Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unkown files taking up space [Closed]

Started by smart1dumby , Jul 30 2015 03:11 AM

This topic is locked

#1
smart1dumby

Posted 30 July 2015 - 03:11 AM

New Member

Member
3 posts

I have used other programs to remove viruses previously and I don't think there is one but there are heaps of files I don't know about such as one called; ACF5FE1B377240688B872D2A6EFD0A05.TMP. Are there any programs to tell me what devices, processes and folders or files I actually need on my laptop and what they're for. thanks very much

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by power (administrator) on POWER-PC (30-07-2015 17:04:09)
Running from C:\Users\power\Desktop
Loaded Profiles: UpdatusUser & power (Available Profiles: UpdatusUser & power)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\Run: [] => [X]
HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\RunOnce: [SysOff] => C:\Windows\SysWOW64\SYSPREP\ClosespV.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File not found
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [167312 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs: ,C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [167312 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [147576 2015-04-09] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...0BPBXX31EVB0BPB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...0BPBXX31EVB0BPB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-21-295868932-3461566431-2313640649-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.6.0.32
HKU\S-1-5-21-295868932-3461566431-2313640649-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.doko-sear...125836&tsp=5037
HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> DefaultScope {80FC96E6-23AE-4758-BCD2-B1BCBEBFD057} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol...ADBD6749FB663F6
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {2A423B5F-0476-4755-AB6D-E9A0A8ED96DF} URL = https://au.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.filebu...q={searchTerms}
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {80FC96E6-23AE-4758-BCD2-B1BCBEBFD057} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {E6CE065A-F0C3-C32B-7B95-3C877CFC2A91} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll [2014-03-26] (ClientConnect Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-08] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll [2014-03-26] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0736FD2C-7D6B-49ED-802A-1E6FFF631E1F}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{1C2BBC94-FD6B-4AAD-88F4-CDF98348BD89}: [DhcpNameServer] 211.29.93.7 198.142.0.51
Tcpip\..\Interfaces\{D48B5815-319E-4D74-AB1E-16C2DF9C731B}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: sweet-page
FF SelectedSearchEngine: sweet-page
FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1415366958&from=air&uid=TOSHIBAXMK7575GSX_31EVB0BPBXX31EVB0BPB
FF Keyword.URL: https://au.search.ya...&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-295868932-3461566431-2313640649-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\power\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-295868932-3461566431-2313640649-1001: @talk.google.com/O1DPlugin -> C:\Users\power\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-295868932-3461566431-2313640649-1001: @tools.google.com/Google Update;version=3 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-295868932-3461566431-2313640649-1001: @tools.google.com/Google Update;version=9 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-295868932-3461566431-2313640649-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF user.js: detected! => C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\user.js [2015-01-28]
FF Plugin ProgramFiles/Appdata: C:\Users\power\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\power\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\searchplugins\yahoo_ff.xml [2014-10-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml [2014-11-07]
FF Extension: Fast Start - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\[email protected] [2014-11-07]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B} [2015-03-06]
FF Extension: Slick Savings - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-03-06]
FF Extension: Start Page - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [2015-03-06]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [2014-10-27]
FF Extension: Self-Destructing Cookies - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\[email protected] [2014-02-25]
FF Extension: Video Resumer - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\[email protected] [2014-02-25]
FF Extension: Flagfox - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Adblock Plus - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\extensions\[email protected]
FF HKU\S-1-5-21-295868932-3461566431-2313640649-1001\...\Firefox\Extensions: [{562F1FE6-9763-FF7B-444A-FE5DD2884927}] - C:\Program Files (x86)\ver3BetterMarkIt\186.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\power\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-06]
CHR Extension: (Google Docs) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
CHR Extension: (Google Drive) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-06]
CHR Extension: (YouTube) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-06]
CHR Extension: (Adblock Plus) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-11]
CHR Extension: (Google Search) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-06]
CHR Extension: (Google Sheets) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-06]
CHR Extension: (Norton Identity Safe) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-06]
CHR Extension: (Gmail) - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-03] () [File not signed]
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [175136 2014-12-24] (EasyAntiCheat Ltd)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [126392 2009-08-25] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-25] (TOSHIBA Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-29] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150729.001\IDSvia64.sys [692984 2015-07-14] (Symantec Corporation)
S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [711168 2013-07-31] (DiBcom)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150729.008\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150729.008\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 17:04 - 2015-07-30 17:04 - 00029538 _____ C:\Users\power\Desktop\FRST.txt
2015-07-30 17:02 - 2015-07-30 17:04 - 00000000 ____D C:\FRST
2015-07-30 17:02 - 2015-07-30 17:02 - 02169856 _____ (Farbar) C:\Users\power\Desktop\FRST64.exe
2015-07-30 16:29 - 2015-07-30 16:29 - 00099500 _____ C:\Users\power\Desktop\Extras.Txt
2015-07-30 16:23 - 2015-07-30 16:23 - 00141442 _____ C:\Users\power\Desktop\OTL.Txt
2015-07-30 16:11 - 2015-07-30 16:11 - 00602112 _____ (OldTimer Tools) C:\Users\power\Desktop\OTL.exe
2015-07-30 14:22 - 2015-07-30 14:22 - 00000000 ____D C:\Users\power\.swt
2015-07-30 13:00 - 2015-07-30 13:12 - 00000000 ____D C:\Program Files (x86)\EasyFix Tools
2015-07-30 13:00 - 2015-07-30 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyFix Tools
2015-07-29 17:49 - 2015-07-30 00:09 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-29 17:49 - 2015-07-29 17:49 - 00000934 _____ C:\Users\Public\Desktop\Steam.lnk
2015-07-29 17:49 - 2015-07-29 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-29 17:48 - 2015-07-29 17:48 - 01476720 _____ C:\Users\power\Downloads\SteamSetup.exe
2015-07-29 16:35 - 2015-07-29 16:35 - 00007170 _____ C:\Users\power\Downloads\Default_Library-ms.reg
2015-07-29 16:09 - 2015-07-26 02:07 - 00017856 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-29 16:09 - 2015-07-26 02:04 - 00765440 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-29 16:09 - 2015-07-26 02:04 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-29 16:09 - 2015-07-26 02:03 - 01085440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-29 16:09 - 2015-07-26 02:03 - 00433664 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-29 16:09 - 2015-07-26 02:03 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-29 16:09 - 2015-07-26 02:03 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-29 16:09 - 2015-07-26 01:55 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-26 11:36 - 2015-07-26 11:36 - 00347816 _____ (Microsoft Corporation) C:\Users\power\Downloads\MicrosoftFixit.Devices.Run.exe
2015-07-26 00:12 - 2015-05-10 02:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-07-25 22:00 - 2015-07-25 22:00 - 00000000 ____D C:\Users\power\AppData\Local\CEF
2015-07-24 22:18 - 2015-07-24 22:18 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
2015-07-21 19:08 - 2015-07-15 11:19 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-21 19:08 - 2015-07-15 11:19 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-21 19:08 - 2015-07-15 11:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-21 19:08 - 2015-07-15 11:19 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-21 19:08 - 2015-07-15 10:55 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-21 19:08 - 2015-07-15 10:55 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-21 19:08 - 2015-07-15 10:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-21 19:08 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-21 19:08 - 2015-07-15 09:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-21 19:08 - 2015-07-15 09:52 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 02603008 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-15 18:36 - 2015-07-10 01:58 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-15 18:36 - 2015-07-10 01:58 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-15 18:36 - 2015-07-10 01:58 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-07-15 18:36 - 2015-07-10 01:43 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-15 18:36 - 2015-07-10 01:43 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-15 18:36 - 2015-07-10 01:43 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-15 18:36 - 2015-07-10 01:43 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-15 18:36 - 2015-07-10 01:42 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-15 18:36 - 2015-07-03 05:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-15 18:36 - 2015-07-03 05:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-15 18:36 - 2015-07-03 04:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-15 18:36 - 2015-07-03 04:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-15 18:36 - 2015-07-03 04:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-15 18:36 - 2015-07-03 04:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-15 18:36 - 2015-07-03 03:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-15 18:36 - 2015-07-03 02:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-15 18:36 - 2015-06-27 10:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-07-15 18:36 - 2015-06-27 10:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-15 18:36 - 2015-06-27 09:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-07-15 18:36 - 2015-06-27 09:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-15 18:36 - 2015-06-25 16:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-15 18:36 - 2015-06-18 01:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-15 18:36 - 2015-06-18 01:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-15 18:36 - 2015-06-10 02:03 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-15 18:36 - 2015-06-10 02:03 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 18:36 - 2015-06-02 08:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-15 18:36 - 2015-06-02 07:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-15 18:35 - 2015-07-03 04:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-15 18:35 - 2015-07-03 04:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-15 18:35 - 2015-07-03 04:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-15 18:35 - 2015-07-03 03:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-15 18:35 - 2015-06-26 02:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-15 18:35 - 2015-06-26 01:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-15 18:35 - 2015-06-21 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-07-15 18:35 - 2015-06-21 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-15 18:35 - 2015-06-21 03:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-15 18:35 - 2015-06-21 03:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-15 18:35 - 2015-06-21 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-07-15 18:35 - 2015-06-21 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-15 18:35 - 2015-06-21 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-15 18:35 - 2015-06-21 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-15 18:35 - 2015-06-21 03:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-15 18:35 - 2015-06-21 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-07-15 18:35 - 2015-06-21 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-07-15 18:35 - 2015-06-21 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-15 18:35 - 2015-06-21 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-15 18:35 - 2015-06-21 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 18:35 - 2015-06-21 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-15 18:35 - 2015-06-21 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-15 18:35 - 2015-06-21 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-15 18:35 - 2015-06-21 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-15 18:35 - 2015-06-21 02:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-15 18:35 - 2015-06-21 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-15 18:35 - 2015-06-21 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-07-15 18:35 - 2015-06-21 02:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-15 18:35 - 2015-06-21 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-15 18:35 - 2015-06-20 02:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-15 18:35 - 2015-06-20 02:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-15 18:35 - 2015-06-20 02:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-15 18:35 - 2015-06-20 02:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-07-15 18:35 - 2015-06-20 02:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-15 18:35 - 2015-06-20 02:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-15 18:35 - 2015-06-20 02:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-15 18:35 - 2015-06-20 02:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-15 18:35 - 2015-06-20 02:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-07-15 18:35 - 2015-06-20 02:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-15 18:35 - 2015-06-20 01:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 18:35 - 2015-06-20 01:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-15 18:35 - 2015-06-20 01:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-15 18:35 - 2015-06-20 01:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-15 18:35 - 2015-06-20 01:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-15 18:35 - 2015-06-20 01:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-15 18:35 - 2015-06-20 01:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-07-15 18:35 - 2015-06-20 01:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-15 18:35 - 2015-06-20 01:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-15 18:34 - 2015-07-05 02:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-15 18:34 - 2015-07-05 01:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-15 18:34 - 2015-06-12 01:57 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-07-15 18:34 - 2015-06-12 01:57 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-07-15 18:34 - 2015-06-12 01:57 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-07-15 18:34 - 2015-06-12 01:56 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-07-15 18:34 - 2015-06-12 01:56 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-07-15 18:34 - 2015-06-12 01:56 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-07-15 18:34 - 2015-06-11 21:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-07-15 18:34 - 2015-04-28 03:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-07-15 18:34 - 2015-04-28 03:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-07-15 18:34 - 2015-04-28 03:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-07-15 18:34 - 2015-04-28 03:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-07-15 18:34 - 2015-04-28 03:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-07-15 18:34 - 2015-04-28 03:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-07-15 18:34 - 2015-04-28 03:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-07-15 18:34 - 2015-04-28 03:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-07-15 18:33 - 2015-07-02 04:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-15 18:33 - 2015-07-02 04:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-15 18:33 - 2015-07-02 04:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-15 18:33 - 2015-07-02 04:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-15 18:33 - 2015-07-02 04:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-15 18:33 - 2015-07-02 04:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-15 18:33 - 2015-07-02 04:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-15 18:33 - 2015-07-02 04:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-15 18:33 - 2015-07-02 04:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-15 18:33 - 2015-07-02 04:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-15 18:33 - 2015-07-02 04:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-15 18:33 - 2015-07-02 04:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-15 18:33 - 2015-07-02 04:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-15 18:33 - 2015-07-02 04:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-15 18:33 - 2015-07-02 04:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-15 18:33 - 2015-07-02 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-15 18:33 - 2015-07-02 04:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-15 18:33 - 2015-07-02 04:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-15 18:33 - 2015-07-02 03:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-15 18:33 - 2015-07-02 03:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-15 18:33 - 2015-07-02 03:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-15 18:33 - 2015-06-16 05:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-15 18:33 - 2015-06-16 05:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-15 18:33 - 2015-06-16 05:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-15 18:33 - 2015-06-16 05:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-15 18:33 - 2015-06-16 05:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-15 18:33 - 2015-06-16 05:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-15 18:33 - 2015-06-16 05:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-15 18:33 - 2015-06-16 05:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-15 18:33 - 2015-06-16 05:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-15 18:33 - 2015-06-16 05:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-15 18:33 - 2015-06-16 05:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-15 18:33 - 2015-06-16 05:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-14 21:09 - 2015-07-14 21:09 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 21:04 - 2015-07-24 22:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-06-30 22:21 - 2015-07-09 01:47 - 00000000 ____D C:\Users\Dana.power-PC.001\AppData\Roaming\Apple Computer
2015-06-30 21:59 - 2015-07-14 21:05 - 00002226 _____ C:\Users\Dana.power-PC.001\Desktop\Google Chrome.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 17:03 - 2009-07-14 12:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-30 17:03 - 2009-07-14 12:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-30 16:49 - 2013-07-04 12:55 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001UA.job
2015-07-30 16:41 - 2015-05-06 15:40 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-30 16:34 - 2012-07-10 08:11 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-30 14:40 - 2013-01-30 01:17 - 00000000 ____D C:\Users\power\AppData\Roaming\Azureus
2015-07-30 14:35 - 2014-11-30 22:22 - 00001819 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-07-30 14:35 - 2014-11-30 22:22 - 00001819 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-30 14:35 - 2014-11-30 22:22 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-07-30 14:24 - 2013-12-14 15:35 - 00000000 ____D C:\Users\power\Downloads\aanew
2015-07-30 14:22 - 2011-06-21 18:38 - 00000000 ____D C:\Users\power
2015-07-30 14:20 - 2014-05-14 13:19 - 00000000 ____D C:\Users\power\Documents\folders
2015-07-30 13:40 - 2011-04-25 20:11 - 01225616 _____ C:\windows\WindowsUpdate.log
2015-07-30 13:39 - 2014-11-26 09:24 - 00000000 ____D C:\Users\power\AppData\Local\NPE
2015-07-30 13:34 - 2015-05-06 15:40 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-30 13:33 - 2015-05-17 19:25 - 00003646 _____ C:\windows\setupact.log
2015-07-30 13:33 - 2013-07-01 17:44 - 00065536 _____ C:\windows\system32\Ikeext.etl
2015-07-30 13:33 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-30 13:32 - 2015-05-21 11:50 - 00062210 _____ C:\windows\PFRO.log
2015-07-30 13:32 - 2009-07-14 11:20 - 00000000 ____D C:\windows\tracing
2015-07-30 12:19 - 2014-12-12 04:07 - 00000000 ____D C:\windows\rescache
2015-07-29 21:56 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-29 18:35 - 2015-01-11 19:46 - 00000000 ____D C:\Users\Dana.power-PC.001
2015-07-29 17:53 - 2015-04-06 13:22 - 00000000 ____D C:\Users\power\AppData\Local\Steam
2015-07-29 17:49 - 2013-07-04 12:54 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001Core.job
2015-07-29 16:10 - 2014-05-07 03:01 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-26 12:22 - 2011-09-04 18:04 - 00000000 ____D C:\Users\power\AppData\Local\Windows Live
2015-07-26 00:40 - 2014-11-26 09:41 - 00000000 __SHD C:\Users\power\AppData\Local\EmieBrowserModeList
2015-07-26 00:40 - 2014-05-17 08:10 - 00000000 __SHD C:\Users\power\AppData\Local\EmieUserList
2015-07-26 00:40 - 2014-05-17 08:10 - 00000000 __SHD C:\Users\power\AppData\Local\EmieSiteList
2015-07-25 23:29 - 2014-12-23 22:54 - 00000000 ____D C:\Users\power\AppData\Roaming\theHunter
2015-07-25 22:57 - 2012-03-08 22:21 - 00000000 ____D C:\ProgramData\Optus Mobile Broadband
2015-07-25 22:44 - 2012-03-08 22:20 - 00000000 ____D C:\ProgramData\DatacardService
2015-07-25 22:41 - 2015-05-14 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyranid Mod for Soulstorm
2015-07-25 22:24 - 2011-04-25 20:32 - 00000000 ____D C:\ProgramData\TOSHIBA
2015-07-25 22:23 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-25 22:06 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-25 12:31 - 2015-04-05 03:01 - 00000000 ___SD C:\windows\system32\GWX
2015-07-24 22:12 - 2014-09-10 20:14 - 00003206 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-07-24 22:12 - 2014-09-10 20:14 - 00002196 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-24 22:12 - 2014-09-10 20:12 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2015-07-24 17:58 - 2014-09-10 20:27 - 00000000 ____D C:\N360_BACKUP
2015-07-24 11:18 - 2014-09-10 20:14 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-24 11:18 - 2014-09-10 20:14 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-22 03:19 - 2009-07-14 12:45 - 00409496 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-18 18:34 - 2012-07-10 08:11 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-18 18:34 - 2012-07-10 08:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 18:34 - 2012-02-01 19:56 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-18 03:50 - 2015-04-05 03:01 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-18 03:50 - 2009-07-14 11:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-07-18 03:49 - 2015-04-16 03:46 - 00000000 ____D C:\windows\system32\appraiser
2015-07-18 03:27 - 2011-06-21 22:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-18 03:19 - 2014-03-30 02:55 - 00000000 ____D C:\windows\system32\MRT
2015-07-17 17:44 - 2013-07-04 12:55 - 00003878 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001UA
2015-07-17 17:44 - 2013-07-04 12:55 - 00003482 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001Core
2015-07-17 17:42 - 2013-10-16 22:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 17:36 - 2015-05-06 15:40 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 17:36 - 2015-05-06 15:40 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-09 01:47 - 2015-05-12 00:52 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-03 08:43 - 2014-03-30 02:55 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-07-01 20:13 - 2015-01-11 19:47 - 00000000 ____D C:\Users\Dana.power-PC.001\AppData\Roaming\Adobe
2015-07-01 20:00 - 2014-09-10 20:14 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-01 19:59 - 2011-04-25 21:01 - 00000000 ____D C:\ProgramData\Norton
2015-07-01 19:50 - 2011-08-22 21:31 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== Files in the root of some directories =======

2014-12-23 23:16 - 2014-12-23 23:16 - 0000096 _____ () C:\Users\power\AppData\Roaming\LauncherSettings_live.cfg
2014-12-23 22:54 - 2014-12-23 22:54 - 0000039 _____ () C:\Users\power\AppData\Roaming\TheHunterSettings_steam_live.cfg
2013-05-31 00:43 - 2014-09-03 19:03 - 0007597 _____ () C:\Users\power\AppData\Local\resmon.resmoncfg
2012-01-18 20:39 - 2012-01-18 20:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-06-22 21:30 - 2011-06-22 21:33 - 0000815 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Dana\AppData\Local\Temp\ResetDevice.exe
C:\Users\Dana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\power\AppData\Local\Temp\i4jdel0.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2011-12-22 07:41

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by power (2015-07-30 17:05:08)
Running from C:\Users\power\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-295868932-3461566431-2313640649-500 - Administrator - Disabled)
Dana (S-1-5-21-295868932-3461566431-2313640649-1004 - Administrator - Enabled)
Guest (S-1-5-21-295868932-3461566431-2313640649-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-295868932-3461566431-2313640649-1003 - Limited - Enabled)
power (S-1-5-21-295868932-3461566431-2313640649-1001 - Administrator - Enabled) => C:\Users\power
UpdatusUser (S-1-5-21-295868932-3461566431-2313640649-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version: - )
BetterMarkIt (HKLM-x32\...\CCDEE4C2-D097-592A-B1CC-FFD5F12FF67C) (Version: - BetterMarkIt-software) <==== ATTENTION
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build a Molecule (HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\Build a Molecule) (Version: - University of Colorado, Department of Physics)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawn Of War (HKLM-x32\...\{83F12F73-D52E-40C0-93B1-463C311C4E17}) (Version: 1.40 - THQ)
DayZ Commander (HKLM-x32\...\{0B74EC0B-2A85-4542-A167-3DE2132E7DAA}) (Version: 0.92.85 - Dotjosh Studios)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
EasyFix Tools v1.0 (HKLM\...\EasyFix Tools_is1) (Version: 1.0 - EasyFixTools, Inc.)
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
f.lux (HKU\S-1-5-21-295868932-3461566431-2313640649-1001\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk (remove only) (HKU\S-1-5-21-295868932-3461566431-2313640649-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magentic (HKLM-x32\...\Magentic) (Version: 1.3.1.967 - IncrediMail Ltd.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Molecule Shapes- Basics (HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\Molecule Shapes- Basics) (Version: - University of Colorado, Department of Physics)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version: - )
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 267.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Optus Wireless Broadband (HKLM-x32\...\Optus Wireless Broadband) (Version: 11.300.04.04.432 - Huawei Technologies Co.,Ltd)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-295868932-3461566431-2313640649-1001\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
The Sims (HKLM-x32\...\The Sims) (Version: - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{F52618B2-A995-4F8D-A6C8-9E235A470C68}) (Version: 8.0.36 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.7 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.24.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.9.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.12 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.5.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM-x32\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.6.08-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TuneUp 2.4.8.5 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.8.5 - TuneUp Media, Inc.)
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version: - )
Ultimate Apocalypse mod 1.73 (HKU\S-1-5-21-295868932-3461566431-2313640649-1001\...\Ultimate Apocalypse mod 1.73) (Version: - )
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
Vuze Remote Toolbar (HKLM-x32\...\Vuze_Remote Toolbar) (Version: 6.10.3.27 - Vuze Remote) <==== ATTENTION
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.55 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

25-07-2015 22:10:06 Revo Uninstaller's restore point - Evolution RTS
25-07-2015 22:21:25 Revo Uninstaller's restore point - Warhammer 40,000: Storm of Vengeance
25-07-2015 22:42:02 Revo Uninstaller's restore point - Optus Mobile Broadband
25-07-2015 23:23:19 Revo Uninstaller's restore point - War of the Roses
25-07-2015 23:25:39 Revo Uninstaller's restore point - Stronghold 3
25-07-2015 23:27:37 Revo Uninstaller's restore point - theHunter
25-07-2015 23:52:25 Windows Update
26-07-2015 00:12:19 Windows Update
29-07-2015 13:41:19 Windows Update
29-07-2015 16:09:39 Windows Update
29-07-2015 17:37:54 Revo Uninstaller's restore point - Steam
29-07-2015 21:55:24 Windows Modules Installer
30-07-2015 00:16:06 Windows Update
30-07-2015 13:30:10 Norton_Power_Eraser_20150730133008362

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {061698DE-5346-4D5F-9DCC-5A15C7866833} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {0BAE11A7-FF89-4B8B-B066-B761EC842F18} - System32\Tasks\{6C47FC73-3423-4C62-BC76-2693BB627F58} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {0C4EDBF1-189F-4488-91C9-47221DBA97C9} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {0F441619-3440-4F0A-BA84-3F63335F734C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {1AF91CB9-A9DA-4F02-A3BC-1C92B6DDC1B9} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {20E8E452-D8A4-4687-B491-CE8C7F6DE2DB} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {3607B9A9-5157-48EC-825B-44AC3BCC61D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001Core => C:\Users\power\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: {5F036C68-76D4-423D-9A4F-0DDE02007EC8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001UA => C:\Users\power\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: {747508F8-97D7-4D9A-BD09-79EEA6420FEF} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {7620BAC9-24CF-4B23-9D6A-D7FA51685F0C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A67707DC-4265-45EA-8285-91A45FF3960B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-06] (Google Inc.)
Task: {AB337D4F-1654-4089-9DFC-5D69A96D1032} - \RocketTab No Task File <==== ATTENTION
Task: {DC79EEE1-2B75-4727-8C79-CD24633181CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-06] (Google Inc.)
Task: {E17802EF-3666-48F9-B59E-F1A90CF475F3} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {E59E531E-7F93-4642-9D70-A2468709F82C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {FB4A9291-2BC3-4D7F-A041-07202C6188C1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-18] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001Core.job => C:\Users\power\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295868932-3461566431-2313640649-1001UA.job => C:\Users\power\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-09 07:23 - 2015-04-09 07:23 - 00010952 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-05-17 13:05 - 2015-02-04 10:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-12-09 06:42 - 2010-12-09 06:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-04-09 07:23 - 2015-04-09 07:23 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-29 18:55 - 2015-07-25 16:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
2015-07-29 18:55 - 2015-07-25 16:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
2015-07-29 18:55 - 2015-07-25 16:46 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\power\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^Users^power^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackgroundContainer => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\power\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: EE3E8F24DC53E55A1B834ECB10669E575F25AE86._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: F.lux => "C:\Users\power\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: Google Update => "C:\Users\power\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: googletalk => C:\Users\power\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Magentic => C:\PROGRA~2\Magentic\bin\Magentic.exe /c
MSCONFIG\startupreg: NextLive => C:\windows\SysWOW64\rundll32.exe "C:\Users\power\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Smart PC Cleaner => C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\power\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A195EA86-E03B-46C9-A666-304986879D52}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B0429496-0E5E-4B73-8E4F-EFBF3A9F3BB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{970CE45E-F1AB-439C-959D-EFF2BF11363C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CEC9D849-CEFB-4F56-90F8-0EB8DF22830E}] => (Allow) LPort=2869
FirewallRules: [{CEC43340-8A03-4AAD-B88C-B93623345C4E}] => (Allow) LPort=1900
FirewallRules: [{F71ED726-6E0F-41B3-A754-67093245F588}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4E232A3B-786A-43AD-B031-36778DD51DAA}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D863F626-3A40-4E73-904B-2609758B313E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90ED6C02-7288-415E-8717-7D0C7953C487}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8BFE9372-4CB8-47F7-885B-B9665A2F3DAD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FE40CC9D-1D52-4FD3-82A8-B319589E68FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{02880F52-9C1C-4A08-B1C8-CCED0E424074}] => (Allow) E:\azures movies\game.dat
FirewallRules: [{480425C0-99CC-4161-9837-86CDBFEB872B}] => (Allow) E:\azures movies\game.dat
FirewallRules: [{124B1DBE-AFA9-4A91-81E4-D12F281935E3}] => (Allow) E:\azures movies\World of Warcraft\Launcher.exe
FirewallRules: [{B5BFD7A2-CF67-440C-A580-1DA234AA51C8}] => (Allow) E:\azures movies\World of Warcraft\Launcher.exe
FirewallRules: [{E3A4F1F2-34B2-4FBA-933E-787704F9BBEE}] => (Allow) E:\azures movies\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{6894C9BA-ECD6-4A9F-9EA3-3DFAFCD11A06}] => (Allow) E:\azures movies\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{0D5894EC-21BF-455E-8AF4-65C8B30C65F7}] => (Allow) E:\azures movies\World of Warcraft\Launcher.patch.exe
FirewallRules: [{F19EB48B-368D-4FCC-96C9-ACF28713A973}] => (Allow) E:\azures movies\World of Warcraft\Launcher.patch.exe
FirewallRules: [{3E5F1124-4890-40CF-8861-AC6448E8B073}] => (Allow) C:\Users\Dana\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{7986BABF-3EE4-4BC3-89E7-38ED7C4355ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C5D6E99-30DF-4015-98A5-0DF7FD28619A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E91AB50A-626F-4AE0-A9A2-7691B9BC8CEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{60766F7D-31A4-4E00-A82E-46A2B3DF6A8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A33E248F-68AC-40F1-8A2B-3E497D21B203}] => (Allow) G:\My Documents\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{E9CFEB5A-A7D5-4E47-884A-A812815297F4}] => (Allow) G:\My Documents\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{FC64F3E0-365B-42D5-A24A-D73E254CA838}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D0687B2A-3968-4F16-8E45-653DD9DE5ADB}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{CF96C27C-BFAD-4F3A-A904-6A7E35ABBD79}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [TCP Query User{48A92C44-26F0-4BBC-8894-6422FF96EEF2}C:\users\power\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\power\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA5F13D1-57B5-474A-B11B-F4791F38223B}C:\users\power\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\power\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BB898AFA-09D5-4AF5-8CB4-E9FF2EF4C841}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{A849F893-979F-489D-9036-A052E749298F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{1F872243-1BCB-4CFA-9B22-1A8448CBD00A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{93B78F35-75CC-46B6-8ACD-7DCD2A98FEFB}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EB695988-D6FE-4C65-A22E-AFFBF8BC9D98}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B87ADC89-DBCE-4555-AE47-53CEA264E663}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{11E9D185-7E1B-4E77-BBC2-64E716F01366}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{83B5A1E2-8D9F-482D-B0E0-B66D897FE829}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C3972BB9-FB8D-498E-A967-C21DE51758EE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{44FAEBAF-F70C-441A-B5CE-340269E606D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{820D9BB1-E77B-4560-9CD5-1095A4FAFBC1}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{E86ED6F6-0E48-4276-BEBB-C8B501E96325}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe

==================== Faulty Device Manager Devices =============

Name: STK7700D
Description: STK7700D
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service:
Problem: : Reinstall the drivers for this device. (Code 18)
Resolution: The drivers for this device must be reinstalled.
Click "Update Driver", which starts the Hardware Update wizard.
Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D7400 series
Description: Photosmart D7400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2015 01:34:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 01:30:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-295868932-3461566431-2313640649-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b91d7f3a-209c-4dd2-ba0f-324a63ce381f}

Error: (07/30/2015 11:19:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 12:16:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-295868932-3461566431-2313640649-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9781e6b7-ae94-4c88-9241-7c424ec3210e}

Error: (07/29/2015 09:55:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-295868932-3461566431-2313640649-1004.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {34b22933-743a-4ec3-8676-52549c58a96a}

Error: (07/29/2015 06:58:07 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (07/29/2015 06:40:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: power-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (07/29/2015 06:40:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: power-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (07/29/2015 06:39:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 06:36:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070005, Access is denied.
.

System errors:
=============
Error: (07/30/2015 01:36:21 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%2

Error: (07/30/2015 01:34:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/30/2015 11:20:53 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%2

Error: (07/30/2015 11:19:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/30/2015 12:19:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: TOSHIBA - Other hardware - TOSHIBA USB DVB-T/Analog Hybrid Tuner.

Error: (07/30/2015 12:19:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007066f: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.

Error: (07/29/2015 06:41:28 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%2

Error: (07/29/2015 06:39:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/29/2015 05:53:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (07/29/2015 05:53:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Microsoft Office:
=========================
Error: (07/30/2015 01:34:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 01:30:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-295868932-3461566431-2313640649-1004.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b91d7f3a-209c-4dd2-ba0f-324a63ce381f}

Error: (07/30/2015 11:19:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 12:16:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-295868932-3461566431-2313640649-1004.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9781e6b7-ae94-4c88-9241-7c424ec3210e}

Error: (07/29/2015 09:55:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-295868932-3461566431-2313640649-1004.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {34b22933-743a-4ec3-8676-52549c58a96a}

Error: (07/29/2015 06:58:07 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (07/29/2015 06:40:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: power-PC)
Description:

Error: (07/29/2015 06:40:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: power-PC)
Description:

Error: (07/29/2015 06:39:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 06:36:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070005, Access is denied.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 37%
Total physical RAM: 8098.69 MB
Available physical RAM: 5084.86 MB
Total Virtual: 16195.59 MB
Available Virtual: 13060.79 MB

==================== Drives ================================

Drive c: (S3A9988D002) (Fixed) (Total:685.84 GB) (Free:285.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: E06EC09A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=685.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)

==================== End of log ============================

Attached Files

FRST.txt 57.42KB 187 downloads
Addition.txt 45.72KB 179 downloads

#2
Bruce1270

Posted 31 July 2015 - 12:39 AM

Trusted Helper

Malware Removal
1,714 posts

Hello Smart1dumby and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
Please follow all instructions in the order given.
Please do not install any other software unless advised. This may hinder the removal process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. I'm analysing your logs and will come back to you with a fix soon and some answers to the questions you raised.

Thanks

#3
Bruce1270

Posted 01 August 2015 - 04:59 AM

Trusted Helper

Malware Removal
1,714 posts

Hi Smart1dumby

OK. Overall things don't look too bad but there are some potentially unwanted programs and web page redirects to get rid of plus a general clean up which shoud free up some space.

Are there any programs to tell me what devices, processes and folders or files I actually need on my laptop and what they're for.

I dn't think there is any specific apps for telling you this. Some of the programs I will be using in the clean up process such as adwCleaner are updated regularly, perfectly safe to use and will clean out any unwanted adware and junk. I will cover this and other advice for you at the end of the cleaning process.

Let's move on.

First a little advice.

P2P Warning: !

IMPORTANT I have noticed that there are signs of P2P (Peer to Peer) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Risks of Peer to Peer systems
P2P programs: Popular and perilous

If you continue to use P2P programs it is likely that you will get infected again.

I would recommend that you uninstall Vuze, however that choice is up to you. If you choose to do this, you can do so by:

Please go to Start Menu -> Control Panel -> Programs and Features
Locate the entry called Vuze and click on it.
Click uninstall.

If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.

Step1 - Remove unwanted programs

Please uninstall the following unwanted programs:

BetterMarkit
EasyFix Tools v1.0
TuneUp 2.4.8.5
Vuze Remote Toolbar

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. BetterMarkit
Click uninstall.
Repeat the above steps for all the other programs to remove.

Step2 - FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

fixlist.txt 8.87KB 180 downloads

Ensure fixlist.txt is in the same location as FRST64.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Thanks

#4
smart1dumby

Posted 03 August 2015 - 08:18 AM

New Member

Topic Starter
Member
3 posts

Hey Bruce1270,

Thank you so much for your time and help! I really appreciate it, I honestly haven't been far off completely reformatting the computer for a while. I removed Vuze, deleted those programs and ran FRST64 fixlog, here is the result:

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015

Ran by power (2015-08-03 22:08:06) Run:1

Running from C:\Users\power\Desktop

Loaded Profiles: power (Available Profiles: UpdatusUser & power)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

HKLM\...\Run: [] => [X]

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\Run: [] => [X]

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\...\RunOnce: [SysOff] => C:\Windows\SysWOW64\SYSPREP\ClosespV.exe

AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File not found

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...0BPBXX31EVB0BPB

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...0BPBXX31EVB0BPB

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.doko-sear...125836&tsp=5037

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}

URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)

URLSearchHook: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)

URLSearchHook: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll (ClientConnect Ltd.)

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}

SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol...ADBD6749FB663F6

SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.filebu...q={searchTerms}

SearchScopes: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =

BHO: No Name -> {E6CE065A-F0C3-C32B-7B95-3C877CFC2A91} -> No File

BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll [2014-03-26] (ClientConnect Ltd.)

Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Users\power\AppData\LocalLow\Vuze_Remote\prxtbVuz0.dll [2014-03-26] (ClientConnect Ltd.)

Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File

Toolbar: HKU\S-1-5-21-295868932-3461566431-2313640649-1001 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

FF DefaultSearchEngine: sweet-page

FF SelectedSearchEngine: sweet-page

FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1415366958&from=air&uid=TOSHIBAXMK7575GSX_31EVB0BPBXX31EVB0BPB

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin HKU\S-1-5-21-295868932-3461566431-2313640649-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

FF user.js: detected! => C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\user.js [2015-01-28]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml [2014-11-07]

FF Extension: Fast Start - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\[email protected] [2014-11-07]

FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B} [2015-03-06]

FF Extension: Slick Savings - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-03-06]

FF Extension: Start Page - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [2015-03-06]

FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [2014-10-27]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\extensions\[email protected]

FF HKU\S-1-5-21-295868932-3461566431-2313640649-1001\...\Firefox\Extensions: [{562F1FE6-9763-FF7B-444A-FE5DD2884927}] - C:\Program Files (x86)\ver3BetterMarkIt\186.xpi

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\power\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [Not Found]

2015-07-30 13:00 - 2015-07-30 13:12 - 00000000 ____D C:\Program Files (x86)\EasyFix Tools

2015-07-30 13:00 - 2015-07-30 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyFix Tools

2012-01-18 20:39 - 2012-01-18 20:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\power\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

Task: {1AF91CB9-A9DA-4F02-A3BC-1C92B6DDC1B9} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION

Task: {AB337D4F-1654-4089-9DFC-5D69A96D1032} - \RocketTab No Task File <==== ATTENTION

Task: {E17802EF-3666-48F9-B59E-F1A90CF475F3} - \RocketTab Update Task No Task File <==== ATTENTION

C:\Windows\SysWOW64\SYSPREP\ClosespV.exe

C:\Users\power\AppData\LocalLow\Vuze_Remote

C:\Program Files (x86)\ver3BetterMarkIt

Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^power^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk"

Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer"

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state off

Hosts:

EmptyTemp:

*****************

Restore point was successfully created.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SysOff => value not found.

"c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll" => Value data removed successfully.

"HKLM\SOFTWARE\Policies\Google" => key removed successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value removed successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value removed successfully

"HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => key removed successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value not found.

"HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => key removed successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value removed successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully

HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully

HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => key removed successfully

HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => key not found.

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully

HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6CE065A-F0C3-C32B-7B95-3C877CFC2A91}" => key removed successfully

HKCR\CLSID\{E6CE065A-F0C3-C32B-7B95-3C877CFC2A91} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => key removed successfully

HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value removed successfully

HKCR\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => key not found.

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

HKU\S-1-5-21-295868932-3461566431-2313640649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => value not found.

HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => key not found.

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value removed successfully

HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => key not found.

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => value removed successfully

HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => key not found.

Firefox DefaultSearchEngine removed successfully

Firefox SelectedSearchEngine removed successfully

Firefox homepage removed successfully

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.

C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\user.js => moved successfully.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml => moved successfully.

C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\[email protected] => moved successfully.

C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B} => moved successfully.

C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} => moved successfully.

C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} => moved successfully.

C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} => moved successfully.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully

HKU\S-1-5-21-295868932-3461566431-2313640649-1001\Software\Mozilla\Firefox\Extensions\\{562F1FE6-9763-FF7B-444A-FE5DD2884927} => value removed successfully

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo" => key removed successfully

C:\Program Files (x86)\EasyFix Tools => moved successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyFix Tools => moved successfully.

C:\ProgramData\ezsidmv.dat => moved successfully.

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully

"HKU\S-1-5-21-295868932-3461566431-2313640649-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AF91CB9-A9DA-4F02-A3BC-1C92B6DDC1B9}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AF91CB9-A9DA-4F02-A3BC-1C92B6DDC1B9}" => key removed successfully

C:\Windows\System32\Tasks\BitGuard => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB337D4F-1654-4089-9DFC-5D69A96D1032}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB337D4F-1654-4089-9DFC-5D69A96D1032}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E17802EF-3666-48F9-B59E-F1A90CF475F3}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E17802EF-3666-48F9-B59E-F1A90CF475F3}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => key removed successfully

"C:\Windows\SysWOW64\SYSPREP\ClosespV.exe" => File/Folder not found.

C:\Users\power\AppData\LocalLow\Vuze_Remote => moved successfully.

"C:\Program Files (x86)\ver3BetterMarkIt" => File/Folder not found.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^power^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^power^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk (Yes/No)? The operation completed successfully.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundContainer (Yes/No)? The operation completed successfully.

========= End of Reg: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {75547792-796C-48EB-BD7F-1C94F30D1319}.

0 out of 1 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state off =========

Ok.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

EmptyTemp: => 587.4 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 22:10:43 ====

#5
Bruce1270

Posted 03 August 2015 - 01:11 PM

Trusted Helper

Malware Removal
1,714 posts

Hi Smart1dumby

I honestly haven't been far off completely reformatting the computer for a while

Should be no need and we'll have this cleaned up for you!

Good progress so far. Here are the next steps.

Step1 - Junkware Removal Tool

Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.

Step2 - Run adwCleaner

Download AdwCleaner from here to the Desktop

Close all open windows and browsers
Double click the Adwcleaner icon to execute the program
When the Tool opens for the first time accept the Terms of use
Click the Scan button and wait for the program to finish.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open
Please copy/paste the generated log to your next reply.

Things for your next post.

JRT.txt
AdwCleaner[S*].txt
How is your computer running now?

Thanks

#6
smart1dumby

Posted 04 August 2015 - 06:46 AM

New Member

Topic Starter
Member
3 posts

Hey, all going good I think computer booted a bit slower after running the JRT but apart from that good c: I have had a problem though before this that I didnt include absent minded I guess and that's that the jump bar, the menu that pops up when you press the start button, usually has recent places and favourites on the left side these aren't appearing do you have any idea why this may be? thanks

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.5.4 (07.27.2015:1)

OS: Windows 7 Home Premium x64

Ran by power on Tue 04/08/2015 at 20:19:20.29

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2504091

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\windowsmangerprotect

~~~ Files

Successfully disinfected: [Shortcut] C:\Users\power\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Successfully disinfected: [Shortcut] C:\Users\power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\apn

Successfully deleted: [Folder] C:\ProgramData\esafe

Successfully deleted: [Folder] C:\ProgramData\google

Successfully deleted: [Folder] C:\ProgramData\pc drivers headquarters

Successfully deleted: [Folder] C:\Users\power\Appdata\Local\conduit

Successfully deleted: [Folder] C:\Users\power\Appdata\Local\genienext

Successfully deleted: [Folder] C:\Users\power\Appdata\Local\mobogenie

Successfully deleted: [Folder] C:\Users\power\Appdata\LocalLow\conduit

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\babylon

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\free ride games

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\newnext.me

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\nico mak computing

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\pccustubinstaller

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\picexa viewer

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\systweak

Successfully deleted: [Folder] C:\Users\power\AppData\Roaming\TorrentStream

~~~ FireFox

Successfully deleted: [File] C:\Users\power\AppData\Roaming\mozilla\firefox\profiles\uzf0yzm3.default-1393296102913\invalidprefs.js

Successfully deleted: [File] C:\Users\power\AppData\Roaming\mozilla\firefox\profiles\uzf0yzm3.default-1393296102913\searchplugins\yahoo_ff.xml

Successfully deleted the following from C:\Users\power\AppData\Roaming\mozilla\firefox\profiles\uzf0yzm3.default-1393296102913\prefs.js

user_pref(browser.newtab.url, chrome://quick_start/content/index.html);

user_pref(extensions.quick_start.enable_search1, false);

user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);

Emptied folder: C:\Users\power\AppData\Roaming\mozilla\firefox\profiles\uzf0yzm3.default-1393296102913\minidumps [30 files]

~~~ Chrome

[C:\Users\power\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\power\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\power\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\power\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 04/08/2015 at 20:30:24.20

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW:

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 20:42:05

# Updated 09/07/2015 by Xplode

# Database : 2015-08-01.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : power - POWER-PC

# Running from : C:\Users\power\Desktop\AdwCleaner.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\windows\SysWOW64\SearchProtect

Folder Deleted : C:\Users\Dana\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Dana\AppData\LocalLow\Doko-Toolbar

Folder Deleted : C:\Users\Dana\AppData\LocalLow\mixidj

Folder Deleted : C:\Users\Dana\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Dana\AppData\LocalLow\Vuze_Remote

Folder Deleted : C:\Users\power\AppData\LocalLow\Doko-Toolbar

Folder Deleted : C:\Users\power\AppData\LocalLow\mixidj

Folder Deleted : C:\Users\power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender

File Deleted : C:\Users\power\AppData\Roaming\Mozilla\Firefox\Profiles\uzf0yzm3.default-1393296102913\Extensions\[email protected]

File Deleted : C:\windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf

File Deleted : C:\windows\System32\drivers\wStLib64.sys

File Deleted : C:\Users\Dana\daemonprocess.txt

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\power\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Tor Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKCU\Software\Mozilla\Extends

Key Deleted : HKCU\Software\e578a8bb46ae515

Key Deleted : HKLM\SOFTWARE\e578a8bb46ae515

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2FB0546-72C8-4BAC-BE38-7AE9141C89A7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6671BAF3-8048-4844-A682-AE2856B54983}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\BABSOLUTION

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Doko-Toolbar

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Search Extensions

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\SearchProtectWS

Key Deleted : HKCU\Software\Vuze_Remote

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\BetterMarkIt

Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\delta-homesSoftware

Key Deleted : HKLM\SOFTWARE\Doko-Toolbar

Key Deleted : HKLM\SOFTWARE\eSafeSecControl

Key Deleted : HKLM\SOFTWARE\hdcode

Key Deleted : HKLM\SOFTWARE\ImInstaller

Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : HKLM\SOFTWARE\InstallIQ

Key Deleted : HKLM\SOFTWARE\qvo6Software

Key Deleted : HKLM\SOFTWARE\sweet-pageSoftware

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\WebConnect

Key Deleted : HKLM\SOFTWARE\PicexaSvc

Key Deleted : HKLM\SOFTWARE\Vuze_Remote

Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

-\\ Mozilla Firefox v

-\\ Google Chrome v44.0.2403.125

*************************

AdwCleaner[R0].txt - [6104 bytes] - [04/08/2015 20:39:01]

AdwCleaner[S0].txt - [5322 bytes] - [04/08/2015 20:42:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5381 bytes] ##########

Edited by smart1dumby, 04 August 2015 - 06:49 AM.

#7
Bruce1270

Posted 04 August 2015 - 02:26 PM

Trusted Helper

Malware Removal
1,714 posts

Hi Smart1Dumby

the menu that pops up when you press the start button, usually has recent places and favourites on the left side these aren't appearing do you have any idea why this may be?

Try this.

Right click anywhere on the taskbar (bottom of the screen)
From the menu choose properties.
A pop up dialog box will appear.
Click on the tab called Start Menu.
Under the privacy section ensure that both store and display recently opened programs in the start menu and store and display recently opened items in the start menu are both ticked.
Click OK.
Open up a program and see if this now displays in your list.

Here are the next steps for you. Making good progress.

Step1 - Malwarebytes Scan

Please download Malwarebytes' Anti-Malware from Here or Here
Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later :
If an update is found, it will download and install the latest updates automatically:
Now select the Settings tab, and check the box next to Scan for rootkits:
Go back to the Dashboard tab, and click the Scan Now button:
The scan may take some time to finish,so please be patient.
When the scan is complete, it will show you the results. (This one is clean):
Make sure that everything is checked, and click Quarantine All (or similar).
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
Choose the latest Scan Log, and click on the View button:
In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

Step2 - ESET online scan

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
Please go here then click on .
You will however need to disable your current installed Anti-Virus, how to do so can be read here. If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow Add-On/Active X to install.
Make sure Enable detection of potentially unwanted applications is selected.
Click the Advanced Settings link.
Make sure Remove found threats is NOT checked.
Make sure Scan archives IS checked.
Make sure Scan for potentially unsafe applications IS checked.
Make sure Enable Anti-Stealth technology IS checked
Now click on Start.
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files(x86)\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things for your next post:
MBAM log
ESET log.txt
How's the computer running now?

Thanks

#8
Bruce1270

Posted 07 August 2015 - 12:55 PM

Trusted Helper

Malware Removal
1,714 posts

Hi Smart1dumby

Haven't heard for a few days. Have you been able to carry out my last instructions?

Thanks

#9
Essexboy

Posted 09 August 2015 - 04:12 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.