Jump to content

Can't Remove PUP.Optional.Conduit.A


Recommended Posts

I have tried many ways of removing this but every time I run a MWB scan it comes up again.

 

Here are the FRST logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Sammy (administrator) on SAMMY-PC on 17-08-2014 09:56:13
Running from C:\Users\Sammy\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.ShieldRunner.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.SoftShield.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Sammy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1569536 2014-08-07] (Bitdefender)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [useDefaultTile] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Run: [Google Update] => C:\Users\Sammy\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-02] (Google Inc.)
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Run: [Facebook Update] => C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Run: [GoogleChromeAutoLaunch_DC8A473C49099831CD49ED6DE0804F7C] => C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-07-30] (Raptr, Inc)
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [814064 2014-08-07] (Bitdefender)
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\MountPoints2: F - F:\Madden08.exe
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\MountPoints2: {6cb071e5-a3d1-11e3-a4cb-5891cf015193} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-677779052-4032166459-3184941320-1001\...\MountPoints2: {c69cf41e-c612-11e0-9a60-2c27d7aa501d} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x62D0AB354EB7CF01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0249ED44-B640-45BD-8066-17F81BFDC050} http://streaming.med.touro.edu/STREAMPLAYER1.cab
DPF: HKLM-x32 {5459BAF4-09A9-422A-AB5C-5F114A7287B5} http://streaming.med.touro.edu/VBPLAYER.cab
DPF: HKLM-x32 {85887165-031A-4297-BC4E-6B246C120B9C} http://streaming.med.touro.edu/STREAMPLAYER4.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {F50B3F13-19C4-11CF-AA9A-02608C9BABA2} http://streaming.med.touro.edu/STREAMPLAYER2.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{6629EE91-7D14-42B1-A8C9-E5A6FD9F99AD}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{67E7EFE6-7481-4E31-8A48-C6316896787F}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{6AFC3C5E-FDFE-4DA9-996A-14F72296B0D7}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{7B5A11B6-5B7C-44E0-98F5-9148EB3CB3DD}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{804B2FCC-DCA4-4D92-96FE-10AAA52055C9}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{918DCED6-8655-49DE-ADD4-D0305BD9C54C}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{A7A6556E-065F-40CE-9DB2-0D2F732E4D93}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{ADF87117-943C-44EF-B7A2-C5EE4E1ADF26}: [NameServer]184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{F5875810-3363-4BD3-81BB-47B0F4B9A719}: [NameServer]184.172.114.130,208.43.110.90
 
FireFox:
========
FF ProfilePath: C:\Users\Sammy\AppData\Roaming\Mozilla\Firefox\Profiles\ru10kkh3.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sammy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Sammy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sammy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sammy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sammy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\Sammy\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvbwmplayer.dll (VBrick Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sammy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sammy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Sammy\AppData\Roaming\Mozilla\Firefox\Profiles\ru10kkh3.default\searchplugins\bing-avast.xml
FF Extension: ZoneAlarm Do Not Track - C:\Users\Sammy\AppData\Roaming\Mozilla\Firefox\Profiles\ru10kkh3.default\Extensions\donottrack@checkpoint.com [2013-06-21]
FF Extension: Buffer for Firefox - C:\Users\Sammy\AppData\Roaming\Mozilla\Firefox\Profiles\ru10kkh3.default\Extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi [2013-07-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-08-07]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-08-07]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKCU\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8E156F72-7833-4CA7-A494-E6D968665558&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8E156F72-7833-4CA7-A494-E6D968665558&SSPV=", "hxxp://mysearch.avg.com/?cid={25425A3D-8F62-4F39-8F1D-0CCB26F39384}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=ag011&pr=sa&d=2013-05-02%2014:39:59&v=15.1.0.2&pid=safeguard&sg=1&sap=hp", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=e52798aa6a944c34a5447d80b5716245&tu=11JL0008f2B000s&sku=&tstsId=&ver=&", "hxxp://mysearch.avg.com/?cid={25425A3D-8F62-4F39-8F1D-0CCB26F39384}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=ag011&pr=sa&d=2013-05-02%2014:39:59&v=15.3.0.11&pid=safeguard&sg=41&sap=hp", "hxxp://search.conduit.com/?ctid=CT3315010&SearchSource=48&CUI=UN38955638111954827&UM=2", "", "hxxp://mysearch.avg.com?cid={A43DC320-6259-4916-B391-37345B3B25AD}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=av013&coid=avgtbdisav&cmpid=&pr=sa&d=2014-07-09 10:17:22&v=18.1.8.643&pid=safeguard&sg=&sap=hp", "hxxp://www.msn.com/?pc=AV01"
CHR Extension: (Google Drive) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-13]
CHR Extension: (Google Cast) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-29]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-06-25]
CHR Extension: (WGT Golf Challenge) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2014-04-29]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2014-07-19]
CHR Extension: (Bitdefender Wallet) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-08-08]
CHR Extension: (Pandora) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-04-29]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-07-06]
CHR Extension: (Little Alchemy) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-07-06]
CHR Extension: (Google Play) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-07-06]
CHR Extension: (Skype Click to Call) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-13]
CHR Extension: (AwardWallet) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppkddfmnlpjbojooindbmcokchjgbib [2014-04-29]
CHR Extension: (Google Wallet) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Sammy\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-06-06] (Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-07-22] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-13] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-14] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SoftShieldService; C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.ShieldRunner.exe [33600 2013-06-11] (Hewlett-Packard)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-06-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-08-07] (Bitdefender)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-06-29] (WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-06-29] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-06-29] (Western Digital )
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S3 ALSysIO; \??\C:\Users\Sammy\AppData\Local\Temp\ALSysIO64.sys [X]
U3 AppMgmt; 
U2 CscService; 
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 PeerDistSvc; 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 09:56 - 2014-08-17 09:56 - 00036985 _____ () C:\Users\Sammy\Downloads\FRST.txt
2014-08-17 09:56 - 2014-08-17 09:56 - 00000000 ____D () C:\FRST
2014-08-17 09:55 - 2014-08-17 09:55 - 02101760 _____ (Farbar) C:\Users\Sammy\Downloads\FRST64.exe
2014-08-13 16:58 - 2014-08-13 16:58 - 00003516 _____ () C:\Windows\system32\.crusader
2014-08-13 16:40 - 2014-08-13 16:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-13 16:40 - 2014-08-13 16:40 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-13 16:40 - 2014-08-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-13 16:40 - 2014-08-13 16:40 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-13 16:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 16:27 - 2014-08-16 22:14 - 00000000 ____D () C:\AdwCleaner
2014-08-13 16:21 - 2014-08-16 22:18 - 00000336 _____ () C:\Windows\setupact.log
2014-08-13 16:21 - 2014-08-13 16:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:18 - 2014-08-16 22:16 - 00029870 _____ () C:\Windows\PFRO.log
2014-08-13 15:36 - 2014-08-16 23:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 15:36 - 2014-08-13 15:36 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 15:36 - 2014-08-13 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 15:35 - 2014-08-13 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-13 15:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 15:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 15:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 15:29 - 2014-08-13 15:29 - 00135452 _____ () C:\Users\Sammy\Desktop\cc_20140813_152943.reg
2014-08-13 15:27 - 2014-08-13 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-13 15:27 - 2014-08-13 15:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-13 15:26 - 2014-08-13 15:26 - 00000000 ____D () C:\Users\Sammy\Desktop\CCleaner 4.16.4763 Business_Professional_Technician Edition RePack (& Portable) by D!akov
2014-08-12 12:03 - 2014-08-12 12:03 - 00000000 ____D () C:\Users\Sammy\AppData\Local\Skype
2014-08-12 12:02 - 2014-08-12 13:20 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Skype
2014-08-12 12:02 - 2014-08-12 12:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 12:02 - 2014-08-12 12:02 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 12:02 - 2014-08-12 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 12:10 - 2014-08-10 14:45 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\Documents\Coolmuster files
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\Documents\Coolmuster
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\libimobiledevice
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Coolmuster
2014-08-09 22:38 - 2014-08-09 22:38 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-09 22:38 - 2014-08-09 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-09 22:36 - 2014-08-09 22:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-09 22:36 - 2014-08-09 22:38 - 00000000 ____D () C:\Program Files\iTunes
2014-08-09 22:36 - 2014-08-09 22:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 22:36 - 2014-08-09 22:36 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 22:56 - 2014-08-07 22:56 - 00656187 _____ () C:\ProgramData\1407465841.bdinstall.bin
2014-08-07 22:53 - 2014-08-07 22:53 - 00000684 ____H () C:\bdr-cf01
2014-08-07 22:52 - 2014-08-07 22:52 - 00002122 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-08-07 22:52 - 2014-08-07 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-08-07 22:51 - 2013-12-02 12:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-07 22:51 - 2013-12-02 12:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-07 22:51 - 2013-11-13 16:41 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2014-08-07 22:51 - 2013-11-04 16:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-08-07 22:51 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-08-07 22:50 - 2014-08-07 22:58 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Bitdefender
2014-08-07 22:50 - 2014-08-07 22:53 - 00253404 ____H () C:\bdr-ld01
2014-08-07 22:50 - 2014-08-07 22:53 - 00009216 ____H () C:\bdr-ld01.mbr
2014-08-07 22:50 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2014-08-07 22:50 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2014-08-07 22:45 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-08-07 22:44 - 2013-08-07 13:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-07 22:37 - 2014-08-07 22:37 - 00235241 _____ () C:\ProgramData\1407465125.bdinstall.bin
2014-08-07 13:38 - 2014-08-07 13:38 - 00000000 ____D () C:\Users\Sammy\AppData\Local\Adobe
2014-07-31 20:55 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 20:55 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 20:55 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 20:55 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 20:55 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 20:55 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 20:55 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 20:55 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 20:55 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 20:55 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 20:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 20:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 20:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 20:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 16:02 - 2014-07-30 16:13 - 00000000 ____D () C:\Program Files (x86)\Bluestacks
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\Windows\system32\vcomp120.dll
2014-07-18 13:53 - 2014-07-18 13:53 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-07-18 13:35 - 2014-08-12 10:33 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Audacity
2014-07-18 13:35 - 2014-07-18 13:35 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-07-18 13:34 - 2014-07-18 13:35 - 00000000 ____D () C:\Program Files (x86)\Audacity
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 09:56 - 2014-08-17 09:56 - 00036985 _____ () C:\Users\Sammy\Downloads\FRST.txt
2014-08-17 09:56 - 2014-08-17 09:56 - 00000000 ____D () C:\FRST
2014-08-17 09:55 - 2014-08-17 09:55 - 02101760 _____ (Farbar) C:\Users\Sammy\Downloads\FRST64.exe
2014-08-17 09:51 - 2011-06-02 20:15 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{563EE6BA-4F6A-4BA3-B518-B7992219E38B}
2014-08-17 09:32 - 2014-05-05 18:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf68b136b0a294.job
2014-08-17 09:25 - 2011-08-17 09:05 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 09:09 - 2012-01-30 19:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 09:06 - 2011-06-02 20:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001UA.job
2014-08-17 08:51 - 2012-07-10 17:28 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001UA.job
2014-08-17 06:22 - 2014-02-14 12:17 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Raptr
2014-08-17 03:06 - 2011-06-02 20:16 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001Core.job
2014-08-17 02:47 - 2011-06-02 22:31 - 01330029 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 00:32 - 2014-05-05 18:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf68b1330f2b47.job
2014-08-16 23:04 - 2014-08-13 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 22:35 - 2013-09-16 09:04 - 00000433 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-16 22:30 - 2012-09-23 16:30 - 00000000 ___RD () C:\Users\Sammy\Google Drive
2014-08-16 22:28 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 22:28 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 22:23 - 2012-08-08 21:04 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-16 22:21 - 2011-08-17 09:05 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 22:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 22:18 - 2014-08-13 16:21 - 00000336 _____ () C:\Windows\setupact.log
2014-08-16 22:16 - 2014-08-13 16:18 - 00029870 _____ () C:\Windows\PFRO.log
2014-08-16 22:14 - 2014-08-13 16:27 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:14 - 2012-05-20 16:55 - 00000000 ____D () C:\Users\Sammy\AppData\Local\CRE
2014-08-16 17:51 - 2012-07-10 17:28 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001Core.job
2014-08-16 01:29 - 2012-09-23 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-15 16:09 - 2011-06-03 13:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-14 19:57 - 2012-02-23 20:11 - 00000687 _____ () C:\Users\Sammy\Desktop\PW.txt
2014-08-14 08:39 - 2011-08-08 16:04 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\stickies
2014-08-14 08:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech
2014-08-13 20:02 - 2009-07-14 01:13 - 00786582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 16:58 - 2014-08-13 16:58 - 00003516 _____ () C:\Windows\system32\.crusader
2014-08-13 16:58 - 2014-08-13 16:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-13 16:40 - 2014-08-13 16:40 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-13 16:40 - 2014-08-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-13 16:40 - 2014-08-13 16:40 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-13 16:30 - 2013-06-21 18:30 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\CheckPoint
2014-08-13 16:30 - 2011-06-02 20:11 - 00000000 ____D () C:\Users\Sammy
2014-08-13 16:21 - 2014-08-13 16:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 16:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-08-13 15:38 - 2011-06-03 08:56 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\uTorrent
2014-08-13 15:36 - 2014-08-13 15:36 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 15:36 - 2014-08-13 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 15:36 - 2014-08-13 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-13 15:35 - 2011-06-03 08:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 15:32 - 2014-01-03 09:33 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\TS3Client
2014-08-13 15:32 - 2011-10-30 08:15 - 00001086 _____ () C:\Users\Public\Desktop\Firefox.lnk
2014-08-13 15:32 - 2011-10-30 08:15 - 00001086 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 15:32 - 2011-08-09 09:50 - 00001401 _____ () C:\Users\Sammy\Desktop\Internet Explorer.lnk
2014-08-13 15:32 - 2011-06-02 20:16 - 00001683 _____ () C:\Users\Sammy\Desktop\Chrome.lnk
2014-08-13 15:31 - 2011-06-03 13:47 - 00000000 ____D () C:\Users\Sammy\AppData\Local\CrashDumps
2014-08-13 15:29 - 2014-08-13 15:29 - 00135452 _____ () C:\Users\Sammy\Desktop\cc_20140813_152943.reg
2014-08-13 15:27 - 2014-08-13 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-13 15:27 - 2014-08-13 15:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-13 15:26 - 2014-08-13 15:26 - 00000000 ____D () C:\Users\Sammy\Desktop\CCleaner 4.16.4763 Business_Professional_Technician Edition RePack (& Portable) by D!akov
2014-08-13 10:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-12 13:20 - 2014-08-12 12:02 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Skype
2014-08-12 12:05 - 2014-08-12 12:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 12:03 - 2014-08-12 12:03 - 00000000 ____D () C:\Users\Sammy\AppData\Local\Skype
2014-08-12 12:02 - 2014-08-12 12:02 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 12:02 - 2014-08-12 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 12:02 - 2011-06-03 08:52 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 10:33 - 2014-07-18 13:35 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Audacity
2014-08-12 10:32 - 2013-10-25 14:02 - 00000000 ____D () C:\Users\Sammy\Desktop\Sounds
2014-08-11 23:32 - 2011-11-28 14:45 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-11 23:32 - 2011-11-03 09:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-11 12:49 - 2012-05-01 08:00 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\vlc
2014-08-11 10:21 - 2014-03-17 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 14:45 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\Documents\Coolmuster files
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\Documents\Coolmuster
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\libimobiledevice
2014-08-10 12:10 - 2014-08-10 12:10 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Coolmuster
2014-08-09 22:38 - 2014-08-09 22:38 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-09 22:38 - 2014-08-09 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-09 22:38 - 2014-08-09 22:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-09 22:38 - 2014-08-09 22:36 - 00000000 ____D () C:\Program Files\iTunes
2014-08-09 22:38 - 2014-08-09 22:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 22:36 - 2014-08-09 22:36 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 23:24 - 2013-11-13 21:11 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-07 23:00 - 2014-06-22 12:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 23:00 - 2012-03-21 12:45 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:00 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-08-07 22:58 - 2014-08-07 22:50 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Bitdefender
2014-08-07 22:56 - 2014-08-07 22:56 - 00656187 _____ () C:\ProgramData\1407465841.bdinstall.bin
2014-08-07 22:56 - 2013-08-18 10:37 - 00000000 ____D () C:\ProgramData\BDLogging
2014-08-07 22:53 - 2014-08-07 22:53 - 00000684 ____H () C:\bdr-cf01
2014-08-07 22:53 - 2014-08-07 22:50 - 00253404 ____H () C:\bdr-ld01
2014-08-07 22:53 - 2014-08-07 22:50 - 00009216 ____H () C:\bdr-ld01.mbr
2014-08-07 22:53 - 2013-08-18 10:33 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-08-07 22:52 - 2014-08-07 22:52 - 00002122 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-08-07 22:52 - 2014-08-07 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-08-07 22:50 - 2013-08-18 10:33 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-07 22:45 - 2013-08-18 10:32 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-08-07 22:37 - 2014-08-07 22:37 - 00235241 _____ () C:\ProgramData\1407465125.bdinstall.bin
2014-08-07 22:37 - 2011-07-04 16:04 - 00000000 ___RD () C:\Users\Sammy\Dropbox
2014-08-07 13:38 - 2014-08-07 13:38 - 00000000 ____D () C:\Users\Sammy\AppData\Local\Adobe
2014-08-07 13:34 - 2011-06-05 16:49 - 00000000 ____D () C:\Users\Sammy\Desktop\TOUROCOM
2014-08-07 12:55 - 2011-07-04 16:03 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Dropbox
2014-08-06 22:05 - 2011-06-30 13:41 - 00000000 ____D () C:\Users\Sammy\Documents\Youcam
2014-08-02 21:50 - 2014-02-14 12:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-01 10:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-31 23:41 - 2011-06-02 20:28 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-30 16:13 - 2014-07-30 16:02 - 00000000 ____D () C:\Program Files (x86)\Bluestacks
2014-07-30 16:13 - 2014-06-22 08:56 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-28 17:03 - 2012-05-11 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 17:03 - 2012-05-11 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 13:54 - 2013-04-29 22:13 - 00000000 ____D () C:\temp
2014-07-27 09:33 - 2011-07-04 16:04 - 00000000 ____D () C:\Users\Sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 15:51 - 2011-07-10 23:54 - 00000000 ____D () C:\Users\Sammy\AppData\Local\Paint.NET
2014-07-24 15:43 - 2011-06-02 22:46 - 00000000 ____D () C:\ProgramData\Temp
2014-07-24 03:01 - 2012-05-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 20:07 - 2012-05-23 08:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 17:03 - 2011-07-10 23:55 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-07-23 17:03 - 2011-07-10 23:54 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-23 17:02 - 2014-06-24 20:16 - 00001780 _____ () C:\Users\Sammy\Desktop\PeerBlock.lnk
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\Windows\system32\vcomp120.dll
2014-07-21 15:17 - 2012-08-05 09:18 - 00000000 ____D () C:\Users\Sammy\AppData\Local\ArmA 2 OA
2014-07-18 13:53 - 2014-07-18 13:53 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-07-18 13:35 - 2014-07-18 13:35 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-07-18 13:35 - 2014-07-18 13:34 - 00000000 ____D () C:\Program Files (x86)\Audacity
 
Some content of TEMP:
====================
C:\Users\Sammy\AppData\Local\Temp\pslist.exe
C:\Users\Sammy\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 01:35
 
==================== End Of Log ============================
 
Link to post
Share on other sites

here is the addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Sammy at 2014-08-17 09:57:16
Running from C:\Users\Sammy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuthenTec TrueAPI (Version: 1.2.1.39 - AuthenTec, Inc.) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version:  - )
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.2714 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3.2714 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{0128D231-B23B-409C-A531-39D8D8774BA1}) (Version: 4.1.5.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ICP 9.0 (HKLM\...\ICP install2_is1) (Version:  - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
MLB 2K12 (HKLM-x32\...\Steam App 207060) (Version:  - 2K Sports)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Optimum (HKCU\...\1928463762.optimumapp.iptv.optimum.net) (Version:  - optimumapp.iptv.optimum.net)
Optimum App for Laptop 1.56 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 1.56 - Cablevision)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.9 - Pando Networks Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SofTest 11.0 (HKLM-x32\...\{A0979256-E9CE-41B1-982F-2EFDDDD1BEC5}) (Version: 1.0.0 - ExamSoft)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stickies 7.1a (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Validity WBF DDK (HKLM\...\{7C54D017-21BB-43AE-9746-33E78AF4A425}) (Version: 4.3.118.0 - Validity Sensors, Inc.)
VBWMPlayerMoz (HKLM-x32\...\InstallShield_{9AB15E07-BA26-4535-B7D9-95EEBDAD93F7}) (Version: 5.4.2.3 - VBrick Systems Inc.)
VBWMPlayerMoz (x32 Version: 5.4.2.3 - VBrick Systems Inc.) Hidden
VIBROS (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0006 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{5ED9FDE9-E24B-4AB3-9D6B-1303F0696BA8}) (Version: 1.5.0 - Western Digital)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare DVD Creator(Build 2.6.5) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version:  - Wondershare)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sammy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sammy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-677779052-4032166459-3184941320-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sammy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-08-2014 20:57:35 Checkpoint by HitmanPro
13-08-2014 20:58:33 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-07-12 22:24 - 2011-07-12 22:25 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {072D9EBC-3BDD-48BC-BE95-7FA9E85B1B51} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {153A9421-8F7A-4C53-9F9A-F24EF2CC4CD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17] (Google Inc.)
Task: {233B92FA-3406-4773-A9C8-7C877C0B4A14} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001UA => C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {24A2425E-B034-42BF-AF62-37336ECCA55C} - System32\Tasks\{9B42198F-60FF-481F-9A44-7DF40769E7D6} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.59.124&LastError=12007
Task: {2C5C4F69-FCDC-4F4C-9EBA-37AD0043866A} - System32\Tasks\{C83A9500-D5C6-413B-8FBC-02CD20A59E25} => Chrome.exe http://www.skype.com/go/downloading-beta?source=lightinstaller&ver=5.7.0.123&LastError=12029
Task: {49CD3C88-BFFE-4DD7-9EED-0C9EC2447A31} - System32\Tasks\{C40426AF-E1B1-4C2C-A540-603DB6FC05B9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {4EFF7A76-376C-425D-871C-6B09B33CDD62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {51183700-2A7F-4A6C-B66F-D8CE870EE23F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-08-08] ()
Task: {54A261BE-FBA4-46F3-83C3-39E984357694} - System32\Tasks\GoogleUpdateTaskMachineCore1cf68b1330f2b47 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17] (Google Inc.)
Task: {5507575E-93C7-4B7C-BF51-069A73DA1BBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {59FB8523-FA95-4AEE-8963-15561701B80D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {64D6B1B2-BFC9-46EF-BD54-B2A3B231BC75} - System32\Tasks\{7C9828BF-36DC-4946-83FC-8B1750470358} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.59.124&LastError=12029
Task: {70BBC38A-943D-4883-961E-A053D5F79953} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001Core => C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {741BB793-1364-4998-BB7B-25A7F90208B8} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {81E9B11D-9426-4201-B39F-E7D8C8A0A125} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001UA => C:\Users\Sammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02] (Google Inc.)
Task: {8574D19B-646A-4CC8-BE72-3E99A5B56C20} - System32\Tasks\{1CC6C1B6-818E-4A5D-BA5E-167288B1FFB7} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.59.124&LastError=12029
Task: {9BF1FCA0-A7FA-4D2C-BBDD-252985B240AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A2D8B159-52BE-4BB7-93EE-5D4D006A12DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17] (Google Inc.)
Task: {AF1EE682-231E-4FD5-B176-3BFCF62C812C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf68b136b0a294 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17] (Google Inc.)
Task: {B0E84792-F127-43B0-859E-E3F4D06D9B9D} - System32\Tasks\{338085EB-1D08-415C-8E1D-0DD950421AFF} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.59.124&LastError=12029
Task: {C6B67805-5476-4AF1-AAB0-C7D5F5F30CE3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001Core => C:\Users\Sammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02] (Google Inc.)
Task: {CAF6AE70-7F86-4B71-ACD8-F2B4857594B7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {DC601364-9428-4A30-A646-C0A2EDF268D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {F8C2A809-1B68-4D7E-BE23-50B67ADE54BB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001Core.job => C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001UA.job => C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf68b1330f2b47.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf68b136b0a294.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001Core.job => C:\Users\Sammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677779052-4032166459-3184941320-1001UA.job => C:\Users\Sammy\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-07 22:51 - 2014-06-06 15:11 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-08-07 22:51 - 2014-07-11 17:30 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-08-07 22:51 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2014-08-07 22:58 - 2014-08-07 22:58 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-08-07 22:58 - 2014-08-07 22:58 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-08-07 22:58 - 2014-08-07 22:58 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-08-07 22:58 - 2014-08-07 22:58 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-14 22:52 - 2013-12-14 22:53 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-11-02 08:33 - 2010-11-02 08:33 - 01083392 _____ () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2014-08-07 22:51 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2011-06-05 12:26 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-02 22:35 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-20 15:53 - 2012-06-20 15:53 - 00904704 _____ () C:\Program Files (x86)\ExamSoft\SofTest 11.0\System.Data.SQLite.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-08 16:04 - 2011-08-08 16:04 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-08-14 15:08 - 2014-08-06 23:20 - 00718152 _____ () C:\Users\Sammy\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-14 15:08 - 2014-08-06 23:20 - 00126280 _____ () C:\Users\Sammy\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-08-16 22:21 - 2014-08-16 22:21 - 00098816 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32api.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00110080 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\pywintypes27.dll
2014-08-16 22:21 - 2014-08-16 22:21 - 00364544 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\pythoncom27.dll
2014-08-16 22:21 - 2014-08-16 22:21 - 00045568 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\_socket.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 01160704 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\_ssl.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00320512 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32com.shell.shell.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00713216 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\_hashlib.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 01175040 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._core_.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00805888 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._gdi_.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00811008 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._windows_.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 01062400 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._controls_.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00735232 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._misc_.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00128512 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\_elementtree.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00127488 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\pyexpat.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00557056 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\pysqlite2._sqlite.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00007168 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\hashobjs_ext.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00087552 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\_ctypes.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00119808 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32file.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00108544 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32security.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00018432 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32event.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00038912 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32inet.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00070656 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._html2.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00167936 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32gui.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00011264 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32crypt.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00027136 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\_multiprocessing.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00686080 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\unicodedata.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00122368 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._wizard.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00010240 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\select.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00024064 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32pipe.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00025600 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32pdh.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00525640 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\windows._lib_cacheinvalidation.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00035840 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32process.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00017408 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32profile.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00022528 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\win32ts.pyd
2014-08-16 22:21 - 2014-08-16 22:21 - 00078336 _____ () C:\Users\Sammy\AppData\Local\Temp\_MEI39882\wx._animate.pyd
2014-02-13 10:12 - 2014-02-13 10:12 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-06-02 22:35 - 2011-01-12 21:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-14 15:08 - 2014-08-06 23:20 - 08537928 _____ () C:\Users\Sammy\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 15:08 - 2014-08-06 23:20 - 00353096 _____ () C:\Users\Sammy\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 15:08 - 2014-08-06 23:20 - 01732936 _____ () C:\Users\Sammy\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-14 15:08 - 2014-08-06 23:20 - 14669128 _____ () C:\Users\Sammy\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Sammy\Downloads\FRST64.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/16/2014 10:20:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2014 08:39:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 07:39:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 05:02:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002a8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000230EC70.72).  hr = 0x80070005, Access is denied.
.
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ad8,(null),0,REG_BINARY,0000000003C0E070.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {35b564e8-7579-4363-a8ba-b2770d550d7a}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000370,(null),0,REG_BINARY,00000000076DE2B0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7b1d8488-aa86-4ba7-83a7-2156dad1640c}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000210,(null),0,REG_BINARY,000000000227E7B0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {888d42f7-eb70-4d75-90d3-73988bdc49a3}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008f4,(null),0,REG_BINARY,0000000002DFDF30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {75e1dfda-2231-4fca-bdee-98acaf265a8f}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d4,(null),0,REG_BINARY,0000000001C8EA50.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {f16ac551-a950-43ff-bb23-019107e38011}
 
 
System errors:
=============
Error: (08/16/2014 10:21:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/16/2014 10:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error: 
%%1058
 
Error: (08/16/2014 10:18:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.
 
Error: (08/14/2014 08:39:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error: 
%%1058
 
Error: (08/14/2014 08:39:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ExamsoftSoftShield service failed to start due to the following error: 
%%1053
 
Error: (08/14/2014 08:39:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ExamsoftSoftShield service to connect.
 
Error: (08/14/2014 08:39:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/14/2014 08:37:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.
 
Error: (08/13/2014 07:40:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/13/2014 07:39:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (08/16/2014 10:20:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2014 08:39:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 07:39:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 05:02:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002a8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000230EC70.72)0x80070005, Access is denied.
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000ad8,(null),0,REG_BINARY,0000000003C0E070.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {35b564e8-7579-4363-a8ba-b2770d550d7a}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000370,(null),0,REG_BINARY,00000000076DE2B0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7b1d8488-aa86-4ba7-83a7-2156dad1640c}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000210,(null),0,REG_BINARY,000000000227E7B0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {888d42f7-eb70-4d75-90d3-73988bdc49a3}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000008f4,(null),0,REG_BINARY,0000000002DFDF30.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {75e1dfda-2231-4fca-bdee-98acaf265a8f}
 
Error: (08/13/2014 04:58:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001d4,(null),0,REG_BINARY,0000000001C8EA50.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {f16ac551-a950-43ff-bb23-019107e38011}
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-16 11:39:35.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-16 11:39:35.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-16 11:39:35.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-16 11:39:35.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-16 11:39:35.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-16 11:39:35.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-13 11:49:18.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-13 11:49:18.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-13 11:49:18.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-13 11:49:18.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-2720QM CPU @ 2.20GHz
Percentage of memory in use: 86%
Total physical RAM: 8139.86 MB
Available physical RAM: 1107.42 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 8583.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:683.95 GB) (Free:212.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.39 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (VIBROS) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:906.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1A3F0DFB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: A6634205)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

 

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
  • Please include the contents of that file in your reply.

fixlist.txt

Link to post
Share on other sites

# AdwCleaner v3.307 - Report created 17/08/2014 at 11:15:14

# Updated 17/08/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Sammy - SAMMY-PC

# Running from : C:\Users\Sammy\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

 

-\\ Mozilla Firefox v30.0 (en-US)

 

[ File : C:\Users\Sammy\AppData\Roaming\Mozilla\Firefox\Profiles\ru10kkh3.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1

Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=house+of+cards&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

Deleted [search Provider] : hxxp://www.headphone.com/search-results.php?q={searchTerms}

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [startup_urls] : hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8E156F72-7833-4CA7-A494-E6D968665558&SSPV=

Deleted [startup_urls] : hxxp://search.conduit.com/?ctid=CT3315010&SearchSource=48&CUI=UN38955638111954827&UM=2

Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8E156F72-7833-4CA7-A494-E6D968665558&SSPV=

 

*************************

 

AdwCleaner[R0].txt - [37428 octets] - [13/08/2014 16:27:59]

AdwCleaner[R1].txt - [3215 octets] - [16/08/2014 22:12:33]

AdwCleaner[R2].txt - [1735 octets] - [17/08/2014 11:14:09]

AdwCleaner[s0].txt - [38941 octets] - [13/08/2014 16:29:59]

AdwCleaner[s1].txt - [3962 octets] - [16/08/2014 22:14:34]

AdwCleaner[s2].txt - [2302 octets] - [17/08/2014 11:15:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2362 octets] ##########

 

Fixlog.txt

AdwCleanerS2.txt

Link to post
Share on other sites

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

Ok, here is the log of the scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/19/2014
Scan Time: 9:55:56 AM
Logfile: MWB Log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.19.07
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333509
Time Elapsed: 55 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Conduit.A, C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": ""http://mysearch.avg.com/?cid={25425A3D-8F62-4F39-8F1D-0CCB26F39384}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=ag011&pr=sa&d=2013-05-02%2014:39:59&v=15.1.0.2&pid=safeguard&sg=1&sap=hp", "http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=e52798aa6a944c34a5447d80b5716245&tu=11JL0008f2B000s&sku=&tstsId=&ver=&", "http://mysearch.avg.com/?cid={25425A3D-8F62-4F39-8F1D-0CCB26F39384}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=ag011&pr=sa&d=2013-05-02%2014:39:59&v=15.3.0.11&pid=safeguard&sg=41&sap=hp", "http://search.conduit.com/?ctid=CT3315010&SearchSource=48&CUI=UN38955638111954827&UM=2", "", "http://mysearch.avg.com?cid={A43DC320-6259-4916-B391-37345B3B25AD}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=av013&coid=avgtbdisav&cmpid=&pr=sa&d=2014-07-09 10:17:22&v=18.1.8.643&pid=safeguard&sg=&sap=hp", "http://www.msn.com/?pc=AV01" ],), Replaced,[76d11cab9be0ac8aec13ce3a09fcc838]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Ok, we will try one more tool:

 

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:
createsrpoint;autoclean;chrdefaults;emptyalltemp;ipconfig /flushdns;b
Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 
Post its content into your next reply.
Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 21-08-2014

Tool run by Sammy on Thu 08/21/2014 at 12:47:46.61.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Sammy\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

8/21/2014 12:55:19 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

ProfilePath: C:\Users\Sammy\AppData\Roaming\Mozilla\Firefox\Profiles\ru10kkh3.default

 

user.js not found

---- Lines zonealarm removed from prefs.js ----

user_pref("extensions.zonealarm.admin", false);

user_pref("extensions.zonealarm.aflt", "5043");

user_pref("extensions.zonealarm.appId", "{C56C48A0-DA4E-46F6-9859-1553DC865F84}");

user_pref("extensions.zonealarm.autoRvrt", "false");

user_pref("extensions.zonealarm.dfltLng", "en");

user_pref("extensions.zonealarm.dfltSrch", true);

user_pref("extensions.zonealarm.excTlbr", false);

user_pref("extensions.zonealarm.hmpg", true);

user_pref("extensions.zonealarm.hmpgUrl", ""http://mysearch.avg.com/?cid={25425A3D-8F62-4F39-8F1D-0CCB26F39384}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=ag011&pr=sa&d=2013-05-02%2014:39:59&v=15.1.0.2&pid=safeguard&sg=1&sap=hp", "http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=e52798aa6a944c34a5447d80b5716245&tu=11JL0008f2B000s&sku=&tstsId=&ver=&", "http://mysearch.avg.com/?cid={25425A3D-8F62-4F39-8F1D-0CCB26F39384}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=ag011&pr=sa&d=2013-05-02%2014:39:59&v=15.3.0.11&pid=safeguard&sg=41&sap=hp", "http://search.conduit.com/?ctid=CT3315010&SearchSource=48&CUI=UN38955638111954827&UM=2", "", "http://mysearch.avg.com?cid={A43DC320-6259-4916-B391-37345B3B25AD}&mid=b8ce6ce7e0d847d083b2fd6e914eb9ee-a38c4f2e0054eb5649afcd4534be509e23a9dd28〈=en&ds=av013&coid=avgtbdisav&cmpid=&pr=sa&d=2014-07-09 10:17:22&v=18.1.8.643&pid=safeguard&sg=&sap=hp", "http://www.msn.com/?pc=AV01" ],

 

 

==== Chrome Fix ======================

 

C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Reset Google Chrome ======================

 

C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sammy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Sammy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=381 folders=94 91314027 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Sammy\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Sammy\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

 

==== EOF on Thu 08/21/2014 at 13:25:15.94 ======================
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.