CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\Run: [] => [X]
HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\RunOnce: [SysOff] => C:\Windows\SysWOW64\SYSPREP\ClosespV.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...0BPBXX31EVB0BPB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...0BPBXX31EVB0BPB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.doko-sear...125836&tsp=5037
HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol...ADBD6749FB663F6
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.filebu...q={searchTerms}
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: No Name -> {E6CE065A-F0C3-C32B-7B95-3C877CFC2A91} ->  No File
BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll [2014-03-26] (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll [2014-03-26] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
FF DefaultSearchEngine: sweet-page
FF SelectedSearchEngine: sweet-page
FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1415366958&from=air&uid=TOSHIBAXMK7575GSX_31EVB0BPBXX31EVB0BPB
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-295868932-3461566431-2313640649-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF user.js: detected! => C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\user.js [2015-01-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml [2014-11-07]
FF Extension: Fast Start - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\faststartff@gmail.com [2014-11-07]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B} [2015-03-06]
FF Extension: Slick Savings - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-03-06]
FF Extension: Start Page - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [2015-03-06]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-295868932-3461566431-2313640649-1001\...\Firefox\Extensions: [{562F1FE6-9763-FF7B-444A-FE5DD2884927}] - C:\Program Files (x86)\ver3BetterMarkIt\186.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [Not Found]
2015-07-30 13:00 - 2015-07-30 13:12 - 00000000 ____D C:\Program Files (x86)\EasyFix Tools
2015-07-30 13:00 - 2015-07-30 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyFix Tools
2012-01-18 20:39 - 2012-01-18 20:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {1AF91CB9-A9DA-4F02-A3BC-1C92B6DDC1B9} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {AB337D4F-1654-4089-9DFC-5D69A96D1032} - \RocketTab No Task File <==== ATTENTION
Task: {E17802EF-3666-48F9-B59E-F1A90CF475F3} - \RocketTab Update Task No Task File <==== ATTENTION
C:\Windows\SysWOW64\SYSPREP\ClosespV.exe
C:\Users\power\AppData\LocalLow\Vuze_Remote
C:\Program Files (x86)\ver3BetterMarkIt
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^power^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer" 
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
Hosts:
EmptyTemp: