Okay so I got this laptop off a friend a while ago, and so far It has been playing real smooth. I could browse the internet, play online games, etc. and have no problems. Then firefox would get spammed with ads whenever I clicked anything, and it would get so many it would freeze up. I moved to google chrome and now it's doing the same thing. Anytime I click something quite a few ads come up, sometimes freezing the browser. And I noticed above the webpage a video will load up thats complete spam, and the website will be shown below it as if the video isn't even part of the website. I used Malwarebytes Anti-Malware and it said I had 40 infected files, I cleaned them, and ran it again, but nothing has changed. I been playing Freestyle street basketball 2 which is a low requirement game and it been running very smooth, but now it keeps freezing and my internet keeps slowing down like it's occupied elsewhere when I know this shouldn't be the case because I got Suddenlink's highspeed internet. Not really sure what else you need to know I'm new to this, but if I missed something please let me know and I will post it!
I'm using windows 8.1 and it's an HP.
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by User (administrator) on HP (05-12-2015 11:50:25)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Scarlet.Crush Productions) C:\Users\User\Desktop\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\utorrent.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41035\utorrentie.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41035\utorrentie.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41035\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-03] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [DeskBar] => C:\Users\User\AppData\Local\DeskBar\DeskBar.exe
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AIM for Windows] => "C:\Users\User\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: F - "F:\Autorun.exe"
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {498cce3f-4c17-11e5-82bf-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {6e512137-0268-11e5-82ab-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {c8d770fe-ce3f-11e4-8265-a01d48d64a58} - "F:\Autorun.exe"
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {d81fc01b-ce91-11e4-8267-a01d48d64a58} - "G:\Madden08.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{6EDA1753-79CC-43F6-BA8C-A5AFEB1C0434}: [DhcpNameServer] 40.20.1.201 40.20.1.202
Tcpip\..\Interfaces\{9541A430-35BF-4D11-82A3-E98187E9A727}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.avg.com/?cid=%7BF01979C8-19C3-4814-874F-B83DF32AC760%7D&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10%2020:40:45&v=18.5.0.909&pid=safeguard&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={F01979C8-19C3-4814-874F-B83DF32AC760}&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10 20:40:45&v=15.3.0.10&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL:
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default\user.js [2015-05-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-03-20]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (Poker Status) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelablainldddlehlmfkoaomafmnfnl [2015-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0247771426341785mcinstcleanup; C:\Windows\TEMP\024777~1.EXE [834664 2013-07-13] (McAfee, Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
R2 Ds3Service; C:\Users\User\Desktop\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-05-21] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-03-20] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-05-21] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-05 11:50 - 2015-12-05 11:50 - 00022827 _____ C:\Users\User\Desktop\FRST.txt
2015-12-05 11:50 - 2015-12-05 11:50 - 00000000 ____D C:\FRST
2015-12-05 11:48 - 2015-12-05 11:48 - 02369024 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-12-05 09:51 - 2015-12-05 09:53 - 00000000 ____D C:\Users\User\Downloads\The Weeknd - Beauty Behind the Madness (Explicit) 2015 {MP3 Album}~{VBUc}
2015-12-05 00:50 - 2015-12-05 11:19 - 00000000 ____D C:\Users\User\Documents\Madden NFL 08
2015-12-05 00:45 - 2015-12-05 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
2015-12-05 00:42 - 2015-02-01 15:55 - 00000000 ____D C:\Users\User\Desktop\FF-FI XV 2.0 Full
2015-12-05 00:41 - 2015-12-05 00:41 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2015-12-05 00:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-12-05 00:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-12-05 00:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-12-05 00:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-12-05 00:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-12-05 00:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-12-05 00:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-12-05 00:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-12-05 00:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-12-05 00:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-12-05 00:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-12-05 00:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-12-05 00:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-12-05 00:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-12-05 00:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-12-05 00:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-12-05 00:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-12-05 00:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-12-05 00:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-12-05 00:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-12-05 00:37 - 2015-12-05 00:41 - 588836654 _____ C:\Users\User\Downloads\FF-FI XV 2.0 Full.rar
2015-12-05 00:25 - 2015-12-05 00:36 - 00000000 ____D C:\Users\User\Downloads\Madden.NFL.08
2015-12-04 22:34 - 2015-12-04 22:34 - 00199212 _____ C:\Users\User\Desktop\ClientLoader.jar
2015-12-04 18:18 - 2015-12-04 18:18 - 00000000 ____D C:\Users\User\AppData\Local\BANDAI NAMCO Games
2015-12-04 18:10 - 2015-12-04 18:10 - 00000000 ____D C:\Users\User\AppData\Local\Steam
2015-12-04 18:10 - 2015-12-04 18:10 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2015-12-04 18:03 - 2015-12-04 22:29 - 00000936 _____ C:\Users\Public\Desktop\Steam.lnk
2015-12-04 18:03 - 2015-12-04 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-04 18:02 - 2015-12-04 22:52 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-04 18:02 - 2015-12-04 18:02 - 01476720 _____ C:\Users\User\Downloads\SteamSetup.exe
2015-12-04 18:02 - 2015-12-04 18:02 - 01476720 _____ C:\Users\User\Downloads\SteamSetup (1).exe
2015-12-04 17:57 - 2015-12-04 17:58 - 00961254 _____ C:\Users\User\Downloads\ali213-tales.of.zestirias.crack.only.zip
2015-12-04 17:56 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-12-04 17:56 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-12-04 17:27 - 2015-12-04 17:27 - 00000000 ____D C:\Users\User\Downloads\Tales.of.Zestiria.Inclu.DLC
2015-12-04 16:43 - 2015-12-04 17:25 - 3425665492 _____ C:\Users\User\Downloads\Tales.of.Zestiria.Inclu.DLC.zip
2015-12-04 15:28 - 2015-12-05 11:39 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-05 11:50 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-05 11:49 - 2015-03-16 12:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-05 11:49 - 2015-03-14 14:59 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-12-05 11:39 - 2015-06-07 02:18 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 11:09 - 2015-04-06 01:21 - 00001008 _____ C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job
2015-12-05 10:09 - 2015-03-14 19:04 - 00000000 ____D C:\Users\User\AppData\Roaming\foobar2000
2015-12-05 09:49 - 2015-03-14 09:02 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA2EE3F2-BB96-4C6B-A1C0-040BBF27F82F}
2015-12-05 01:09 - 2015-04-06 00:09 - 00001338 _____ C:\Windows\Tasks\QJNFZ.job
2015-12-05 00:50 - 2015-03-14 09:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1819164317-4010897610-528679445-1001
2015-12-04 22:33 - 2013-08-26 01:09 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-04 22:33 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2015-12-04 22:30 - 2015-08-09 01:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 22:30 - 2015-03-14 09:02 - 00001425 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-04 22:29 - 2015-09-23 17:56 - 00000796 _____ C:\Users\Public\Desktop\Mass Effect.lnk
2015-12-04 22:29 - 2015-09-07 19:22 - 00001875 _____ C:\Users\Public\Desktop\Grandia II Anniversary Edition.lnk
2015-12-04 22:29 - 2015-08-12 17:48 - 00001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Borderlands The Pre-Sequel.lnk
2015-12-04 22:29 - 2015-08-10 22:14 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII.lnk
2015-12-04 22:29 - 2015-08-10 22:14 - 00000896 _____ C:\Users\Public\Desktop\Final Fantasy XIII.lnk
2015-12-04 22:29 - 2015-08-09 01:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-04 22:29 - 2015-08-03 20:37 - 00000581 _____ C:\Users\Public\Desktop\FreeStyle2.lnk
2015-12-04 22:29 - 2015-06-30 11:14 - 00001844 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-12-04 22:29 - 2015-06-12 08:28 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2015-12-04 22:29 - 2015-06-03 12:04 - 00001154 _____ C:\Users\Public\Desktop\Game Dev Tycoon.lnk
2015-12-04 22:29 - 2015-05-30 23:52 - 00001918 _____ C:\Users\Public\Desktop\The Legend of Heroes - Trails in the Sky.lnk
2015-12-04 22:29 - 2015-03-30 21:07 - 00001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-04 22:29 - 2015-03-14 19:04 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-12-04 22:29 - 2013-09-05 22:30 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Connected Music.lnk
2015-12-04 22:29 - 2013-09-05 22:27 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-04 22:29 - 2013-09-05 22:27 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-04 22:29 - 2013-09-05 22:23 - 00001974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-12-04 22:28 - 2015-09-28 22:51 - 00001141 _____ C:\Users\User\Desktop\NBA 2K14.lnk
2015-12-04 22:28 - 2015-09-21 19:55 - 00001408 _____ C:\Users\User\Desktop\Fallout New Vegas - Ultimate Edition.lnk
2015-12-04 22:28 - 2015-09-13 15:43 - 00001188 _____ C:\Users\User\Desktop\Tomb Raider.lnk
2015-12-04 22:28 - 2015-09-12 17:29 - 00001419 _____ C:\Users\User\Desktop\Annihilus Launcher.lnk
2015-12-04 22:28 - 2015-09-08 21:44 - 00000881 _____ C:\Users\User\Desktop\FINAL FANTASY TYPE 0 HD.lnk
2015-12-04 22:28 - 2015-09-07 16:43 - 00002660 _____ C:\Users\User\Desktop\µTorrent.lnk
2015-12-04 22:28 - 2015-06-13 05:36 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2015-12-04 22:28 - 2015-03-14 09:02 - 00000901 _____ C:\Users\User\Desktop\Downloads.lnk
2015-12-04 22:27 - 2015-06-07 02:18 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 22:26 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 22:25 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager
2015-12-04 22:25 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-04 22:23 - 2015-04-10 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-04 22:22 - 2015-05-22 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2015-12-04 21:57 - 2015-08-09 01:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-04 21:57 - 2015-08-09 01:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-04 21:09 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 21:09 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-04 17:56 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-04 15:49 - 2015-03-16 12:53 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-04 15:34 - 2015-06-07 02:18 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 15:34 - 2015-06-07 02:18 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2015-05-10 19:40 - 2015-05-10 19:40 - 0003725 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-03-09 16:30 - 2015-03-09 16:30 - 0005487 _____ () C:\Users\User\AppData\Roaming\QJNFZ
2015-04-02 07:22 - 2015-04-02 07:22 - 0000000 _____ () C:\Users\User\AppData\Roaming\Stardockfences_debug_snapshot.dat
2015-03-20 20:09 - 2015-03-26 00:52 - 0000121 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-03-31 03:14 - 2015-03-31 03:14 - 0004387 _____ () C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC
2015-03-22 09:52 - 2015-03-22 09:52 - 0000010 _____ () C:\Users\User\AppData\Local\DSI.DAT
2015-05-22 23:59 - 2015-07-31 19:46 - 0000113 _____ () C:\Users\User\AppData\Local\TempDiskpartScript.txt
Files to move or delete:
====================
C:\Users\User\ent_ikov_preferences.dat
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\208063B2-958E-4A55-DB72-4893F40DF2C7.dll
C:\Users\User\AppData\Local\Temp\208063B2-958E-4A55-DB72-4893F40DF2C7.exe
C:\Users\User\AppData\Local\Temp\7354E2F9-6D0F-4D86-5D76-F5CD0A0FFDBD.exe
C:\Users\User\AppData\Local\Temp\7za.exe
C:\Users\User\AppData\Local\Temp\AutoRun.exe
C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\User\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\User\AppData\Local\Temp\CloudBackup5772.exe
C:\Users\User\AppData\Local\Temp\cw.exe
C:\Users\User\AppData\Local\Temp\d2l_Install.exe
C:\Users\User\AppData\Local\Temp\d2l_PlayD2.exe
C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\User\AppData\Local\Temp\dsetup32.dll
C:\Users\User\AppData\Local\Temp\DXSETUP.exe
C:\Users\User\AppData\Local\Temp\EAD41AF.exe
C:\Users\User\AppData\Local\Temp\EAD4739.exe
C:\Users\User\AppData\Local\Temp\EAD6D14.exe
C:\Users\User\AppData\Local\Temp\EAD7133.exe
C:\Users\User\AppData\Local\Temp\EAD8D08.exe
C:\Users\User\AppData\Local\Temp\EAD97A7.exe
C:\Users\User\AppData\Local\Temp\EADA840.exe
C:\Users\User\AppData\Local\Temp\EADA9F2.exe
C:\Users\User\AppData\Local\Temp\EADBE98.exe
C:\Users\User\AppData\Local\Temp\EADC82D.exe
C:\Users\User\AppData\Local\Temp\EADCFB5.exe
C:\Users\User\AppData\Local\Temp\EAInstall.dll
C:\Users\User\AppData\Local\Temp\eauninstall.exe
C:\Users\User\AppData\Local\Temp\fd585b8e864cc41e70aa800112186ec8.dll
C:\Users\User\AppData\Local\Temp\fe27ea5f467734672da2354c795be130.dll
C:\Users\User\AppData\Local\Temp\madden_inst.exe
C:\Users\User\AppData\Local\Temp\OnlineBackup.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\ose00002.exe
C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\User\AppData\Local\Temp\Setup_2004.exe
C:\Users\User\AppData\Local\Temp\SRLDetectionLibrary3689128622239520489.dll
C:\Users\User\AppData\Local\Temp\unins000.exe
C:\Users\User\AppData\Local\Temp\UninstallEADM.dll
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-04 17:53
==================== End of FRST.txt ============================
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by User (2015-12-05 11:51:14)
Running from C:\Users\User\Desktop
Windows 8.1 (X64) (2015-03-14 14:01:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1819164317-4010897610-528679445-500 - Administrator - Disabled)
Guest (S-1-5-21-1819164317-4010897610-528679445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1819164317-4010897610-528679445-1003 - Limited - Enabled)
User (S-1-5-21-1819164317-4010897610-528679445-1001 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\uTorrent) (Version: 3.4.5.41035 - BitTorrent Inc.)
1 Media Player version 1.7.8 (HKLM-x32\...\{6C566E3B-CBFB-4A3C-A8B6-88EA54DE7CA9}_is1) (Version: 1.7.8 - OneFloorApp Ltd.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - )
Black Chocobo (HKLM-x32\...\Black_Chocobo) (Version: - )
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version: - )
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version: - )
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
EA SPORTS online 2008 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version: - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fairy Fencer F (HKLM-x32\...\Fairy Fencer F_is1) (Version: - )
Fallout New Vegas - Ultimate Edition (HKLM-x32\...\Fallout New Vegas - Ultimate Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
FF7Music (HKLM\...\FF7Music) (Version: - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
Final Fantasy IV (HKLM-x32\...\Final Fantasy IV_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
FINAL FANTASY TYPE 0 HD (HKLM-x32\...\FINAL FANTASY TYPE 0 HD_is1) (Version: - )
FINAL FANTASY VII (HKLM-x32\...\{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1) (Version: 1.0 - Square Enix)
Final Fantasy XIII (HKLM-x32\...\RmluYWxGYW50YXN5WElJSQ==_is1) (Version: 1 - )
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
FreeStyle2 (HKLM-x32\...\{67E8ED8C-0318-4F6B-BE6F-FC042EE9BD15}) (Version: 1.02.0000 - Joycity)
Game Dev Tycoon v1.5.11 (2014) (HKLM-x32\...\Game Dev Tycoon v1.5.11 (2014)1.5.11) (Version: 1.5.11 - Friends in War)
Game Dev Tycoon version 1.5.11 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.11 - Greenheart Games Pty. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grandia II Anniversary Edition (HKLM-x32\...\1435140754_is1) (Version: 2.0.0.3 - GOG.com)
Grisaia Font Installer version 1 (HKLM-x32\...\Grisaia Font Installer_is1) (Version: 1 - )
Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
LAV Filters 0.65 (HKLM-x32\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version: - Electronic Arts)
MadVR (remove only) (HKLM-x32\...\MadVR) (Version: - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{20DEB77C-21D6-4D22-BB47-233E47613D57}) (Version: 1.1.0322 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Kakao Corp.)
PSXMemTool 1.20b (remove only) (HKLM-x32\...\PSXMemTool) (Version: - )
Real Kanojo (HKLM-x32\...\{58ABF83F-C5EA-4C21-A1D8-A0AF1E4D026C}_is1) (Version: 1.0.0.0 - randompirate @ TPB)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SCHOOLDAYS HQ (HKLM-x32\...\SCHOOLDAYS HQ) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C5625747-F029-4127-BB29-4E918A0105D8}) (Version: 6.1.6.0 - Husdawg, LLC)
The Legend of Heroes - Trails in the Sky (HKLM-x32\...\1207665083_is1) (Version: 2.0.0.2 - GOG.com)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Tomb Raider (HKLM-x32\...\Tomb Raider_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Viva Pinata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios:)
VLC Media Player 2.1.5 Final (HKLM-x32\...\VLC Media Player 2.1.5 Final) (Version: - )
Way of the Samurai 4 (HKLM-x32\...\Way of the Samurai 4_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 10.0.0 - Inmatrix LTD)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
08-10-2015 13:20:31 Scheduled Checkpoint
30-10-2015 06:17:25 Scheduled Checkpoint
04-12-2015 17:53:35 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-08-13 15:15 - 00002291 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
There are 48 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {243FC6FB-DA46-46E9-8A9D-3B887AADBD7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {263343B5-D9A1-4487-8341-2B79AA5E742F} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {31DF5A1A-93EE-4235-A060-DFB40A9F9072} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe <==== ATTENTION
Task: {3A9E3F37-80F4-42D4-A3E6-E30B01C88CBC} - System32\Tasks\QJNFZ => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {44EDDB37-3DE1-4AB9-B7E1-50A14FAA612D} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {4E6AEC89-1052-47AB-9C9C-B60C5D7F4AE3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {53C5C98E-4321-41D9-A1A6-99C9F5F2CAF5} - System32\Tasks\WCKWKBCMYC => C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5\467e8f03c4a04721aa58bd9681d15af5.exe <==== ATTENTION
Task: {5889646F-9482-48C8-B77B-5813CC0704D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {5A7A7455-386A-4F95-AA74-D2E2DE76C5E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
Task: {656CDEAE-4290-4DC0-8A62-B9E2C8DA5D11} - System32\Tasks\wS36FQNEHgSN9J2IC => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
Task: {7B493694-2B58-4250-B223-C155AA8663E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-04] (Adobe Systems Incorporated)
Task: {8F9D0A83-347E-445D-A3B8-D3C094CBE5FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {95B45C8B-C09C-4458-91DD-C9782440B325} - \SMWUpd -> No File <==== ATTENTION
Task: {97362E58-F55C-41F5-A01E-32F18209A5BB} - \SPDriver -> No File <==== ATTENTION
Task: {9F5C2421-026A-4681-876E-9A7764A565DD} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {A091371A-5776-4F97-B151-3B8892CCECF6} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-10_user -> No File <==== ATTENTION
Task: {A0FD59E2-2723-44B3-BBE2-E54BA0826296} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {AC984DE2-AB48-466F-B147-C4E17ADDE236} - \SPBIW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: {C537D4DF-E5A0-41EE-BAAE-A87FE0E79935} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-1-7 -> No File <==== ATTENTION
Task: {C82517A4-7D3F-4C24-B83C-6B4A2CA66EC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {CA6B1696-F5DF-4E92-8096-A3AAFE1E255D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {CE835B64-FE82-4BAE-9347-6B9AAF60AE1B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D8ED3C47-A76A-4893-8726-AFDB05560AFD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E31B058C-3557-4795-8FEA-3AEF1869957A} - \ShopperPro -> No File <==== ATTENTION
Task: {E6489B51-2EF3-4F07-917B-C7882E74FBFD} - System32\Tasks\{8055EAE2-E840-48EF-9793-CBE2BF9E7334} => pcalua.exe -a "C:\Overflow\SCHOOLDAYS HQ\SCHOOLDAYS HQ.exe" -d "C:\Overflow\SCHOOLDAYS HQ"
Task: {EB2BE4AE-F77D-44CE-B4A1-7558A7302182} - \SMW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: {F2279521-BC6D-4F54-848C-5DA5A3B91B21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII\FF7 OpenGL Config File.lnk -> C:\Program Files (x86)\Square Enix\FINAL FANTASY VII\OpenGLconfig.bat (No File) <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2013-08-23 03:08 - 2013-08-23 03:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-08-23 03:13 - 2013-08-23 03:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-08-23 03:09 - 2013-08-23 03:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-08-23 03:07 - 2013-08-23 03:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-08-23 03:20 - 2013-08-23 03:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-08-23 03:12 - 2013-08-23 03:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-05 23:30 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 23:10 - 2013-08-09 07:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-20 21:11 - 2015-03-20 20:59 - 00107520 ____R () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
2015-12-04 20:47 - 2015-11-24 03:00 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\ws_Atlantica_Online_Game_2560x1600.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AAF49C53-353E-4E4D-AD34-0E9F72C21687}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F153C1C2-A6CD-4342-9447-DE30FD45BC01}] => (Allow) LPort=2869
FirewallRules: [{A73D159F-7666-45D0-B858-E77BE7A01E0E}] => (Allow) LPort=1900
FirewallRules: [{01B5EFDA-F355-432B-9D1D-3D6ECF272273}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{81CA1FA1-DA64-4BD7-AB59-C5C9D339A760}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{F22E2671-FC7F-4DF9-A5E5-2DEED8114EEF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6D6319E2-8DE0-4437-B4AA-BA83E6F48C55}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{7B8B94A8-7C24-4B24-84C7-55709EC52CC2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{71747173-9353-4D98-BB0F-E9D5FC64F4DE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{09696DC4-92BA-4C45-9DD6-12BD1ABA837D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0F41DF53-B690-476D-A766-F836E9183B5B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4066356D-C37E-4880-AF80-946A3D2E193C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{791CF8CD-AFB4-4119-9ED3-51CE61165A43}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C030036E-A825-4D64-B112-7C32CCD52003}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{ED8D57DC-B620-4379-9CB5-C54CF097088E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7B239F45-68B5-4266-B70B-DE83ED0FA885}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B859BC76-9F68-4F63-BD13-F908E82049BF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7486DA3F-2F49-4FD0-B4BF-018F58BC8621}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EC655D57-9D98-48BE-80A7-5A6AF200796D}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{EE00E569-92D1-4534-8CAA-9E9C4AB2125D}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{7C07EB9B-F487-4976-AD4F-9D356C69F511}] => (Allow) C:\Users\User\AppData\Local\Temp\nsm2E3E.tmp\CnetInstaller-10620931.exe
FirewallRules: [{905C22A9-AF28-4155-8E91-34B922EDA1D4}] => (Allow) C:\Users\User\AppData\Local\Temp\nsm2E3E.tmp\CnetInstaller-10620931.exe
FirewallRules: [TCP Query User{396A4AF9-3C1A-4624-B4C8-D418624B60A0}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{DA67383B-6300-4973-97F4-232EBEEB91F0}C:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{036F52EE-0CF0-4645-8961-C24083217EC8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{67D89F84-0827-41CB-AD42-66B3C48953BE}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{6110A5A4-FBC5-4AA8-A86E-EB86BB394F7B}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{EC5D3919-6352-4216-AD4A-816965F53A06}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{688BBB51-EFA0-49E4-9F3C-40439008021D}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EFE49864-2DAE-400A-B763-2B69B0F7813F}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{901E93C3-358E-453E-9EDD-488048880E7B}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{87CA11D8-8589-4353-987C-005E845BE573}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{37D72506-1AE4-4A05-ADC2-4C6AC763BECB}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{733A6838-E761-4175-A5A7-3857EE23019A}C:\gamekiss\freestyle2\freestyle2.exe] => (Allow) C:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{7EF10272-91C6-408E-B70A-DA910BF71517}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{051B6CDD-41B0-4CD2-93D1-E936D3F4CBAE}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{ECCC08BA-B110-44A7-B6F1-4ACC49893B39}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{035E0A5A-8187-4525-8F1F-C21A59E84149}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{BCFFBBD3-CC7E-4293-91AD-941018EC13CB}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{0597C00C-5B29-4E32-854E-AD0878D240A2}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA7F471B-E7EC-4466-B249-81866ED5B083}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E5F7058-524D-4C40-9167-A3475033D8AD}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3920D332-B1D3-45C0-9261-7905C476B2BC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6E36A9C-A6A8-4983-B4F0-8A0DDAADD58E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D5719D4A-CB3D-4551-A011-0D063C6128FB}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{038B64AE-041D-4AC7-AB8B-EE98A1B4A76D}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [UDP Query User{E2C7577A-E6C0-464B-90A6-5D1CC36FB7CF}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [{B1AE1EE2-B0CC-416A-8FF7-F7F6A1DFF371}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{8CC3D97B-2C30-454B-B243-66ADF51998E1}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{B545D465-0D68-4656-98D2-67201A3B9DF7}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{799C0307-5B6C-48A5-9521-FEF997C99494}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{4B5DE9F6-E0E3-464E-92ED-7F11A90022CD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{D837D76E-5886-4A88-BFFE-9D988E6BC5A1}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{32025F12-D4E3-4BA1-A64D-3E1DD90ABC74}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{6C783C03-FC89-4B78-BC5D-0964B6F554D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB38F287-7BC1-41EA-8E44-2B376E72C73A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FC2D7C9-3275-4D9D-B7C7-AD11C33A449A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D331AD93-3E41-4126-AF69-C89E37FB7A50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{56472C60-3FE0-40F5-9E41-96D46B83816C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/05/2015 11:22:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x870
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
Error: (12/05/2015 11:09:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/04/2015 10:56:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x13d0
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
Error: (12/04/2015 10:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 024777~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x62c
Faulting application start time: 0x024777~1.EXE0
Faulting application path: 024777~1.EXE1
Faulting module path: 024777~1.EXE2
Report Id: 024777~1.EXE3
Faulting package full name: 024777~1.EXE4
Faulting package-relative application ID: 024777~1.EXE5
Error: (12/04/2015 09:25:26 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (12/04/2015 09:22:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0xd20
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
Error: (12/04/2015 07:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x1f0c
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
Error: (12/04/2015 06:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tales of Zestiria.exe, version: 0.0.0.0, time stamp: 0x5624c709
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000409
Fault offset: 0x00019fa4
Faulting process id: 0x834
Faulting application start time: 0xTales of Zestiria.exe0
Faulting application path: Tales of Zestiria.exe1
Faulting module path: Tales of Zestiria.exe2
Report Id: Tales of Zestiria.exe3
Faulting package full name: Tales of Zestiria.exe4
Faulting package-relative application ID: Tales of Zestiria.exe5
Error: (12/04/2015 03:51:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x5b0
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
Error: (12/04/2015 03:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AwesomiumProcess.exe, version: 1.6.2.0, time stamp: 0x4e38556e
Faulting module name: Awesomium.dll, version: 1.6.2.0, time stamp: 0x4e38556b
Exception code: 0xc0000005
Fault offset: 0x0007b74e
Faulting process id: 0x7c4
Faulting application start time: 0xAwesomiumProcess.exe0
Faulting application path: AwesomiumProcess.exe1
Faulting module path: AwesomiumProcess.exe2
Report Id: AwesomiumProcess.exe3
Faulting package full name: AwesomiumProcess.exe4
Faulting package-relative application ID: AwesomiumProcess.exe5
System errors:
=============
Error: (12/04/2015 10:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0247771426341785) service terminated unexpectedly. It has done this 1 time(s).
Error: (12/04/2015 10:26:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2
Error: (12/04/2015 10:26:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error:
%%2
Error: (12/04/2015 06:12:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
Error: (12/04/2015 06:12:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
Error: (12/04/2015 06:11:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
Error: (12/04/2015 06:11:03 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (12/04/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053
Error: (12/04/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (12/04/2015 05:53:45 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
CodeIntegrity:
===================================
Date: 2015-12-04 22:34:43.850
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:34:43.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:34:43.178
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:34:42.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:32:06.384
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:32:06.074
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:31:54.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:31:54.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:31:53.924
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-04 22:31:53.596
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 6059.57 MB
Available physical RAM: 3904.62 MB
Total Virtual: 7019.57 MB
Available Virtual: 4943.27 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:676.79 GB) (Free:192.01 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.07 GB) (Free:2.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Sims3EP07) (CDROM) (Total:3.32 GB) (Free:0 GB) UDF
Drive g: (MADDEN_NFL_08) (CDROM) (Total:2.11 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 24E7A700)
Partition: GPT.
==================== End of Addition.txt ============================
Please help me out
Thanks!