6b2d0e6

    Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4156

    Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4156

    Error: (01/18/2015 09:55:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2797

    Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2797

    Error: (01/18/2015 09:55:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1391

    Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1391

    Error: (01/18/2015 09:55:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    ==================== Memory info ===========================

    Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 32%
    Total physical RAM: 7366.26 MB
    Available physical RAM: 5008.02 MB
    Total Pagefile: 14790.26 MB
    Available Pagefile: 11585.07 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.82 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:910.38 GB) (Free:724.88 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 429EAAF4)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-01-18 21:53:20
    -----------------------------
    21:53:20.818 OS Version: Windows x64 6.2.9200
    21:53:20.818 Number of processors: 4 586 0x1301
    21:53:20.818 ComputerName: MASTERCOMP UserName: UserPrime
    21:53:37.209 Initialize success
    21:53:37.381 VM: initialized successfully
    21:53:37.397 VM: Amd CPU BiosDisabled
    21:54:41.578 AVAST engine defs: 15011801
    21:54:44.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
    21:54:44.392 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2BA30001 Size: 953869MB BusType: 11
    21:54:44.579 Disk 0 MBR read successfully
    21:54:44.595 Disk 0 MBR scan
    21:54:44.626 Disk 0 unknown MBR code
    21:54:44.642 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    21:54:44.907 Disk 0 scanning C:\Windows\system32\drivers
    21:55:06.419 Service scanning
    21:55:41.071 Modules scanning
    21:55:41.071 Disk 0 trace - called modules:
    21:55:41.118 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amdxata.sys storport.sys hal.dll amdsata.sys
    21:55:41.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001117fb060]
    21:55:41.634 3 CLASSPNP.SYS[fffff801fdba027b] -> nt!IofCallDriver -> [0xffffe00111797040]
    21:55:41.649 5 hpdskflt.sys[fffff801fe17542b] -> nt!IofCallDriver -> [0xffffe00110d04b30]
    21:55:41.649 7 amdxata.sys[fffff801fd6ba6b4] -> nt!IofCallDriver -> \Device\0000002e[0xffffe00110428330]
    21:55:44.884 AVAST engine scan C:\Windows
    21:55:47.759 AVAST engine scan C:\Windows\system32
    22:00:24.100 AVAST engine scan C:\Windows\system32\drivers
    22:00:48.287 AVAST engine scan C:\Users\UserPrime
    22:14:55.976 AVAST engine scan C:\ProgramData
    22:18:43.376 Disk 0 statistics 3943786/0/0 @ 1.85 MB/s
    22:18:43.378 Scan finished successfully
    22:21:09.007 Disk 0 MBR has been saved successfully to "C:\Users\UserPrime\Desktop\MBR.dat"
    22:21:09.017 The log file has been saved successfully to "C:\Users\UserPrime\Desktop\aswMBR.txt"


    Win32.2UrFace.bho: [SBI $51263573] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer.exe (1.6.4.26)
    2015-01-18 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2014-11-28 Includes\Adware-000.sbi (*)
    2014-12-05 Includes\Adware-001.sbi (*)
    2015-01-14 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-11-03 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-24 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2014-11-14 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2014-11-14 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-07-09 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2015-01-14 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2014-01-13 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2015-01-14 Includes\PUPS-C.sbi (*)
    2014-01-13 Includes\PUPS.sbi (*)
    2014-01-13 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-08 Includes\Security.sbi (*)
    2014-01-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2014-12-04 Includes\Spyware-000.sbi (*)
    2014-12-09 Includes\Spyware-001.sbi (*)
    2015-01-14 Includes\Spyware-C.sbi (*)
    2014-01-13 Includes\Spyware.sbi (*)
    2014-01-08 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-02-26 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2014-01-28 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-10-02 Includes\Trojans-005.sbi (*)
    2014-09-02 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-09 Includes\Trojans-008.sbi (*)
    2014-11-03 Includes\Trojans-009.sbi (*)
    2015-01-14 Includes\Trojans-C.sbi (*)
    2014-04-25 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-10-06 Includes\Trojans-ZB-000.sbi (*)
    2014-10-27 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-09 Includes\TrojansC-02.sbi (*)
    2014-01-09 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-09 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    Additionally I have run adwcleaner, emisoft anti-malware trial version, hitman pro trial version and malwarebytes anti-malware to no result. Help, please.

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Sorry for the delay.

    We will need to uninstall Google Chrome completely, then reinstall.

    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.


    ***

    Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on Google Chrome
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • when the built-in uninstaller is finished click on Next.
    • Once the program has searched for leftovers click Next.
    • Check/tick the bolded items only on the list then click Delete
    • when prompted click on Yes and then on next.
    • put a check on any folders that are found and select delete
    • when prompted select yes then on next
    • Once done click Finish.



    You can redownload Google Chrome from this link.
    http://www.google.com/chrome/
    ~~~~~~~~~~~~

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)




    start
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR dev: Chrome dev build detected! <======= ATTENTION
    S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
    c:\Program Files (x86)\LighterRunner\LighterRunner.dll
    C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll
    CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
    CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File
    AlternateDataStreams: C:\ProgramData\Temp:DED17083
    DeleteKey: HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~
    Please locate adwcleaner and delete it.

    I want you to download a current updated copy.

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    please post
    Fixlog.txt
    C:\AdwCleaner.txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 03
    Ran by UserPrime at 2015-01-23 05:20:44 Run:1
    Running from C:\Users\UserPrime\Desktop
    Loaded Profiles: UserPrime (Available profiles: UserPrime)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR dev: Chrome dev build detected! <======= ATTENTION
    S2 eb1f7708; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterRunner\LighterRunner.dll",serv
    c:\Program Files (x86)\LighterRunner\LighterRunner.dll
    C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll
    CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F99D003-9468-D082-5540-E8EE85889A47} No File
    CustomCLSID: HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FBE8141-9468-D082-1711-CFAE85889A47} No File
    AlternateDataStreams: C:\ProgramData\Temp:DED17083
    DeleteKey: HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
    eb1f7708 => Service deleted successfully.
    "c:\Program Files (x86)\LighterRunner\LighterRunner.dll" => File/Directory not found.
    C:\Users\UserPrime\AppData\Local\Temp\Tsu143D785D.dll => Moved successfully.
    "HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}" => Key deleted successfully.
    "HKU\S-1-5-21-614374451-640586071-3639636259-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}" => Key deleted successfully.
    C:\ProgramData\Temp => ":DED17083" ADS removed successfully.
    HKEY_CLASSES_ROOT\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5} => Key not found.
    EmptyTemp: => Removed 2.2 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 05:22:17 ====


    # AdwCleaner v4.108 - Report created 23/01/2015 at 06:07:19
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-22.3 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : UserPrime - MASTERCOMP
    # Running from : C:\Users\UserPrime\Desktop\Anti-Malware\adwcleaner_4.108.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17037


    -\\ Mozilla Firefox v34.0.5 (x86 en-US)


    -\\ Google Chrome v

    [C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

    *************************

    AdwCleaner[R0].txt - [1215 octets] - [23/01/2015 05:34:56]
    AdwCleaner[R1].txt - [1285 octets] - [23/01/2015 05:40:42]
    AdwCleaner[S0].txt - [1212 octets] - [23/01/2015 06:07:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1272 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 8.1 x64
    Ran by UserPrime on Fri 01/23/2015 at 5:42:21.95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted the following from C:\Users\UserPrime\AppData\Roaming\mozilla\firefox\profiles\swnccxfp.default-1396138438950\prefs.js

    user_pref("extensions.eT4EUY3dRbXPuv4Q.url", "hxxp://firstynan.net/sync2/?q=hfZ9ofV9CShEAen0rTa5rHsMg708BNmGWj8lkGhGheDUojw9rjwFqjsGrjk9pchIC7n0rjnFrjsErdg9qds6tNhVCT94tMVKhd9
    user_pref("extensions.sxAeiZEPSU6hZogp.url", "hxxp://supercept.info/sync2/?q=hfZ9ofV9CShEAen0rTwEqHrMg708BNmGWj8lkGhGheDUojw9rjsHrjsHrTk9qShIC7n0rjnFrTrFrTrGpdsEtNhVCT94tMVKhd



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/23/2015 at 6:05:50.60
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    uninstall Google Chrome?

    Tell me what the computer is doing now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Chrome is uninstalled and their are no unwanted ads anymore. As far as i can tell there is no other change. I reran Spybot and it still shows the presence of the virus in the registry.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content inside of the following codebox into the main textfield:
      Code:
      :folderfind
      2YourFace
      :filefind
      2YourFace
      :regfind
      2YourFace
      D3388703-5092-487C-8217-11ADA1CA68B5
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    SystemLook 30.07.11 by jpshortstuff
    Log created at 07:02 on 25/01/2015 by UserPrime
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== folderfind ==========

    Searching for "2YourFace"
    No folders found.

    ========== filefind ==========

    Searching for "2YourFace"
    No files found.

    ========== regfind ==========

    Searching for "2YourFace"
    No data found.

    Searching for "D3388703-5092-487C-8217-11ADA1CA68B5"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]

    -= EOF =-

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste Windows Registry Editor Version 5.00):


    Code:
    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}]

    Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as to All Files" ..Double click on the delete.reg file and choose Yes to merge/add it to the registry. It will look like this
    .. You may delete the file afterwards.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Thanks, problem appears to be solved. Is there any followup information required to verify?

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Quote Originally Posted by BIOS_Pherecydes View Post
    Thanks, problem appears to be solved. Is there any followup information required to verify?
    Yes, I think an online scan would be best to run now.
    Might not find anything but we should.

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •