Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ads keep popping up, Internet keeps slowing down. Windows 8.1


  • This topic is locked This topic is locked

#1
Mike17

Mike17

    New Member

  • Member
  • Pip
  • 6 posts

Okay so I got this laptop off a friend a while ago, and so far It has been playing real smooth. I could browse the internet, play online games, etc. and have no problems. Then firefox would get spammed with ads whenever I clicked anything, and it would get so many it would freeze up. I moved to google chrome and now it's doing the same thing. Anytime I click something quite a few ads come up, sometimes freezing the browser. And I noticed above the webpage a video will load up thats complete spam, and the website will be shown below it as if the video isn't even part of the website. I used Malwarebytes Anti-Malware and it said I had 40 infected files, I cleaned them, and ran it again, but nothing has changed. I been playing Freestyle street basketball 2 which is a low requirement game and it been running very smooth, but now it keeps freezing and my internet keeps slowing down like it's occupied elsewhere when I know this shouldn't be the case because I got Suddenlink's highspeed internet. Not really sure what else you need to know I'm new to this, but if I missed something please let me know and I will post it!

 

I'm using windows 8.1 and it's an HP.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by User (administrator) on HP (05-12-2015 11:50:25)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Scarlet.Crush Productions) C:\Users\User\Desktop\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\utorrent.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41035\utorrentie.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41035\utorrentie.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41035\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-03] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [DeskBar] => C:\Users\User\AppData\Local\DeskBar\DeskBar.exe
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AIM for Windows] => "C:\Users\User\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {498cce3f-4c17-11e5-82bf-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {6e512137-0268-11e5-82ab-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {c8d770fe-ce3f-11e4-8265-a01d48d64a58} - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {d81fc01b-ce91-11e4-8267-a01d48d64a58} - "G:\Madden08.exe" 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{6EDA1753-79CC-43F6-BA8C-A5AFEB1C0434}: [DhcpNameServer] 40.20.1.201 40.20.1.202
Tcpip\..\Interfaces\{9541A430-35BF-4D11-82A3-E98187E9A727}: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.avg.com/?cid=%7BF01979C8-19C3-4814-874F-B83DF32AC760%7D&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10%2020:40:45&v=18.5.0.909&pid=safeguard&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={F01979C8-19C3-4814-874F-B83DF32AC760}&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10 20:40:45&v=15.3.0.10&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL: 
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default\user.js [2015-05-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-03-20]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (Poker Status) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelablainldddlehlmfkoaomafmnfnl [2015-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0247771426341785mcinstcleanup; C:\Windows\TEMP\024777~1.EXE [834664 2013-07-13] (McAfee, Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
R2 Ds3Service; C:\Users\User\Desktop\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-05-21] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-03-20] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-05-21] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 11:50 - 2015-12-05 11:50 - 00022827 _____ C:\Users\User\Desktop\FRST.txt
2015-12-05 11:50 - 2015-12-05 11:50 - 00000000 ____D C:\FRST
2015-12-05 11:48 - 2015-12-05 11:48 - 02369024 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-12-05 09:51 - 2015-12-05 09:53 - 00000000 ____D C:\Users\User\Downloads\The Weeknd - Beauty Behind the Madness (Explicit) 2015 {MP3 Album}~{VBUc}
2015-12-05 00:50 - 2015-12-05 11:19 - 00000000 ____D C:\Users\User\Documents\Madden NFL 08
2015-12-05 00:45 - 2015-12-05 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
2015-12-05 00:42 - 2015-02-01 15:55 - 00000000 ____D C:\Users\User\Desktop\FF-FI XV 2.0 Full
2015-12-05 00:41 - 2015-12-05 00:41 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2015-12-05 00:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-12-05 00:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-12-05 00:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-12-05 00:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-12-05 00:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-12-05 00:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-12-05 00:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-12-05 00:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-12-05 00:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-12-05 00:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-12-05 00:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-12-05 00:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-12-05 00:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-12-05 00:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-12-05 00:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-12-05 00:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-12-05 00:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-12-05 00:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-12-05 00:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-12-05 00:37 - 2015-12-05 00:41 - 588836654 _____ C:\Users\User\Downloads\FF-FI XV 2.0 Full.rar
2015-12-05 00:25 - 2015-12-05 00:36 - 00000000 ____D C:\Users\User\Downloads\Madden.NFL.08
2015-12-04 22:34 - 2015-12-04 22:34 - 00199212 _____ C:\Users\User\Desktop\ClientLoader.jar
2015-12-04 18:18 - 2015-12-04 18:18 - 00000000 ____D C:\Users\User\AppData\Local\BANDAI NAMCO Games
2015-12-04 18:10 - 2015-12-04 18:10 - 00000000 ____D C:\Users\User\AppData\Local\Steam
2015-12-04 18:10 - 2015-12-04 18:10 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2015-12-04 18:03 - 2015-12-04 22:29 - 00000936 _____ C:\Users\Public\Desktop\Steam.lnk
2015-12-04 18:03 - 2015-12-04 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-04 18:02 - 2015-12-04 22:52 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-04 18:02 - 2015-12-04 18:02 - 01476720 _____ C:\Users\User\Downloads\SteamSetup.exe
2015-12-04 18:02 - 2015-12-04 18:02 - 01476720 _____ C:\Users\User\Downloads\SteamSetup (1).exe
2015-12-04 17:57 - 2015-12-04 17:58 - 00961254 _____ C:\Users\User\Downloads\ali213-tales.of.zestirias.crack.only.zip
2015-12-04 17:56 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-12-04 17:56 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-12-04 17:27 - 2015-12-04 17:27 - 00000000 ____D C:\Users\User\Downloads\Tales.of.Zestiria.Inclu.DLC
2015-12-04 16:43 - 2015-12-04 17:25 - 3425665492 _____ C:\Users\User\Downloads\Tales.of.Zestiria.Inclu.DLC.zip
2015-12-04 15:28 - 2015-12-05 11:39 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 11:50 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-05 11:49 - 2015-03-16 12:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-05 11:49 - 2015-03-14 14:59 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-12-05 11:39 - 2015-06-07 02:18 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 11:09 - 2015-04-06 01:21 - 00001008 _____ C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job
2015-12-05 10:09 - 2015-03-14 19:04 - 00000000 ____D C:\Users\User\AppData\Roaming\foobar2000
2015-12-05 09:49 - 2015-03-14 09:02 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA2EE3F2-BB96-4C6B-A1C0-040BBF27F82F}
2015-12-05 01:09 - 2015-04-06 00:09 - 00001338 _____ C:\Windows\Tasks\QJNFZ.job
2015-12-05 00:50 - 2015-03-14 09:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1819164317-4010897610-528679445-1001
2015-12-04 22:33 - 2013-08-26 01:09 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-04 22:33 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2015-12-04 22:30 - 2015-08-09 01:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 22:30 - 2015-03-14 09:02 - 00001425 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-04 22:29 - 2015-09-23 17:56 - 00000796 _____ C:\Users\Public\Desktop\Mass Effect.lnk
2015-12-04 22:29 - 2015-09-07 19:22 - 00001875 _____ C:\Users\Public\Desktop\Grandia II Anniversary Edition.lnk
2015-12-04 22:29 - 2015-08-12 17:48 - 00001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Borderlands The Pre-Sequel.lnk
2015-12-04 22:29 - 2015-08-10 22:14 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII.lnk
2015-12-04 22:29 - 2015-08-10 22:14 - 00000896 _____ C:\Users\Public\Desktop\Final Fantasy XIII.lnk
2015-12-04 22:29 - 2015-08-09 01:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-04 22:29 - 2015-08-03 20:37 - 00000581 _____ C:\Users\Public\Desktop\FreeStyle2.lnk
2015-12-04 22:29 - 2015-06-30 11:14 - 00001844 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-12-04 22:29 - 2015-06-12 08:28 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2015-12-04 22:29 - 2015-06-03 12:04 - 00001154 _____ C:\Users\Public\Desktop\Game Dev Tycoon.lnk
2015-12-04 22:29 - 2015-05-30 23:52 - 00001918 _____ C:\Users\Public\Desktop\The Legend of Heroes - Trails in the Sky.lnk
2015-12-04 22:29 - 2015-03-30 21:07 - 00001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-04 22:29 - 2015-03-14 19:04 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-12-04 22:29 - 2013-09-05 22:30 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Connected Music.lnk
2015-12-04 22:29 - 2013-09-05 22:27 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-04 22:29 - 2013-09-05 22:27 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-04 22:29 - 2013-09-05 22:23 - 00001974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-12-04 22:28 - 2015-09-28 22:51 - 00001141 _____ C:\Users\User\Desktop\NBA 2K14.lnk
2015-12-04 22:28 - 2015-09-21 19:55 - 00001408 _____ C:\Users\User\Desktop\Fallout New Vegas - Ultimate Edition.lnk
2015-12-04 22:28 - 2015-09-13 15:43 - 00001188 _____ C:\Users\User\Desktop\Tomb Raider.lnk
2015-12-04 22:28 - 2015-09-12 17:29 - 00001419 _____ C:\Users\User\Desktop\Annihilus Launcher.lnk
2015-12-04 22:28 - 2015-09-08 21:44 - 00000881 _____ C:\Users\User\Desktop\FINAL FANTASY TYPE 0 HD.lnk
2015-12-04 22:28 - 2015-09-07 16:43 - 00002660 _____ C:\Users\User\Desktop\µTorrent.lnk
2015-12-04 22:28 - 2015-06-13 05:36 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2015-12-04 22:28 - 2015-03-14 09:02 - 00000901 _____ C:\Users\User\Desktop\Downloads.lnk
2015-12-04 22:27 - 2015-06-07 02:18 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 22:26 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 22:25 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager
2015-12-04 22:25 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-04 22:23 - 2015-04-10 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-04 22:22 - 2015-05-22 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2015-12-04 21:57 - 2015-08-09 01:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-04 21:57 - 2015-08-09 01:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-04 21:09 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 21:09 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-04 17:56 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-04 15:49 - 2015-03-16 12:53 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-04 15:34 - 2015-06-07 02:18 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 15:34 - 2015-06-07 02:18 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-05-10 19:40 - 2015-05-10 19:40 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\User\AppData\Roaming\QJNFZ
2015-04-02 07:22 - 2015-04-02 07:22 - 0000000 _____ () C:\Users\User\AppData\Roaming\Stardockfences_debug_snapshot.dat
2015-03-20 20:09 - 2015-03-26 00:52 - 0000121 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-03-31 03:14 - 2015-03-31 03:14 - 0004387 _____ () C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC
2015-03-22 09:52 - 2015-03-22 09:52 - 0000010 _____ () C:\Users\User\AppData\Local\DSI.DAT
2015-05-22 23:59 - 2015-07-31 19:46 - 0000113 _____ () C:\Users\User\AppData\Local\TempDiskpartScript.txt
 
Files to move or delete:
====================
C:\Users\User\ent_ikov_preferences.dat
 
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\208063B2-958E-4A55-DB72-4893F40DF2C7.dll
C:\Users\User\AppData\Local\Temp\208063B2-958E-4A55-DB72-4893F40DF2C7.exe
C:\Users\User\AppData\Local\Temp\7354E2F9-6D0F-4D86-5D76-F5CD0A0FFDBD.exe
C:\Users\User\AppData\Local\Temp\7za.exe
C:\Users\User\AppData\Local\Temp\AutoRun.exe
C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\User\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\User\AppData\Local\Temp\CloudBackup5772.exe
C:\Users\User\AppData\Local\Temp\cw.exe
C:\Users\User\AppData\Local\Temp\d2l_Install.exe
C:\Users\User\AppData\Local\Temp\d2l_PlayD2.exe
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\dsetup32.dll
C:\Users\User\AppData\Local\Temp\DXSETUP.exe
C:\Users\User\AppData\Local\Temp\EAD41AF.exe
C:\Users\User\AppData\Local\Temp\EAD4739.exe
C:\Users\User\AppData\Local\Temp\EAD6D14.exe
C:\Users\User\AppData\Local\Temp\EAD7133.exe
C:\Users\User\AppData\Local\Temp\EAD8D08.exe
C:\Users\User\AppData\Local\Temp\EAD97A7.exe
C:\Users\User\AppData\Local\Temp\EADA840.exe
C:\Users\User\AppData\Local\Temp\EADA9F2.exe
C:\Users\User\AppData\Local\Temp\EADBE98.exe
C:\Users\User\AppData\Local\Temp\EADC82D.exe
C:\Users\User\AppData\Local\Temp\EADCFB5.exe
C:\Users\User\AppData\Local\Temp\EAInstall.dll
C:\Users\User\AppData\Local\Temp\eauninstall.exe
C:\Users\User\AppData\Local\Temp\fd585b8e864cc41e70aa800112186ec8.dll
C:\Users\User\AppData\Local\Temp\fe27ea5f467734672da2354c795be130.dll
C:\Users\User\AppData\Local\Temp\madden_inst.exe
C:\Users\User\AppData\Local\Temp\OnlineBackup.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\ose00002.exe
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\Setup_2004.exe
C:\Users\User\AppData\Local\Temp\SRLDetectionLibrary3689128622239520489.dll
C:\Users\User\AppData\Local\Temp\unins000.exe
C:\Users\User\AppData\Local\Temp\UninstallEADM.dll
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-04 17:53
 
==================== End of FRST.txt ============================
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by User (2015-12-05 11:51:14)
Running from C:\Users\User\Desktop
Windows 8.1 (X64) (2015-03-14 14:01:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1819164317-4010897610-528679445-500 - Administrator - Disabled)
Guest (S-1-5-21-1819164317-4010897610-528679445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1819164317-4010897610-528679445-1003 - Limited - Enabled)
User (S-1-5-21-1819164317-4010897610-528679445-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\uTorrent) (Version: 3.4.5.41035 - BitTorrent Inc.)
1 Media Player version 1.7.8 (HKLM-x32\...\{6C566E3B-CBFB-4A3C-A8B6-88EA54DE7CA9}_is1) (Version: 1.7.8 - OneFloorApp Ltd.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Black Chocobo (HKLM-x32\...\Black_Chocobo) (Version:  - )
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
EA SPORTS online 2008 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fairy Fencer F (HKLM-x32\...\Fairy Fencer F_is1) (Version:  - )
Fallout New Vegas - Ultimate Edition (HKLM-x32\...\Fallout New Vegas - Ultimate Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
FF7Music (HKLM\...\FF7Music) (Version:  - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
Final Fantasy IV (HKLM-x32\...\Final Fantasy IV_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
FINAL FANTASY TYPE 0 HD (HKLM-x32\...\FINAL FANTASY TYPE 0 HD_is1) (Version:  - )
FINAL FANTASY VII (HKLM-x32\...\{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1) (Version: 1.0 - Square Enix)
Final Fantasy XIII (HKLM-x32\...\RmluYWxGYW50YXN5WElJSQ==_is1) (Version: 1 - )
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
FreeStyle2 (HKLM-x32\...\{67E8ED8C-0318-4F6B-BE6F-FC042EE9BD15}) (Version: 1.02.0000 - Joycity)
Game Dev Tycoon v1.5.11 (2014) (HKLM-x32\...\Game Dev Tycoon v1.5.11 (2014)1.5.11) (Version: 1.5.11 - Friends in War)
Game Dev Tycoon version 1.5.11 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.11 - Greenheart Games Pty. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grandia II Anniversary Edition (HKLM-x32\...\1435140754_is1) (Version: 2.0.0.3 - GOG.com)
Grisaia Font Installer version 1 (HKLM-x32\...\Grisaia Font Installer_is1) (Version: 1 - )
Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
LAV Filters 0.65 (HKLM-x32\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version:  - Electronic Arts)
MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{20DEB77C-21D6-4D22-BB47-233E47613D57}) (Version: 1.1.0322 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Kakao Corp.)
PSXMemTool 1.20b (remove only) (HKLM-x32\...\PSXMemTool) (Version:  - )
Real Kanojo (HKLM-x32\...\{58ABF83F-C5EA-4C21-A1D8-A0AF1E4D026C}_is1) (Version: 1.0.0.0 - randompirate @ TPB)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SCHOOLDAYS HQ (HKLM-x32\...\SCHOOLDAYS HQ) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C5625747-F029-4127-BB29-4E918A0105D8}) (Version: 6.1.6.0 - Husdawg, LLC)
The Legend of Heroes - Trails in the Sky (HKLM-x32\...\1207665083_is1) (Version: 2.0.0.2 - GOG.com)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Tomb Raider (HKLM-x32\...\Tomb Raider_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Viva Pinata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios:)
VLC Media Player 2.1.5 Final (HKLM-x32\...\VLC Media Player 2.1.5 Final) (Version:  - )
Way of the Samurai 4 (HKLM-x32\...\Way of the Samurai 4_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 10.0.0 - Inmatrix LTD)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-10-2015 13:20:31 Scheduled Checkpoint
30-10-2015 06:17:25 Scheduled Checkpoint
04-12-2015 17:53:35 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-08-13 15:15 - 00002291 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
 
There are 48 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {243FC6FB-DA46-46E9-8A9D-3B887AADBD7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {263343B5-D9A1-4487-8341-2B79AA5E742F} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {31DF5A1A-93EE-4235-A060-DFB40A9F9072} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe <==== ATTENTION
Task: {3A9E3F37-80F4-42D4-A3E6-E30B01C88CBC} - System32\Tasks\QJNFZ => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {44EDDB37-3DE1-4AB9-B7E1-50A14FAA612D} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {4E6AEC89-1052-47AB-9C9C-B60C5D7F4AE3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {53C5C98E-4321-41D9-A1A6-99C9F5F2CAF5} - System32\Tasks\WCKWKBCMYC => C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5\467e8f03c4a04721aa58bd9681d15af5.exe <==== ATTENTION
Task: {5889646F-9482-48C8-B77B-5813CC0704D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {5A7A7455-386A-4F95-AA74-D2E2DE76C5E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {656CDEAE-4290-4DC0-8A62-B9E2C8DA5D11} - System32\Tasks\wS36FQNEHgSN9J2IC => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
Task: {7B493694-2B58-4250-B223-C155AA8663E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-04] (Adobe Systems Incorporated)
Task: {8F9D0A83-347E-445D-A3B8-D3C094CBE5FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {95B45C8B-C09C-4458-91DD-C9782440B325} - \SMWUpd -> No File <==== ATTENTION
Task: {97362E58-F55C-41F5-A01E-32F18209A5BB} - \SPDriver -> No File <==== ATTENTION
Task: {9F5C2421-026A-4681-876E-9A7764A565DD} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {A091371A-5776-4F97-B151-3B8892CCECF6} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-10_user -> No File <==== ATTENTION
Task: {A0FD59E2-2723-44B3-BBE2-E54BA0826296} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {AC984DE2-AB48-466F-B147-C4E17ADDE236} - \SPBIW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: {C537D4DF-E5A0-41EE-BAAE-A87FE0E79935} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-1-7 -> No File <==== ATTENTION
Task: {C82517A4-7D3F-4C24-B83C-6B4A2CA66EC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {CA6B1696-F5DF-4E92-8096-A3AAFE1E255D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {CE835B64-FE82-4BAE-9347-6B9AAF60AE1B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D8ED3C47-A76A-4893-8726-AFDB05560AFD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E31B058C-3557-4795-8FEA-3AEF1869957A} - \ShopperPro -> No File <==== ATTENTION
Task: {E6489B51-2EF3-4F07-917B-C7882E74FBFD} - System32\Tasks\{8055EAE2-E840-48EF-9793-CBE2BF9E7334} => pcalua.exe -a "C:\Overflow\SCHOOLDAYS HQ\SCHOOLDAYS HQ.exe" -d "C:\Overflow\SCHOOLDAYS HQ"
Task: {EB2BE4AE-F77D-44CE-B4A1-7558A7302182} - \SMW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: {F2279521-BC6D-4F54-848C-5DA5A3B91B21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII\FF7 OpenGL Config File.lnk -> C:\Program Files (x86)\Square Enix\FINAL FANTASY VII\OpenGLconfig.bat (No File) <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-08-23 03:08 - 2013-08-23 03:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-08-23 03:13 - 2013-08-23 03:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-08-23 03:09 - 2013-08-23 03:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-08-23 03:12 - 2013-08-23 03:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-05 23:30 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 23:10 - 2013-08-09 07:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-20 21:11 - 2015-03-20 20:59 - 00107520 ____R () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\ws_Atlantica_Online_Game_2560x1600.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AAF49C53-353E-4E4D-AD34-0E9F72C21687}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F153C1C2-A6CD-4342-9447-DE30FD45BC01}] => (Allow) LPort=2869
FirewallRules: [{A73D159F-7666-45D0-B858-E77BE7A01E0E}] => (Allow) LPort=1900
FirewallRules: [{01B5EFDA-F355-432B-9D1D-3D6ECF272273}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{81CA1FA1-DA64-4BD7-AB59-C5C9D339A760}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F22E2671-FC7F-4DF9-A5E5-2DEED8114EEF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6D6319E2-8DE0-4437-B4AA-BA83E6F48C55}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{7B8B94A8-7C24-4B24-84C7-55709EC52CC2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{71747173-9353-4D98-BB0F-E9D5FC64F4DE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{09696DC4-92BA-4C45-9DD6-12BD1ABA837D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0F41DF53-B690-476D-A766-F836E9183B5B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4066356D-C37E-4880-AF80-946A3D2E193C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{791CF8CD-AFB4-4119-9ED3-51CE61165A43}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C030036E-A825-4D64-B112-7C32CCD52003}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{ED8D57DC-B620-4379-9CB5-C54CF097088E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7B239F45-68B5-4266-B70B-DE83ED0FA885}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B859BC76-9F68-4F63-BD13-F908E82049BF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7486DA3F-2F49-4FD0-B4BF-018F58BC8621}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EC655D57-9D98-48BE-80A7-5A6AF200796D}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{EE00E569-92D1-4534-8CAA-9E9C4AB2125D}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{7C07EB9B-F487-4976-AD4F-9D356C69F511}] => (Allow) C:\Users\User\AppData\Local\Temp\nsm2E3E.tmp\CnetInstaller-10620931.exe
FirewallRules: [{905C22A9-AF28-4155-8E91-34B922EDA1D4}] => (Allow) C:\Users\User\AppData\Local\Temp\nsm2E3E.tmp\CnetInstaller-10620931.exe
FirewallRules: [TCP Query User{396A4AF9-3C1A-4624-B4C8-D418624B60A0}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{DA67383B-6300-4973-97F4-232EBEEB91F0}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{036F52EE-0CF0-4645-8961-C24083217EC8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{67D89F84-0827-41CB-AD42-66B3C48953BE}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{6110A5A4-FBC5-4AA8-A86E-EB86BB394F7B}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{EC5D3919-6352-4216-AD4A-816965F53A06}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{688BBB51-EFA0-49E4-9F3C-40439008021D}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EFE49864-2DAE-400A-B763-2B69B0F7813F}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{901E93C3-358E-453E-9EDD-488048880E7B}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{87CA11D8-8589-4353-987C-005E845BE573}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{37D72506-1AE4-4A05-ADC2-4C6AC763BECB}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{733A6838-E761-4175-A5A7-3857EE23019A}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{7EF10272-91C6-408E-B70A-DA910BF71517}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{051B6CDD-41B0-4CD2-93D1-E936D3F4CBAE}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{ECCC08BA-B110-44A7-B6F1-4ACC49893B39}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{035E0A5A-8187-4525-8F1F-C21A59E84149}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{BCFFBBD3-CC7E-4293-91AD-941018EC13CB}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{0597C00C-5B29-4E32-854E-AD0878D240A2}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA7F471B-E7EC-4466-B249-81866ED5B083}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E5F7058-524D-4C40-9167-A3475033D8AD}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3920D332-B1D3-45C0-9261-7905C476B2BC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6E36A9C-A6A8-4983-B4F0-8A0DDAADD58E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D5719D4A-CB3D-4551-A011-0D063C6128FB}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{038B64AE-041D-4AC7-AB8B-EE98A1B4A76D}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [UDP Query User{E2C7577A-E6C0-464B-90A6-5D1CC36FB7CF}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [{B1AE1EE2-B0CC-416A-8FF7-F7F6A1DFF371}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{8CC3D97B-2C30-454B-B243-66ADF51998E1}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{B545D465-0D68-4656-98D2-67201A3B9DF7}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{799C0307-5B6C-48A5-9521-FEF997C99494}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{4B5DE9F6-E0E3-464E-92ED-7F11A90022CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{D837D76E-5886-4A88-BFFE-9D988E6BC5A1}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{32025F12-D4E3-4BA1-A64D-3E1DD90ABC74}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{6C783C03-FC89-4B78-BC5D-0964B6F554D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB38F287-7BC1-41EA-8E44-2B376E72C73A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FC2D7C9-3275-4D9D-B7C7-AD11C33A449A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D331AD93-3E41-4126-AF69-C89E37FB7A50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{56472C60-3FE0-40F5-9E41-96D46B83816C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/05/2015 11:22:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x870
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/05/2015 11:09:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/04/2015 10:56:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x13d0
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/04/2015 10:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 024777~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x62c
Faulting application start time: 0x024777~1.EXE0
Faulting application path: 024777~1.EXE1
Faulting module path: 024777~1.EXE2
Report Id: 024777~1.EXE3
Faulting package full name: 024777~1.EXE4
Faulting package-relative application ID: 024777~1.EXE5
 
Error: (12/04/2015 09:25:26 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (12/04/2015 09:22:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0xd20
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/04/2015 07:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x1f0c
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/04/2015 06:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tales of Zestiria.exe, version: 0.0.0.0, time stamp: 0x5624c709
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000409
Fault offset: 0x00019fa4
Faulting process id: 0x834
Faulting application start time: 0xTales of Zestiria.exe0
Faulting application path: Tales of Zestiria.exe1
Faulting module path: Tales of Zestiria.exe2
Report Id: Tales of Zestiria.exe3
Faulting package full name: Tales of Zestiria.exe4
Faulting package-relative application ID: Tales of Zestiria.exe5
 
Error: (12/04/2015 03:51:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x5b0
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/04/2015 03:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x7c4
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
 
System errors:
=============
Error: (12/04/2015 10:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0247771426341785) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/04/2015 10:26:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%2
 
Error: (12/04/2015 10:26:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error: 
%%2
 
Error: (12/04/2015 06:12:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
 
Error: (12/04/2015 06:12:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
 
Error: (12/04/2015 06:11:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
 
Error: (12/04/2015 06:11:03 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (12/04/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (12/04/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (12/04/2015 05:53:45 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
CodeIntegrity:
===================================
  Date: 2015-12-04 22:34:43.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:34:43.553
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:34:43.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:34:42.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:32:06.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:32:06.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:54.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:54.237
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:53.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:53.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 6059.57 MB
Available physical RAM: 3904.62 MB
Total Virtual: 7019.57 MB
Available Virtual: 4943.27 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:676.79 GB) (Free:192.01 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.07 GB) (Free:2.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Sims3EP07) (CDROM) (Total:3.32 GB) (Free:0 GB) UDF
Drive g: (MADDEN_NFL_08) (CDROM) (Total:2.11 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 24E7A700)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Please help me out :( Thanks!

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


I need to review, from a quick glance quite a bit of adware. I'll be with you as soon as possible.

Joe
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
I have noticed in your log file you are using UTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

2015-12-04 17:57 - 2015-12-04 17:58 - 00961254 _____ C:\Users\User\Downloads\ali213-tales.of.zestirias.crack.only.zip


Also I can't help with signs of cracked / illegal software / programs, remove it. Then we can continue. Perhaps these are left overs from your friend.

Joe
  • 0

#4
Mike17

Mike17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Yeah sorry I'm not even 100% on whats all on here, and I don't want any illegal stuff on here so I will remove it asap! Heres the logs if anything else is out of place please let me know!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by User (administrator) on HP (05-12-2015 14:00:49)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Scarlet.Crush Productions) C:\Users\User\Desktop\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-03] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [DeskBar] => C:\Users\User\AppData\Local\DeskBar\DeskBar.exe
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AIM for Windows] => "C:\Users\User\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {498cce3f-4c17-11e5-82bf-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {6e512137-0268-11e5-82ab-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {c8d770fe-ce3f-11e4-8265-a01d48d64a58} - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {d81fc01b-ce91-11e4-8267-a01d48d64a58} - "G:\Madden08.exe" 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{6EDA1753-79CC-43F6-BA8C-A5AFEB1C0434}: [DhcpNameServer] 40.20.1.201 40.20.1.202
Tcpip\..\Interfaces\{9541A430-35BF-4D11-82A3-E98187E9A727}: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.avg.com/?cid=%7BF01979C8-19C3-4814-874F-B83DF32AC760%7D&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10%2020:40:45&v=18.5.0.909&pid=safeguard&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={F01979C8-19C3-4814-874F-B83DF32AC760}&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10 20:40:45&v=15.3.0.10&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL: 
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default\user.js [2015-05-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-03-20]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (Poker Status) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelablainldddlehlmfkoaomafmnfnl [2015-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0247771426341785mcinstcleanup; C:\Windows\TEMP\024777~1.EXE [834664 2013-07-13] (McAfee, Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
R2 Ds3Service; C:\Users\User\Desktop\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-05-21] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-03-20] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-05-21] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 11:50 - 2015-12-05 14:00 - 00022591 _____ C:\Users\User\Desktop\FRST.txt
2015-12-05 11:50 - 2015-12-05 14:00 - 00000000 ____D C:\FRST
2015-12-05 11:48 - 2015-12-05 11:48 - 02369024 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-12-05 09:51 - 2015-12-05 09:53 - 00000000 ____D C:\Users\User\Downloads\The Weeknd - Beauty Behind the Madness (Explicit) 2015 {MP3 Album}~{VBUc}
2015-12-05 00:50 - 2015-12-05 11:19 - 00000000 ____D C:\Users\User\Documents\Madden NFL 08
2015-12-05 00:45 - 2015-12-05 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
2015-12-05 00:42 - 2015-02-01 15:55 - 00000000 ____D C:\Users\User\Desktop\FF-FI XV 2.0 Full
2015-12-05 00:41 - 2015-12-05 00:41 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2015-12-05 00:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-12-05 00:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-12-05 00:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-12-05 00:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-12-05 00:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-12-05 00:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-12-05 00:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-12-05 00:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-12-05 00:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-12-05 00:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-12-05 00:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-12-05 00:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-12-05 00:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-12-05 00:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-12-05 00:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-12-05 00:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-12-05 00:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-12-05 00:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-12-05 00:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-12-05 00:37 - 2015-12-05 00:41 - 588836654 _____ C:\Users\User\Downloads\FF-FI XV 2.0 Full.rar
2015-12-05 00:25 - 2015-12-05 00:36 - 00000000 ____D C:\Users\User\Downloads\Madden.NFL.08
2015-12-04 22:34 - 2015-12-04 22:34 - 00199212 _____ C:\Users\User\Desktop\ClientLoader.jar
2015-12-04 18:18 - 2015-12-04 18:18 - 00000000 ____D C:\Users\User\AppData\Local\BANDAI NAMCO Games
2015-12-04 18:10 - 2015-12-04 18:10 - 00000000 ____D C:\Users\User\AppData\Local\Steam
2015-12-04 18:10 - 2015-12-04 18:10 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2015-12-04 18:03 - 2015-12-04 22:29 - 00000936 _____ C:\Users\Public\Desktop\Steam.lnk
2015-12-04 18:03 - 2015-12-04 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-04 18:02 - 2015-12-04 22:52 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-04 18:02 - 2015-12-04 18:02 - 01476720 _____ C:\Users\User\Downloads\SteamSetup.exe
2015-12-04 18:02 - 2015-12-04 18:02 - 01476720 _____ C:\Users\User\Downloads\SteamSetup (1).exe
2015-12-04 17:56 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-12-04 17:56 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-12-04 17:27 - 2015-12-04 17:27 - 00000000 ____D C:\Users\User\Downloads\Tales.of.Zestiria.Inclu.DLC
2015-12-04 15:28 - 2015-12-05 12:07 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 13:54 - 2015-03-14 14:59 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-12-05 13:49 - 2015-03-16 12:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-05 13:39 - 2015-06-07 02:18 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 12:41 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-05 11:09 - 2015-04-06 01:21 - 00001008 _____ C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job
2015-12-05 10:09 - 2015-03-14 19:04 - 00000000 ____D C:\Users\User\AppData\Roaming\foobar2000
2015-12-05 09:49 - 2015-03-14 09:02 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA2EE3F2-BB96-4C6B-A1C0-040BBF27F82F}
2015-12-05 01:09 - 2015-04-06 00:09 - 00001338 _____ C:\Windows\Tasks\QJNFZ.job
2015-12-05 00:50 - 2015-03-14 09:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1819164317-4010897610-528679445-1001
2015-12-04 22:33 - 2013-08-26 01:09 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-04 22:33 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2015-12-04 22:30 - 2015-08-09 01:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 22:30 - 2015-03-14 09:02 - 00001425 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-04 22:29 - 2015-09-23 17:56 - 00000796 _____ C:\Users\Public\Desktop\Mass Effect.lnk
2015-12-04 22:29 - 2015-09-07 19:22 - 00001875 _____ C:\Users\Public\Desktop\Grandia II Anniversary Edition.lnk
2015-12-04 22:29 - 2015-08-12 17:48 - 00001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Borderlands The Pre-Sequel.lnk
2015-12-04 22:29 - 2015-08-10 22:14 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII.lnk
2015-12-04 22:29 - 2015-08-10 22:14 - 00000896 _____ C:\Users\Public\Desktop\Final Fantasy XIII.lnk
2015-12-04 22:29 - 2015-08-09 01:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-04 22:29 - 2015-08-03 20:37 - 00000581 _____ C:\Users\Public\Desktop\FreeStyle2.lnk
2015-12-04 22:29 - 2015-06-30 11:14 - 00001844 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-12-04 22:29 - 2015-06-12 08:28 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2015-12-04 22:29 - 2015-06-03 12:04 - 00001154 _____ C:\Users\Public\Desktop\Game Dev Tycoon.lnk
2015-12-04 22:29 - 2015-05-30 23:52 - 00001918 _____ C:\Users\Public\Desktop\The Legend of Heroes - Trails in the Sky.lnk
2015-12-04 22:29 - 2015-03-30 21:07 - 00001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-04 22:29 - 2015-03-14 19:04 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-12-04 22:29 - 2013-09-05 22:30 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Connected Music.lnk
2015-12-04 22:29 - 2013-09-05 22:27 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-04 22:29 - 2013-09-05 22:27 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-04 22:29 - 2013-09-05 22:23 - 00001974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-12-04 22:28 - 2015-09-28 22:51 - 00001141 _____ C:\Users\User\Desktop\NBA 2K14.lnk
2015-12-04 22:28 - 2015-09-21 19:55 - 00001408 _____ C:\Users\User\Desktop\Fallout New Vegas - Ultimate Edition.lnk
2015-12-04 22:28 - 2015-09-13 15:43 - 00001188 _____ C:\Users\User\Desktop\Tomb Raider.lnk
2015-12-04 22:28 - 2015-09-12 17:29 - 00001419 _____ C:\Users\User\Desktop\Annihilus Launcher.lnk
2015-12-04 22:28 - 2015-09-08 21:44 - 00000881 _____ C:\Users\User\Desktop\FINAL FANTASY TYPE 0 HD.lnk
2015-12-04 22:28 - 2015-06-13 05:36 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2015-12-04 22:28 - 2015-03-14 09:02 - 00000901 _____ C:\Users\User\Desktop\Downloads.lnk
2015-12-04 22:27 - 2015-06-07 02:18 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 22:26 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 22:25 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager
2015-12-04 22:25 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-04 22:23 - 2015-04-10 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-04 22:22 - 2015-05-22 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2015-12-04 21:57 - 2015-08-09 01:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-04 21:57 - 2015-08-09 01:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-04 21:09 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 21:09 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-04 17:56 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-04 15:49 - 2015-03-16 12:53 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-04 15:34 - 2015-06-07 02:18 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 15:34 - 2015-06-07 02:18 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-05-10 19:40 - 2015-05-10 19:40 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\User\AppData\Roaming\QJNFZ
2015-04-02 07:22 - 2015-04-02 07:22 - 0000000 _____ () C:\Users\User\AppData\Roaming\Stardockfences_debug_snapshot.dat
2015-03-20 20:09 - 2015-03-26 00:52 - 0000121 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-03-31 03:14 - 2015-03-31 03:14 - 0004387 _____ () C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC
2015-03-22 09:52 - 2015-03-22 09:52 - 0000010 _____ () C:\Users\User\AppData\Local\DSI.DAT
2015-05-22 23:59 - 2015-07-31 19:46 - 0000113 _____ () C:\Users\User\AppData\Local\TempDiskpartScript.txt
 
Files to move or delete:
====================
C:\Users\User\ent_ikov_preferences.dat
 
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\208063B2-958E-4A55-DB72-4893F40DF2C7.dll
C:\Users\User\AppData\Local\Temp\208063B2-958E-4A55-DB72-4893F40DF2C7.exe
C:\Users\User\AppData\Local\Temp\7354E2F9-6D0F-4D86-5D76-F5CD0A0FFDBD.exe
C:\Users\User\AppData\Local\Temp\7za.exe
C:\Users\User\AppData\Local\Temp\AutoRun.exe
C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\User\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\User\AppData\Local\Temp\CloudBackup5772.exe
C:\Users\User\AppData\Local\Temp\cw.exe
C:\Users\User\AppData\Local\Temp\d2l_Install.exe
C:\Users\User\AppData\Local\Temp\d2l_PlayD2.exe
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\dsetup32.dll
C:\Users\User\AppData\Local\Temp\DXSETUP.exe
C:\Users\User\AppData\Local\Temp\EAD41AF.exe
C:\Users\User\AppData\Local\Temp\EAD4739.exe
C:\Users\User\AppData\Local\Temp\EAD6D14.exe
C:\Users\User\AppData\Local\Temp\EAD7133.exe
C:\Users\User\AppData\Local\Temp\EAD8D08.exe
C:\Users\User\AppData\Local\Temp\EAD97A7.exe
C:\Users\User\AppData\Local\Temp\EADA840.exe
C:\Users\User\AppData\Local\Temp\EADA9F2.exe
C:\Users\User\AppData\Local\Temp\EADBE98.exe
C:\Users\User\AppData\Local\Temp\EADC82D.exe
C:\Users\User\AppData\Local\Temp\EADCFB5.exe
C:\Users\User\AppData\Local\Temp\EAInstall.dll
C:\Users\User\AppData\Local\Temp\eauninstall.exe
C:\Users\User\AppData\Local\Temp\fd585b8e864cc41e70aa800112186ec8.dll
C:\Users\User\AppData\Local\Temp\fe27ea5f467734672da2354c795be130.dll
C:\Users\User\AppData\Local\Temp\madden_inst.exe
C:\Users\User\AppData\Local\Temp\OnlineBackup.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\ose00002.exe
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\Setup_2004.exe
C:\Users\User\AppData\Local\Temp\SRLDetectionLibrary3689128622239520489.dll
C:\Users\User\AppData\Local\Temp\unins000.exe
C:\Users\User\AppData\Local\Temp\UninstallEADM.dll
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-04 17:53
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by User (2015-12-05 14:01:09)
Running from C:\Users\User\Desktop
Windows 8.1 (X64) (2015-03-14 14:01:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1819164317-4010897610-528679445-500 - Administrator - Disabled)
Guest (S-1-5-21-1819164317-4010897610-528679445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1819164317-4010897610-528679445-1003 - Limited - Enabled)
User (S-1-5-21-1819164317-4010897610-528679445-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1 Media Player version 1.7.8 (HKLM-x32\...\{6C566E3B-CBFB-4A3C-A8B6-88EA54DE7CA9}_is1) (Version: 1.7.8 - OneFloorApp Ltd.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Black Chocobo (HKLM-x32\...\Black_Chocobo) (Version:  - )
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
EA SPORTS online 2008 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fairy Fencer F (HKLM-x32\...\Fairy Fencer F_is1) (Version:  - )
Fallout New Vegas - Ultimate Edition (HKLM-x32\...\Fallout New Vegas - Ultimate Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
FF7Music (HKLM\...\FF7Music) (Version:  - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
Final Fantasy IV (HKLM-x32\...\Final Fantasy IV_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
FINAL FANTASY TYPE 0 HD (HKLM-x32\...\FINAL FANTASY TYPE 0 HD_is1) (Version:  - )
FINAL FANTASY VII (HKLM-x32\...\{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1) (Version: 1.0 - Square Enix)
Final Fantasy XIII (HKLM-x32\...\RmluYWxGYW50YXN5WElJSQ==_is1) (Version: 1 - )
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
FreeStyle2 (HKLM-x32\...\{67E8ED8C-0318-4F6B-BE6F-FC042EE9BD15}) (Version: 1.02.0000 - Joycity)
Game Dev Tycoon v1.5.11 (2014) (HKLM-x32\...\Game Dev Tycoon v1.5.11 (2014)1.5.11) (Version: 1.5.11 - Friends in War)
Game Dev Tycoon version 1.5.11 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.11 - Greenheart Games Pty. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grandia II Anniversary Edition (HKLM-x32\...\1435140754_is1) (Version: 2.0.0.3 - GOG.com)
Grisaia Font Installer version 1 (HKLM-x32\...\Grisaia Font Installer_is1) (Version: 1 - )
Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
LAV Filters 0.65 (HKLM-x32\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version:  - Electronic Arts)
MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{20DEB77C-21D6-4D22-BB47-233E47613D57}) (Version: 1.1.0322 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Kakao Corp.)
PSXMemTool 1.20b (remove only) (HKLM-x32\...\PSXMemTool) (Version:  - )
Real Kanojo (HKLM-x32\...\{58ABF83F-C5EA-4C21-A1D8-A0AF1E4D026C}_is1) (Version: 1.0.0.0 - randompirate @ TPB)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SCHOOLDAYS HQ (HKLM-x32\...\SCHOOLDAYS HQ) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C5625747-F029-4127-BB29-4E918A0105D8}) (Version: 6.1.6.0 - Husdawg, LLC)
The Legend of Heroes - Trails in the Sky (HKLM-x32\...\1207665083_is1) (Version: 2.0.0.2 - GOG.com)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Tomb Raider (HKLM-x32\...\Tomb Raider_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Viva Pinata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios:)
VLC Media Player 2.1.5 Final (HKLM-x32\...\VLC Media Player 2.1.5 Final) (Version:  - )
Way of the Samurai 4 (HKLM-x32\...\Way of the Samurai 4_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 10.0.0 - Inmatrix LTD)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-10-2015 13:20:31 Scheduled Checkpoint
30-10-2015 06:17:25 Scheduled Checkpoint
04-12-2015 17:53:35 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-08-13 15:15 - 00002291 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
 
There are 48 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {243FC6FB-DA46-46E9-8A9D-3B887AADBD7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {263343B5-D9A1-4487-8341-2B79AA5E742F} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {31DF5A1A-93EE-4235-A060-DFB40A9F9072} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe <==== ATTENTION
Task: {3A9E3F37-80F4-42D4-A3E6-E30B01C88CBC} - System32\Tasks\QJNFZ => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {44EDDB37-3DE1-4AB9-B7E1-50A14FAA612D} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {4E6AEC89-1052-47AB-9C9C-B60C5D7F4AE3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {53C5C98E-4321-41D9-A1A6-99C9F5F2CAF5} - System32\Tasks\WCKWKBCMYC => C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5\467e8f03c4a04721aa58bd9681d15af5.exe <==== ATTENTION
Task: {5889646F-9482-48C8-B77B-5813CC0704D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {5A7A7455-386A-4F95-AA74-D2E2DE76C5E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {656CDEAE-4290-4DC0-8A62-B9E2C8DA5D11} - System32\Tasks\wS36FQNEHgSN9J2IC => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
Task: {7B493694-2B58-4250-B223-C155AA8663E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-04] (Adobe Systems Incorporated)
Task: {8F9D0A83-347E-445D-A3B8-D3C094CBE5FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {95B45C8B-C09C-4458-91DD-C9782440B325} - \SMWUpd -> No File <==== ATTENTION
Task: {97362E58-F55C-41F5-A01E-32F18209A5BB} - \SPDriver -> No File <==== ATTENTION
Task: {9F5C2421-026A-4681-876E-9A7764A565DD} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {A091371A-5776-4F97-B151-3B8892CCECF6} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-10_user -> No File <==== ATTENTION
Task: {A0FD59E2-2723-44B3-BBE2-E54BA0826296} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {AC984DE2-AB48-466F-B147-C4E17ADDE236} - \SPBIW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: {C537D4DF-E5A0-41EE-BAAE-A87FE0E79935} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-1-7 -> No File <==== ATTENTION
Task: {C82517A4-7D3F-4C24-B83C-6B4A2CA66EC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {CA6B1696-F5DF-4E92-8096-A3AAFE1E255D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {CE835B64-FE82-4BAE-9347-6B9AAF60AE1B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D8ED3C47-A76A-4893-8726-AFDB05560AFD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E31B058C-3557-4795-8FEA-3AEF1869957A} - \ShopperPro -> No File <==== ATTENTION
Task: {E6489B51-2EF3-4F07-917B-C7882E74FBFD} - System32\Tasks\{8055EAE2-E840-48EF-9793-CBE2BF9E7334} => pcalua.exe -a "C:\Overflow\SCHOOLDAYS HQ\SCHOOLDAYS HQ.exe" -d "C:\Overflow\SCHOOLDAYS HQ"
Task: {EB2BE4AE-F77D-44CE-B4A1-7558A7302182} - \SMW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: {F2279521-BC6D-4F54-848C-5DA5A3B91B21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII\FF7 OpenGL Config File.lnk -> C:\Program Files (x86)\Square Enix\FINAL FANTASY VII\OpenGLconfig.bat (No File) <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-08-23 03:08 - 2013-08-23 03:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-08-23 03:13 - 2013-08-23 03:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-08-23 03:09 - 2013-08-23 03:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-08-23 03:12 - 2013-08-23 03:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-05 23:30 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 23:10 - 2013-08-09 07:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-20 21:11 - 2015-03-20 20:59 - 00107520 ____R () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\ws_Atlantica_Online_Game_2560x1600.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AAF49C53-353E-4E4D-AD34-0E9F72C21687}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F153C1C2-A6CD-4342-9447-DE30FD45BC01}] => (Allow) LPort=2869
FirewallRules: [{A73D159F-7666-45D0-B858-E77BE7A01E0E}] => (Allow) LPort=1900
FirewallRules: [{01B5EFDA-F355-432B-9D1D-3D6ECF272273}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{81CA1FA1-DA64-4BD7-AB59-C5C9D339A760}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F22E2671-FC7F-4DF9-A5E5-2DEED8114EEF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6D6319E2-8DE0-4437-B4AA-BA83E6F48C55}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{7B8B94A8-7C24-4B24-84C7-55709EC52CC2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{71747173-9353-4D98-BB0F-E9D5FC64F4DE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{09696DC4-92BA-4C45-9DD6-12BD1ABA837D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0F41DF53-B690-476D-A766-F836E9183B5B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4066356D-C37E-4880-AF80-946A3D2E193C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{791CF8CD-AFB4-4119-9ED3-51CE61165A43}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C030036E-A825-4D64-B112-7C32CCD52003}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{ED8D57DC-B620-4379-9CB5-C54CF097088E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7B239F45-68B5-4266-B70B-DE83ED0FA885}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B859BC76-9F68-4F63-BD13-F908E82049BF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7486DA3F-2F49-4FD0-B4BF-018F58BC8621}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EC655D57-9D98-48BE-80A7-5A6AF200796D}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{EE00E569-92D1-4534-8CAA-9E9C4AB2125D}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{7C07EB9B-F487-4976-AD4F-9D356C69F511}] => (Allow) C:\Users\User\AppData\Local\Temp\nsm2E3E.tmp\CnetInstaller-10620931.exe
FirewallRules: [{905C22A9-AF28-4155-8E91-34B922EDA1D4}] => (Allow) C:\Users\User\AppData\Local\Temp\nsm2E3E.tmp\CnetInstaller-10620931.exe
FirewallRules: [TCP Query User{396A4AF9-3C1A-4624-B4C8-D418624B60A0}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{DA67383B-6300-4973-97F4-232EBEEB91F0}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{036F52EE-0CF0-4645-8961-C24083217EC8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{67D89F84-0827-41CB-AD42-66B3C48953BE}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{6110A5A4-FBC5-4AA8-A86E-EB86BB394F7B}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{EC5D3919-6352-4216-AD4A-816965F53A06}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{688BBB51-EFA0-49E4-9F3C-40439008021D}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EFE49864-2DAE-400A-B763-2B69B0F7813F}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{901E93C3-358E-453E-9EDD-488048880E7B}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{87CA11D8-8589-4353-987C-005E845BE573}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{37D72506-1AE4-4A05-ADC2-4C6AC763BECB}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{733A6838-E761-4175-A5A7-3857EE23019A}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{7EF10272-91C6-408E-B70A-DA910BF71517}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{051B6CDD-41B0-4CD2-93D1-E936D3F4CBAE}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{ECCC08BA-B110-44A7-B6F1-4ACC49893B39}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{035E0A5A-8187-4525-8F1F-C21A59E84149}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{BCFFBBD3-CC7E-4293-91AD-941018EC13CB}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{038B64AE-041D-4AC7-AB8B-EE98A1B4A76D}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [UDP Query User{E2C7577A-E6C0-464B-90A6-5D1CC36FB7CF}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [{B1AE1EE2-B0CC-416A-8FF7-F7F6A1DFF371}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{8CC3D97B-2C30-454B-B243-66ADF51998E1}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{B545D465-0D68-4656-98D2-67201A3B9DF7}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{799C0307-5B6C-48A5-9521-FEF997C99494}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{4B5DE9F6-E0E3-464E-92ED-7F11A90022CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{D837D76E-5886-4A88-BFFE-9D988E6BC5A1}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{32025F12-D4E3-4BA1-A64D-3E1DD90ABC74}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{6C783C03-FC89-4B78-BC5D-0964B6F554D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB38F287-7BC1-41EA-8E44-2B376E72C73A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FC2D7C9-3275-4D9D-B7C7-AD11C33A449A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D331AD93-3E41-4126-AF69-C89E37FB7A50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{56472C60-3FE0-40F5-9E41-96D46B83816C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/05/2015 12:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x1a28
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/05/2015 11:22:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x870
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/05/2015 11:09:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/04/2015 10:56:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x13d0
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/04/2015 10:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 024777~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x62c
Faulting application start time: 0x024777~1.EXE0
Faulting application path: 024777~1.EXE1
Faulting module path: 024777~1.EXE2
Report Id: 024777~1.EXE3
Faulting package full name: 024777~1.EXE4
Faulting package-relative application ID: 024777~1.EXE5
 
Error: (12/04/2015 09:25:26 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (12/04/2015 09:22:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0xd20
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/04/2015 07:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x1f0c
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
Error: (12/04/2015 06:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tales of Zestiria.exe, version: 0.0.0.0, time stamp: 0x5624c709
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000409
Fault offset: 0x00019fa4
Faulting process id: 0x834
Faulting application start time: 0xTales of Zestiria.exe0
Faulting application path: Tales of Zestiria.exe1
Faulting module path: Tales of Zestiria.exe2
Report Id: Tales of Zestiria.exe3
Faulting package full name: Tales of Zestiria.exe4
Faulting package-relative application ID: Tales of Zestiria.exe5
 
Error: (12/04/2015 03:51:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x5b0
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
 
 
System errors:
=============
Error: (12/04/2015 10:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0247771426341785) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/04/2015 10:26:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%2
 
Error: (12/04/2015 10:26:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error: 
%%2
 
Error: (12/04/2015 06:12:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
 
Error: (12/04/2015 06:12:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
 
Error: (12/04/2015 06:11:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
 
Error: (12/04/2015 06:11:03 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (12/04/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (12/04/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (12/04/2015 05:53:45 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
CodeIntegrity:
===================================
  Date: 2015-12-04 22:34:43.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:34:43.553
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:34:43.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:34:42.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:32:06.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:32:06.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:54.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:54.237
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:53.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-04 22:31:53.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 32%
Total physical RAM: 6059.57 MB
Available physical RAM: 4113.22 MB
Total Virtual: 7019.57 MB
Available Virtual: 5170.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:676.79 GB) (Free:346.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.07 GB) (Free:2.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Sims3EP07) (CDROM) (Total:3.32 GB) (Free:0 GB) UDF
Drive g: (MADDEN_NFL_08) (CDROM) (Total:2.11 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 24E7A700)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
OK then we can start fixing.


Download the enclosed file==>Attached File  fixlist.txt   9.39KB   70 downloads Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#6
Mike17

Mike17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thank you for taking the time to help me! I completed the three steps, here they are;

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by User (2015-12-05 14:35:32) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Users\User\AppData\Roaming\uTorrent
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
"C:\Program Files (x86)\YTDownloader
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AIM for Windows] => "C:\Users\User\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {498cce3f-4c17-11e5-82bf-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {6e512137-0268-11e5-82ab-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {c8d770fe-ce3f-11e4-8265-a01d48d64a58} - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {d81fc01b-ce91-11e4-8267-a01d48d64a58} - "G:\Madden08.exe" 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.avg.com/?cid=%7BF01979C8-19C3-4814-874F-B83DF32AC760%7D&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10%2020:40:45&v=18.5.0.909&pid=safeguard&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={F01979C8-19C3-4814-874F-B83DF32AC760}&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10 20:40:45&v=15.3.0.10&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL: 
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default\user.js [2015-05-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-03-20]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-12-05 11:49 - 2015-03-14 14:59 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-12-05 11:09 - 2015-04-06 01:21 - 00001008 _____ C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job
2015-12-05 01:09 - 2015-04-06 00:09 - 00001338 _____ C:\Windows\Tasks\QJNFZ.job
2015-12-04 22:28 - 2015-09-07 16:43 - 00002660 _____ C:\Users\User\Desktop\µTorrent.lnk
C:\Users\User\ent_ikov_preferences.dat
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {31DF5A1A-93EE-4235-A060-DFB40A9F9072} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe <==== ATTENTION
Task: {3A9E3F37-80F4-42D4-A3E6-E30B01C88CBC} - System32\Tasks\QJNFZ => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {44EDDB37-3DE1-4AB9-B7E1-50A14FAA612D} - \ShopperProJSUpd -> No File <==== ATTENTION
C:\ProgramData\Origin
Task: {53C5C98E-4321-41D9-A1A6-99C9F5F2CAF5} - System32\Tasks\WCKWKBCMYC => C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5\467e8f03c4a04721aa58bd9681d15af5.exe <==== ATTENTION
C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5
Task: {656CDEAE-4290-4DC0-8A62-B9E2C8DA5D11} - System32\Tasks\wS36FQNEHgSN9J2IC => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe
Task: {95B45C8B-C09C-4458-91DD-C9782440B325} - \SMWUpd -> No File <==== ATTENTION
Task: {97362E58-F55C-41F5-A01E-32F18209A5BB} - \SPDriver -> No File <==== ATTENTION
Task: {9F5C2421-026A-4681-876E-9A7764A565DD} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {A091371A-5776-4F97-B151-3B8892CCECF6} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-10_user -> No File <==== ATTENTION
Task: {C537D4DF-E5A0-41EE-BAAE-A87FE0E79935} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-1-7 -> No File <==== ATTENTION
Task: {E31B058C-3557-4795-8FEA-3AEF1869957A} - \ShopperPro -> No File <==== ATTENTION
Task: {EB2BE4AE-F77D-44CE-B4A1-7558A7302182} - \SMW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII\FF7 OpenGL Config File.lnk -> C:\Program Files (x86)\Square Enix\FINAL FANTASY VII\OpenGLconfig.bat (No File) <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
FirewallRules: [{035E0A5A-8187-4525-8F1F-C21A59E84149}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{BCFFBBD3-CC7E-4293-91AD-941018EC13CB}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{0597C00C-5B29-4E32-854E-AD0878D240A2}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA7F471B-E7EC-4466-B249-81866ED5B083}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E5F7058-524D-4C40-9167-A3475033D8AD}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3920D332-B1D3-45C0-9261-7905C476B2BC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6E36A9C-A6A8-4983-B4F0-8A0DDAADD58E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D5719D4A-CB3D-4551-A011-0D063C6128FB}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{038B64AE-041D-4AC7-AB8B-EE98A1B4A76D}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [UDP Query User{E2C7577A-E6C0-464B-90A6-5D1CC36FB7CF}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe  
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\Users\User\AppData\Roaming\uTorrent => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
"C:\Program Files (x86)\YTDownloader" => not found.
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AIM for Windows => value removed successfully
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{498cce3f-4c17-11e5-82bf-a01d48d64a58}" => key removed successfully
HKCR\CLSID\{498cce3f-4c17-11e5-82bf-a01d48d64a58} => key not found. 
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e512137-0268-11e5-82ab-a01d48d64a58}" => key removed successfully
HKCR\CLSID\{6e512137-0268-11e5-82ab-a01d48d64a58} => key not found. 
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8d770fe-ce3f-11e4-8265-a01d48d64a58}" => key removed successfully
HKCR\CLSID\{c8d770fe-ce3f-11e4-8265-a01d48d64a58} => key not found. 
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81fc01b-ce91-11e4-8267-a01d48d64a58}" => key removed successfully
HKCR\CLSID\{d81fc01b-ce91-11e4-8267-a01d48d64a58} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7931E49C-AC22-4603-B8DE-6B95EDF8664F}" => key removed successfully
HKCR\CLSID\{7931E49C-AC22-4603-B8DE-6B95EDF8664F} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7931E49C-AC22-4603-B8DE-6B95EDF8664F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{7931E49C-AC22-4603-B8DE-6B95EDF8664F} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7931E49C-AC22-4603-B8DE-6B95EDF8664F}" => key removed successfully
HKCR\CLSID\{7931E49C-AC22-4603-B8DE-6B95EDF8664F} => key not found. 
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox DefaultSearchEngine removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "Keyword.URL" removed successfully
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q= => not found
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default\user.js => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => moved successfully
C:\Program Files (x86)\mozilla firefox\my.cfg => moved successfully
clwvd => service removed successfully
EagleX64 => service removed successfully
McMPFSvc => service removed successfully
McNaiAnn => service removed successfully
mcpltsvc => service removed successfully
McProxy => service removed successfully
mfecore => service removed successfully
MSK80Service => service removed successfully
X6va029 => service removed successfully
xhunter1 => service removed successfully
"C:\Users\User\AppData\Roaming\uTorrent" => not found.
C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job => moved successfully
C:\Windows\Tasks\QJNFZ.job => moved successfully
"C:\Users\User\Desktop\µTorrent.lnk" => not found.
C:\Users\User\ent_ikov_preferences.dat => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31DF5A1A-93EE-4235-A060-DFB40A9F9072}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31DF5A1A-93EE-4235-A060-DFB40A9F9072}" => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A9E3F37-80F4-42D4-A3E6-E30B01C88CBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A9E3F37-80F4-42D4-A3E6-E30B01C88CBC}" => key removed successfully
C:\Windows\System32\Tasks\QJNFZ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QJNFZ" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44EDDB37-3DE1-4AB9-B7E1-50A14FAA612D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EDDB37-3DE1-4AB9-B7E1-50A14FAA612D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => key not found. 
"C:\ProgramData\Origin" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53C5C98E-4321-41D9-A1A6-99C9F5F2CAF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C5C98E-4321-41D9-A1A6-99C9F5F2CAF5}" => key removed successfully
C:\Windows\System32\Tasks\WCKWKBCMYC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WCKWKBCMYC" => key removed successfully
C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{656CDEAE-4290-4DC0-8A62-B9E2C8DA5D11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{656CDEAE-4290-4DC0-8A62-B9E2C8DA5D11}" => key removed successfully
C:\Windows\System32\Tasks\wS36FQNEHgSN9J2IC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wS36FQNEHgSN9J2IC" => key removed successfully
"C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95B45C8B-C09C-4458-91DD-C9782440B325}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B45C8B-C09C-4458-91DD-C9782440B325}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97362E58-F55C-41F5-A01E-32F18209A5BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97362E58-F55C-41F5-A01E-32F18209A5BB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F5C2421-026A-4681-876E-9A7764A565DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F5C2421-026A-4681-876E-9A7764A565DD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A091371A-5776-4F97-B151-3B8892CCECF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A091371A-5776-4F97-B151-3B8892CCECF6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-10_user => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C537D4DF-E5A0-41EE-BAAE-A87FE0E79935}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C537D4DF-E5A0-41EE-BAAE-A87FE0E79935}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-1-7 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E31B058C-3557-4795-8FEA-3AEF1869957A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E31B058C-3557-4795-8FEA-3AEF1869957A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB2BE4AE-F77D-44CE-B4A1-7558A7302182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2BE4AE-F77D-44CE-B4A1-7558A7302182}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 => key not found. 
C:\Windows\Tasks\QJNFZ.job => not found.
C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job => not found.
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII\FF7 OpenGL Config File.lnk -> C:\Program Files (x86)\Square Enix\FINAL FANTASY VII\OpenGLconfig.bat (No File) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Gambali" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{035E0A5A-8187-4525-8F1F-C21A59E84149} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCFFBBD3-CC7E-4293-91AD-941018EC13CB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0597C00C-5B29-4E32-854E-AD0878D240A2} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA7F471B-E7EC-4466-B249-81866ED5B083} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E5F7058-524D-4C40-9167-A3475033D8AD} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3920D332-B1D3-45C0-9261-7905C476B2BC} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6E36A9C-A6A8-4983-B4F0-8A0DDAADD58E} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5719D4A-CB3D-4551-A011-0D063C6128FB} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{038B64AE-041D-4AC7-AB8B-EE98A1B4A76D}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E2C7577A-E6C0-464B-90A6-5D1CC36FB7CF}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe => value removed successfully
BrsHelper => service removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 4.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:40:37 ====
 
# AdwCleaner v5.023 - Logfile created 05/12/2015 at 14:50:20
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : User - HP
# Running from : C:\Users\User\Downloads\adwcleaner_5.023.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
[-] Folder Deleted : C:\ProgramData\NetEngine
[!] Folder Not Deleted : C:\ProgramData\NetEngine
[-] Folder Deleted : C:\ProgramData\547334600000564f
[-] Folder Deleted : C:\ProgramData\e2e2f49669714ee48831141893f21ee9
[-] Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\User\AppData\Local\DeskBar
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_10377
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_10991
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_19311
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_20683
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_21600
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_24923
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_4636
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_9021
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BrowserHelper
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : LaunchSignup
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
[-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DeskBar]
[-] Key Deleted : HKLM\SOFTWARE\54b44171-af82-e32c-13e4-01579d647422
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\ClientConnect
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\IGS
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8895 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by User (Administrator) on Sat 12/05/2015 at 14:57:00.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 6 
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\(default) (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\knctr (Folder) 
Successfully deleted: C:\Users\User\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\User\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\User\AppData\Roaming\itibiti (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0247771426341785mcinstcleanup (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/05/2015 at 14:59:09.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello Mike17,

Next

No need to download Malwarebytes if you already have it. If you do not have please download and run via instructions;
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#8
Mike17

Mike17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Here is the log you requested, I just ran it earlier before I started doing what you suggested so it already removed what was found but I ran it again for you anyway:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/5/2015
Scan Time: 4:41 PM
Logfile: mwam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.05.05
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345575
Time Elapsed: 18 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
OK. A clean Malwarebytes log is a good sign.

How is the computer? What issues remain and in what browser ?
  • 0

#10
Mike17

Mike17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

OK. A clean Malwarebytes log is a good sign.

How is the computer? What issues remain and in what browser ?

 

Not noticing anything bad really, both firefox and chrome are working good and I tried my game and it's now working 100% without the issues.


Edited by Mike17, 05 December 2015 - 04:10 PM.

  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
OK. Use it for a while, then come back an tell me things are still ok, then we will clean up the tools I had you download.

Thanks
Joe :)
  • 0

#12
Mike17

Mike17

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

OK. Use it for a while, then come back an tell me things are still ok, then we will clean up the tools I had you download.

Thanks
Joe :)

 

Ok will do! Thanks for all the help so far, really appreciate it.


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

If no further issues are present lets clean up the tools with delfix .


-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP