unisales extension in google, running crazy farbar included

[jfzoom]

Hey guys, Im having problems with this "unisales" extension in google chrome.   Malware doesnt seem to pick it up, and its getting worse, Ive seen people post this before but heres my farbar recovery notes

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01

Ran by sl4m at 2015-02-21 03:43:49

Running from E:\Users\SL4M

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )

8BitMMO (HKLM-x32\...\Steam App 250420) (Version:  - Archive Entertainment)

A Story About My Uncle (HKLM-x32\...\Steam App 278360) (Version:  - Gone North Games)

Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION

Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)

Amazon Kindle (HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\Amazon Kindle) (Version:  - Amazon)

Another World (HKLM-x32\...\Steam App 233550) (Version:  - Eric Chahi)

ArcheAge (HKLM-x32\...\Steam App 304030) (Version:  - XLGAMES)

Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version:  - Beamdog)

Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Beamdog)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

bit Dungeon II (HKLM-x32\...\Steam App 331440) (Version:  - KintoGames)

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)

BitTorrent (HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\BitTorrent) (Version: 7.9.0.30659 - BitTorrent Inc.)

Blitz Media Player - a modern video player (HKLM-x32\...\Blitz Media Player) (Version: 1.0 - Jenkat Media, Inc)

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)

Breath of Death VII  (HKLM-x32\...\Steam App 107300) (Version:  - Zeboyd Games)

Broken Age (HKLM-x32\...\Steam App 232790) (Version:  - Double Fine Productions)

Call of Cthulhu: The Wasted Land (HKLM-x32\...\Steam App 251390) (Version:  - Red Wasp Design Ltd)

Castlevania: Lords of Shadow - Ultimate Edition (HKLM-x32\...\Steam App 234080) (Version:  - MercurySteam - Climax Studios)

Castlevania: Lords of Shadow 2 Demo (HKLM-x32\...\Steam App 273130) (Version:  - MercurySteam)

Chasm (HKLM-x32\...\Steam App 312200) (Version:  - Discord Games, Inc.)

City of Steam: Arkadia (HKLM-x32\...\Steam App 266070) (Version:  - Mechanist Games)

Crawl (HKLM-x32\...\Steam App 293780) (Version:  - Powerhoof)

Cthulhu Saves the World  (HKLM-x32\...\Steam App 107310) (Version:  - Zeboyd Games)

Curse Client (HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)

DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)

Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)

Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)

Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)

DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)

Delver (HKLM-x32\...\Steam App 249630) (Version:  - Priority Interrupt)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)

Diehard Dungeon (HKLM-x32\...\Steam App 277870) (Version:  - Tricktale)

Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)

Dragon Nest (HKLM-x32\...\Steam App 11610) (Version:  - Eyedentity Games Inc.)

Eldritch (HKLM-x32\...\Steam App 252630) (Version:  - Minor Key Games)

Epigenesis (HKLM-x32\...\Steam App 244590) (Version:  - Dead Shark Triplepunch)

EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)

EverQuest Next Landmark (HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\SOE-EverQuest Next Landmark) (Version: 1.0.3.183 - Sony Online Entertainment)

EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION

Fallen Earth (HKLM-x32\...\Steam App 113420) (Version:  - Reloaded Productions)

Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)

Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)

FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)

FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)

Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Hack 'n' Slash (HKLM-x32\...\Steam App 246070) (Version:  - Double Fine Productions)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Heroine's Quest: The Herald of Ragnarok (HKLM-x32\...\Steam App 283880) (Version:  - Crystal Shard)

Hoopla (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - Exent Technologies Ltd) <==== ATTENTION

How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Killer is Dead (HKLM-x32\...\Steam App 261110) (Version:  - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)

Knights of Pen and Paper +1 (HKLM-x32\...\Steam App 231740) (Version:  - Behold Studios)

Lichdom: Battlemage (HKLM-x32\...\Steam App 261760) (Version:  - Xaviant)

LinkiDoo (HKLM\...\LinkiDoo) (Version: 2014.03.13.163811 - LinkiDoo) <==== ATTENTION

LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)

Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)

Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mars: War Logs (HKLM-x32\...\Steam App 232750) (Version:  - Spiders)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)

Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

MikesBikes-Advanced (HKLM-x32\...\MikesBikes-Advanced) (Version: 6.80.00.22 - SmartSims International Ltd)

Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)

Nihilumbra (HKLM-x32\...\Steam App 252670) (Version:  - Beautifun Games)

Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140519.84439 - Square Enix Ltd)

NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)

Penny Arcade's On the Rain-Slick Precipice of Darkness 4 (HKLM-x32\...\Steam App 237570) (Version:  - Zeboyd Games)

Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)

Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version:  - Gravity, Inc.)

Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6.18562 - Razer Inc.)

Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)

RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION

Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)

RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)

Septerra Core (HKLM-x32\...\Steam App 253940) (Version:  - )

Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)

Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)

SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden

Sins of a Dark Age (HKLM-x32\...\Steam App 251970) (Version:  - Ironclad Games)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Spacebase DF-9 (HKLM-x32\...\Steam App 246090) (Version:  - Double Fine Productions)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.31 - Bioware/EA)

Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)

Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Superbrothers: Sword & Sworcery EP (HKLM-x32\...\Steam App 204060) (Version:  - Capybara)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)

The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)

The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Evil Within (HKLM-x32\...\Steam App 268050) (Version:  - Tango Gameworks)

The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)

The Realm Online (HKLM-x32\...\{A07594BF-67FD-4015-BD84-EE84269E931F}) (Version: 3.248 - Norseman Games)

The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)

Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)

Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)

Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)

Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)

unisaleis (HKLM-x32\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - ) <==== ATTENTION

Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)

Valdis Story: Abyssal City (HKLM-x32\...\Steam App 252030) (Version:  - )

ValueApps (HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\ValueApps) (Version: 1.4.0.3 - Conduit) <==== ATTENTION

Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)

Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION

Wakfu (HKLM-x32\...\Steam App 215080) (Version:  - Ankama)

Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)

WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)

WildStarPTR (HKLM-x32\...\WildStarPTR) (Version:  - NCSOFT)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)

Ys II (HKLM-x32\...\Steam App 223870) (Version:  - Nihon Falcom)

Zeno Clash (HKLM-x32\...\Steam App 22200) (Version:  - ACE Team)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{412f6242-626b-4539-9f01-ff8a027ce827}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\sl4m\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3453346665-2812312322-410619398-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

31-12-2014 04:24:33 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

11-01-2015 04:44:54 Installed DirectX

07-02-2015 04:06:31 Installed DirectX

09-02-2015 10:38:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {04088C92-ABAB-410F-BBB8-5CFBD6272929} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3453346665-2812312322-410619398-1001Core => C:\Users\sl4m\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)

Task: {0FC96416-B445-4CEF-860C-1D3242A77DEE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {18F8DC67-E68D-4683-948A-D482594D7E26} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {1CC98273-E321-494E-89F1-825B2F848112} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)

Task: {2EA2487A-09BF-4ACB-AE5A-B0B85F6FA3FE} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {386BA6FA-1AEB-45EC-826A-CD5347FECCB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)

Task: {3E44A334-BD12-4C1A-A61B-29445F7F25D7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {462CAB36-46C9-4F28-A8A1-E229B16A7244} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {4F4401A1-5D21-427A-A25A-ED03DDF31B10} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3453346665-2812312322-410619398-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {574CB0FB-4A3A-4AED-B502-91EB31B4CB34} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Task: {59B81986-4449-4ACA-A223-7B04EA65E7E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)

Task: {63268F4B-AF25-4239-ACA9-704058EB0AE1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {7A659B35-EF61-41DC-AAD7-6484D3B054E2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DEEPW-sl4m DeepW => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)

Task: {7C5FDB4F-7C4F-4DE8-8B3A-BB0C80394825} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)

Task: {8654AB70-28D0-41A4-B605-E3FC472A9BEF} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Task: {8F3C3F37-19A5-4B6C-86B6-F02C6DAE85D6} - \RegClean Pro No Task File <==== ATTENTION

Task: {B2D45313-99B8-4CB3-A8B8-8B4DB118FDD5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3453346665-2812312322-410619398-1001UA => C:\Users\sl4m\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)

Task: {CBFFA42F-3211-4D67-9FED-5EDBDA93055E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

Task: {EED92F05-22D4-4171-B671-6F2C24B38CD1} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION

Task: {F02AC8B4-C75F-4064-A96C-459FD20FCFAB} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Task: {FF81FBD5-2921-4B6A-953F-E1EC9D00C35E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453346665-2812312322-410619398-1001Core.job => C:\Users\sl4m\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453346665-2812312322-410619398-1001UA.job => C:\Users\sl4m\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-03-10 17:16 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-02-03 04:13 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-11-23 05:43 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-03-19 08:28 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-03-19 08:28 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-03-19 08:28 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-03-19 08:28 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-03-19 08:28 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-02-03 04:32 - 2013-05-16 19:06 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2014-11-23 05:43 - 2014-11-23 05:43 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2014-12-02 09:00 - 2014-11-11 13:47 - 00774656 _____ () E:\Steam\SDL2.dll

2015-02-10 17:12 - 2014-12-01 19:29 - 05002752 _____ () E:\Steam\v8.dll

2015-02-18 23:37 - 2015-02-18 18:51 - 02360000 _____ () E:\Steam\video.dll

2015-02-10 17:12 - 2014-12-01 19:29 - 01612800 _____ () E:\Steam\icui18n.dll

2015-02-10 17:12 - 2014-12-01 19:29 - 01210368 _____ () E:\Steam\icuuc.dll

2015-02-10 17:12 - 2014-12-01 16:31 - 02396672 _____ () E:\Steam\libavcodec-56.dll

2015-02-10 17:12 - 2014-12-01 16:31 - 00479744 _____ () E:\Steam\libavformat-56.dll

2015-02-10 17:12 - 2014-12-01 16:31 - 00332800 _____ () E:\Steam\libavresample-2.dll

2015-02-10 17:12 - 2014-12-01 16:31 - 00442880 _____ () E:\Steam\libavutil-54.dll

2015-02-10 17:12 - 2014-12-01 16:31 - 00485888 _____ () E:\Steam\libswscale-3.dll

2015-02-18 23:37 - 2015-02-18 18:51 - 00702656 _____ () E:\Steam\bin\chromehtml.DLL

2015-02-18 23:37 - 2015-01-27 20:30 - 34641288 _____ () E:\Steam\bin\libcef.dll

2015-02-18 23:37 - 2015-01-27 20:30 - 01709960 _____ () E:\Steam\bin\ffmpegsumo.dll

2015-02-19 16:39 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll

2015-02-19 16:39 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll

2015-02-19 16:39 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

2015-02-19 16:39 - 2015-02-17 17:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\sl4m\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.1.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\StartupApproved\Run: => "BitTorrent"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3453346665-2812312322-410619398-500 - Administrator - Disabled)

Guest (S-1-5-21-3453346665-2812312322-410619398-501 - Limited - Disabled)

sl4m (S-1-5-21-3453346665-2812312322-410619398-1001 - Administrator - Enabled) => C:\Users\sl4m

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/20/2015 03:04:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/19/2015 03:48:19 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/18/2015 01:51:08 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Skype.exe version 6.18.0.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 5c88

 

Start Time: 01d0442ec37386ca

 

Termination Time: 4294967295

 

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

Report Id: 829074db-b73a-11e4-8282-b8975a6ac550

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (02/13/2015 04:58:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 05:21:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 05:00:45 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 04:40:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 04:26:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 03:38:49 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 03:09:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

 

System errors:

=============

Error: (02/21/2015 03:32:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (02/21/2015 03:14:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (02/21/2015 01:47:56 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)

Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

 

Error: (02/21/2015 01:43:54 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)

Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

 

Error: (02/20/2015 11:27:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (02/20/2015 07:43:10 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)

Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

 

Error: (02/20/2015 07:39:09 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)

Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

 

Error: (02/20/2015 07:14:41 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)

Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

 

Error: (02/20/2015 07:10:40 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)

Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

 

Error: (02/20/2015 10:18:34 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)

Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

 

 

Microsoft Office Sessions:

=========================

Error: (02/20/2015 03:04:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/19/2015 03:48:19 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/18/2015 01:51:08 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Skype.exe6.18.0.1065c8801d0442ec37386ca4294967295C:\Program Files (x86)\Skype\Phone\Skype.exe829074db-b73a-11e4-8282-b8975a6ac550

 

Error: (02/13/2015 04:58:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 05:21:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 05:00:45 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 04:40:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 04:26:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 03:38:49 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

Error: (02/12/2015 03:09:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: System ReservedThe parameter is incorrect. (0x80070057)

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-02-09 05:18:10.958

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:18:10.643

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:18:10.314

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:18:09.968

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:18:09.640

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:18:09.322

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:17:55.423

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:17:55.097

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:17:54.646

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-02-09 05:17:54.302

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4670 CPU @ 3.40GHz

Percentage of memory in use: 44%

Total physical RAM: 8142.7 MB

Available physical RAM: 4544.75 MB

Total Pagefile: 8142.7 MB

Available Pagefile: 3771.87 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:118.9 GB) (Free:27.07 GB) NTFS

Drive d: (GV-N00007_40) (CDROM) (Total:1.13 GB) (Free:0 GB) CDFS

Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:331.59 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D03AA33F)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=118.9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E863C9D2)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[B-boy/StyLe/]

Hello! Welcome to Malwarebytes Forums!
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

You posted only Addition.txt. Please post FRST.txt in your next reply as well.

 

 

Regards,

Georgi

[jfzoom]

Sorry about that, here is the FRST.txt

 

thanks!

 

_______________________

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01

Ran by sl4m (administrator) on DEEPW on 22-02-2015 20:02:34

Running from E:\Users\SL4M

Loaded Profiles: sl4m &  (Available profiles: sl4m)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Valve Corporation) E:\Steam\Steam.exe

(Valve Corporation) E:\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) E:\Steam\bin\steamwebhelper.exe

(Valve Corporation) E:\Steam\bin\steamwebhelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\sl4m\AppData\Local\Google\Update\GoogleUpdate.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2014-01-16] (Razer Inc.)

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [searchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender] => "C:\Program Files (x86)\Hoopla\GPlayer.exe" /runonstartup

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\Run: [Google Update] => C:\Users\sl4m\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-09] (Google Inc.)

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\Run: [bitTorrent] => "C:\Users\sl4m\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\Run: [Exetender] => "C:\Program Files (x86)\Hoopla\GPlayer.exe" /schedule 300000

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\MountPoints2: {52f2923a-8cb2-11e3-824b-806e6f6e6963} - "D:\SETUP.EXE" 

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\sl4m\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-09] (Google Inc.)

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [bitTorrent] => "C:\Users\sl4m\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender] => "C:\Program Files (x86)\Hoopla\GPlayer.exe" /schedule 300000

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {52f2923a-8cb2-11e3-824b-806e6f6e6963} - "D:\SETUP.EXE" 

HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Hoopla\GPlayer.exe" /runonstartup

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\155 - Home Alone.mp4 - 38.19 MB.lnk

ShortcutTarget: 155 - Home Alone.mp4 - 38.19 MB.lnk -> C:\ProgramData\{d4ced1f7-3d2e-31f9-d4ce-ed1f73d247dc}\155 - Home Alone.mp4 - 38.19 MB.exe ()

Startup: C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blitz Media Player.lnk

ShortcutTarget: Blitz Media Player.lnk -> C:\Program Files (x86)\BlitzMediaPlayer\BlitzMediaPlayerApp.exe (No File)

Startup: C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> DefaultScope {7A030759-5570-49B2-BE85-C91637D29634} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3320048&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP92C2B85A-EA10-4E59-B523-73EFFF04EDCF&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> {7A030759-5570-49B2-BE85-C91637D29634} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {7A030759-5570-49B2-BE85-C91637D29634} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL http://search.conduit.com/Results.aspx?ctid=CT3320048&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP92C2B85A-EA10-4E59-B523-73EFFF04EDCF&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7A030759-5570-49B2-BE85-C91637D29634} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Hoopla\npExentCtl.dll No File

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Hoopla\NPGameTreatPlugin.dll No File

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\sl4m\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001: @talk.google.com/O1DPlugin -> C:\Users\sl4m\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001: @tools.google.com/Google Update;version=3 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001: @tools.google.com/Google Update;version=9 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\sl4m\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\sl4m\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\sl4m\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF user.js: detected! => C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\user.js

FF Plugin ProgramFiles/Appdata: C:\Users\sl4m\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\sl4m\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: BuyNsave - C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\BGbok@LZNJzi.net [2015-02-19]

FF Extension: unisaleis - C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\WhBW4@tFBB0o.net [2015-02-19]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-02]

FF HKU\S-1-5-21-3453346665-2812312322-410619398-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]

CHR Extension: (Google Search) - C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]

CHR Extension: (Google Play) - C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-02-28]

CHR Extension: (Google Wallet) - C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]

CHR Extension: (Gmail) - C:\Users\sl4m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-04] (BitRaider, LLC)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)

S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)

S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)

S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]

S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]

S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-21] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [27816 2014-01-10] (Razer Inc)

S3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [32936 2013-11-15] (Razer Inc)

R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2014-04-27] (Scarlet.Crush Productions)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S2 X5XSEx_Pr152; \??\C:\Program Files (x86)\Hoopla\X5XSEx_Pr152.Sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-19 16:41 - 2015-02-22 20:02 - 00000000 ____D () C:\FRST

2015-02-18 23:38 - 2015-02-18 23:38 - 00000000 ____D () C:\Users\sl4m\AppData\Local\Steam

2015-02-10 21:44 - 2015-02-10 21:44 - 00000000 ____D () C:\ProgramData\{d4ced1f7-3d2e-31f9-d4ce-ed1f73d247dc}

2015-02-09 01:07 - 2015-02-09 01:07 - 00000000 ____D () C:\Program Files (x86)\unisaleis

2015-02-09 01:06 - 2015-02-09 01:06 - 00000000 ____D () C:\ProgramData\kkboogmcikdpecdcbbjldefcncoibmen

2015-02-09 01:06 - 2015-02-09 01:06 - 00000000 ____D () C:\ProgramData\{d449a655-ab03-f550-d449-9a655ab09956}

2015-01-27 18:47 - 2015-01-27 18:47 - 00000000 ____D () C:\Users\sl4m\AppData\Roaming\8BitMMO

2015-01-25 03:07 - 2015-01-25 03:13 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2015-01-25 03:07 - 2015-01-25 03:12 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2015-01-25 03:07 - 2015-01-25 03:08 - 00000000 ____D () C:\ProgramData\BlueStacks

2015-01-25 03:07 - 2015-01-25 03:07 - 00000000 ____D () C:\Users\sl4m\AppData\Local\Bluestacks

2015-01-25 03:07 - 2015-01-25 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-22 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-22 19:57 - 2014-02-03 04:22 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{888CE65D-C8A2-48DC-9D5A-985DAE52A12D}

2015-02-22 19:54 - 2014-05-19 10:20 - 00000000 ____D () C:\Users\sl4m\AppData\Roaming\Skype

2015-02-21 18:43 - 2014-02-03 04:35 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-21 18:20 - 2014-03-06 14:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-21 18:12 - 2014-02-09 11:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453346665-2812312322-410619398-1001UA.job

2015-02-21 16:43 - 2014-02-03 04:35 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-21 11:38 - 2014-02-03 04:08 - 01509382 _____ () C:\Windows\WindowsUpdate.log

2015-02-21 03:13 - 2014-06-13 10:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-21 03:12 - 2014-02-09 11:36 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453346665-2812312322-410619398-1001Core.job

2015-02-19 18:42 - 2014-02-03 05:04 - 00000000 ____D () C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-02-19 17:19 - 2014-02-03 04:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3453346665-2812312322-410619398-1001

2015-02-19 16:38 - 2014-02-03 04:35 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-19 16:38 - 2014-02-03 04:35 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-16 13:04 - 2014-02-03 04:08 - 00000000 ____D () C:\Users\sl4m\AppData\Local\Packages

2015-02-10 09:46 - 2014-12-05 13:34 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DEEPW-sl4m DeepW

2015-02-09 14:03 - 2014-05-20 15:56 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-09 04:59 - 2014-03-07 08:26 - 00000000 ___DO () C:\Users\sl4m\SkyDrive

2015-02-08 11:12 - 2015-01-08 02:10 - 00000000 ____D () C:\Users\sl4m\AppData\Local\valdis_story_ac

2015-02-07 04:16 - 2014-02-03 04:58 - 00129450 _____ () C:\Windows\DirectX.log

2015-02-07 02:56 - 2013-08-22 09:46 - 00013561 _____ () C:\Windows\setupact.log

2015-02-04 14:20 - 2014-03-06 14:30 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-25 03:08 - 2013-08-22 10:36 - 00000000 __RHD () C:\Users\Public\Libraries

 

==================== Files in the root of some directories =======

 

2014-03-07 08:30 - 2014-03-07 08:30 - 0007596 _____ () C:\Users\sl4m\AppData\Local\Resmon.ResmonCfg

 

Some content of TEMP:

====================

C:\Users\sl4m\AppData\Local\Temp\05d04fb.exe

C:\Users\sl4m\AppData\Local\Temp\b1aE68Ce38A.exe

C:\Users\sl4m\AppData\Local\Temp\i4jdel0.exe

C:\Users\sl4m\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\sl4m\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\sl4m\AppData\Local\Temp\nvStInst.exe

C:\Users\sl4m\AppData\Local\Temp\SkypeSetup.exe

C:\Users\sl4m\AppData\Local\Temp\vpInstall.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-18 06:34

 

==================== End Of Log ============================

[B-boy/StyLe/]

Hello,

 

 

STEP 1

 

 

Please go ahead and uninstall the following programs from the Control Panel:

 

Advanced System Protector
EZDownloader
Hoopla
LinkiDoo
Mobogenie
RegClean Pro
unisaleis
ValueApps
Vuze Remote Toolbar v9.3

 

If some of them refuse to be uninstalled don't worry and simple continue with the next step.

 

 

STEP 2

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

 

 

Regards,

Georgi

[jfzoom]

So its been "Deleting temporary files: C:\Users\Sl4m\AppData\Local\Temp"  for about 30 minutes now.  Is there an estimate on how long this should go or is it possible its hung up somewhere?

[jfzoom]

Fix log after an hour of being stuck on C:\Users\sl4m\AppData\Local\Temp

 

-----------------------------------------------------------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015

Ran by sl4m at 2015-02-24 00:43:28 Run:2

Running from E:\Users\James

Loaded Profiles: sl4m (Available profiles: sl4m)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

C:\Program Files (x86)\Mobogenie

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [searchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

C:\Program Files (x86)\Common Files\Spigot

C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\155 - Home Alone.mp4 - 38.19 MB.lnk

C:\ProgramData\{d4ced1f7-3d2e-31f9-d4ce-ed1f73d247dc}

C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blitz Media Player.lnk

C:\Program Files (x86)\BlitzMediaPlayer

C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> URL http://search.condui...rchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL http://search.condui...rchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}

FF user.js: detected! => C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\user.js

FF Extension: BuyNsave - C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\BGbok@LZNJzi.net [2015-02-19]

FF Extension: unisaleis - C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\WhBW4@tFBB0o.net [2015-02-19]

S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X]

2015-02-09 01:07 - 2015-02-09 01:07 - 00000000 ____D () C:\Program Files (x86)\unisaleis

2015-02-09 01:06 - 2015-02-09 01:06 - 00000000 ____D () C:\ProgramData\kkboogmcikdpecdcbbjldefcncoibmen

2015-02-09 01:06 - 2015-02-09 01:06 - 00000000 ____D () C:\ProgramData\{d449a655-ab03-f550-d449-9a655ab09956}

Task: {2EA2487A-09BF-4ACB-AE5A-B0B85F6FA3FE} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {574CB0FB-4A3A-4AED-B502-91EB31B4CB34} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Task: {8654AB70-28D0-41A4-B605-E3FC472A9BEF} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Task: {8F3C3F37-19A5-4B6C-86B6-F02C6DAE85D6} - \RegClean Pro No Task File <==== ATTENTION

Task: {EED92F05-22D4-4171-B671-6F2C24B38CD1} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION

Task: {F02AC8B4-C75F-4064-A96C-459FD20FCFAB} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Hosts:

Reg: reg query "hklm\SYSTEM\CurrentControlSet\services\wuauserv" /s

emptytemp:

end

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value not found.

"C:\Program Files (x86)\Mobogenie" => File/Directory not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchSettings => Value not found.

"C:\Program Files (x86)\Common Files\Spigot" => File/Directory not found.

"C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\155 - Home Alone.mp4 - 38.19 MB.lnk" => File/Directory not found.

"C:\ProgramData\{d4ced1f7-3d2e-31f9-d4ce-ed1f73d247dc}" => File/Directory not found.

"C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blitz Media Player.lnk" => File/Directory not found.

"C:\Program Files (x86)\BlitzMediaPlayer" => File/Directory not found.

"C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip" => File/Directory not found.

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key not found. 

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found.

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found.

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found.

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found.

C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\user.js not found.

C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\BGbok@LZNJzi.net not found.

C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\WhBW4@tFBB0o.net not found.

MgAssistService => Service not found.

"C:\Program Files (x86)\unisaleis" => File/Directory not found.

"C:\ProgramData\kkboogmcikdpecdcbbjldefcncoibmen" => File/Directory not found.

"C:\ProgramData\{d449a655-ab03-f550-d449-9a655ab09956}" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EA2487A-09BF-4ACB-AE5A-B0B85F6FA3FE} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{574CB0FB-4A3A-4AED-B502-91EB31B4CB34} => Key not found. 

C:\Windows\System32\Tasks\GC_Scheduler not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8654AB70-28D0-41A4-B605-E3FC472A9BEF} => Key not found. 

C:\Windows\System32\Tasks\GC_Informer not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F3C3F37-19A5-4B6C-86B6-F02C6DAE85D6} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EED92F05-22D4-4171-B671-6F2C24B38CD1} => Key not found. 

C:\Windows\System32\Tasks\Advanced System Protector not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F02AC8B4-C75F-4064-A96C-459FD20FCFAB} => Key not found. 

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler => Key not found. 

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

 

========= reg query "hklm\SYSTEM\CurrentControlSet\services\wuauserv" /s =========

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv

    PreshutdownTimeout    REG_DWORD    0x36ee800

    DisplayName    REG_SZ    @%systemroot%\system32\wuaueng.dll,-105

    ErrorControl    REG_DWORD    0x1

    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k netsvcs

    Start    REG_DWORD    0x3

    Type    REG_DWORD    0x20

    Description    REG_SZ    @%systemroot%\system32\wuaueng.dll,-106

    DependOnService    REG_MULTI_SZ    rpcss

    ObjectName    REG_SZ    LocalSystem

    ServiceSidType    REG_DWORD    0x1

    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege\0SeCreateGlobalPrivilege\0SeCreatePageFilePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege\0SeShutdownPrivilege

    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters

    ServiceDllUnloadOnStop    REG_DWORD    0x1

    ServiceMain    REG_SZ    WUServiceMain

    ServiceDll    REG_EXPAND_SZ    %systemroot%\system32\wuaueng.dll

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security

    Security    REG_BINARY    010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo\0

    Type    REG_DWORD    0x5

    Action    REG_DWORD    0x1

    Guid    REG_BINARY    E6CA9F65DB5BA94DB1FFCA2A178D46E0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo\1

    Type    REG_DWORD    0x5

    Action    REG_DWORD    0x1

    Guid    REG_BINARY    C846FB5489F04C46B1FD59D1B62C3B50

 

 

 

========= End of Reg: =========

[jfzoom]

Ok so I deleted everything in temp folder that was holding it up, and I ran it and it went through completely fine.  Here is the log

 

__________________________________________________________________________________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015

Ran by sl4m at 2015-02-24 01:47:53 Run:3

Running from E:\Users\James

Loaded Profiles: sl4m (Available profiles: sl4m)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

C:\Program Files (x86)\Mobogenie

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [searchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

C:\Program Files (x86)\Common Files\Spigot

C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\155 - Home Alone.mp4 - 38.19 MB.lnk

C:\ProgramData\{d4ced1f7-3d2e-31f9-d4ce-ed1f73d247dc}

C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blitz Media Player.lnk

C:\Program Files (x86)\BlitzMediaPlayer

C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> URL http://search.condui...rchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL http://search.condui...rchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}

FF user.js: detected! => C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\user.js

FF Extension: BuyNsave - C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\BGbok@LZNJzi.net [2015-02-19]

FF Extension: unisaleis - C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\WhBW4@tFBB0o.net [2015-02-19]

S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X]

2015-02-09 01:07 - 2015-02-09 01:07 - 00000000 ____D () C:\Program Files (x86)\unisaleis

2015-02-09 01:06 - 2015-02-09 01:06 - 00000000 ____D () C:\ProgramData\kkboogmcikdpecdcbbjldefcncoibmen

2015-02-09 01:06 - 2015-02-09 01:06 - 00000000 ____D () C:\ProgramData\{d449a655-ab03-f550-d449-9a655ab09956}

Task: {2EA2487A-09BF-4ACB-AE5A-B0B85F6FA3FE} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {574CB0FB-4A3A-4AED-B502-91EB31B4CB34} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Task: {8654AB70-28D0-41A4-B605-E3FC472A9BEF} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Task: {8F3C3F37-19A5-4B6C-86B6-F02C6DAE85D6} - \RegClean Pro No Task File <==== ATTENTION

Task: {EED92F05-22D4-4171-B671-6F2C24B38CD1} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION

Task: {F02AC8B4-C75F-4064-A96C-459FD20FCFAB} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION

Hosts:

Reg: reg query "hklm\SYSTEM\CurrentControlSet\services\wuauserv" /s

emptytemp:

end

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value not found.

"C:\Program Files (x86)\Mobogenie" => File/Directory not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchSettings => Value not found.

"C:\Program Files (x86)\Common Files\Spigot" => File/Directory not found.

"C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\155 - Home Alone.mp4 - 38.19 MB.lnk" => File/Directory not found.

"C:\ProgramData\{d4ced1f7-3d2e-31f9-d4ce-ed1f73d247dc}" => File/Directory not found.

"C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blitz Media Player.lnk" => File/Directory not found.

"C:\Program Files (x86)\BlitzMediaPlayer" => File/Directory not found.

"C:\Users\sl4m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip" => File/Directory not found.

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key not found. 

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found.

HKU\S-1-5-21-3453346665-2812312322-410619398-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found.

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found.

HKU\S-1-5-21-3453346665-2812312322-410619398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found.

C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\user.js not found.

C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\BGbok@LZNJzi.net not found.

C:\Users\sl4m\AppData\Roaming\Mozilla\Firefox\Profiles\laccx7sy.default\Extensions\WhBW4@tFBB0o.net not found.

MgAssistService => Service not found.

"C:\Program Files (x86)\unisaleis" => File/Directory not found.

"C:\ProgramData\kkboogmcikdpecdcbbjldefcncoibmen" => File/Directory not found.

"C:\ProgramData\{d449a655-ab03-f550-d449-9a655ab09956}" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EA2487A-09BF-4ACB-AE5A-B0B85F6FA3FE} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{574CB0FB-4A3A-4AED-B502-91EB31B4CB34} => Key not found. 

C:\Windows\System32\Tasks\GC_Scheduler not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8654AB70-28D0-41A4-B605-E3FC472A9BEF} => Key not found. 

C:\Windows\System32\Tasks\GC_Informer not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F3C3F37-19A5-4B6C-86B6-F02C6DAE85D6} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EED92F05-22D4-4171-B671-6F2C24B38CD1} => Key not found. 

C:\Windows\System32\Tasks\Advanced System Protector not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F02AC8B4-C75F-4064-A96C-459FD20FCFAB} => Key not found. 

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler => Key not found. 

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not reset Hosts.

 

========= reg query "hklm\SYSTEM\CurrentControlSet\services\wuauserv" /s =========

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv

    PreshutdownTimeout    REG_DWORD    0x36ee800

    DisplayName    REG_SZ    @%systemroot%\system32\wuaueng.dll,-105

    ErrorControl    REG_DWORD    0x1

    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k netsvcs

    Start    REG_DWORD    0x3

    Type    REG_DWORD    0x20

    Description    REG_SZ    @%systemroot%\system32\wuaueng.dll,-106

    DependOnService    REG_MULTI_SZ    rpcss

    ObjectName    REG_SZ    LocalSystem

    ServiceSidType    REG_DWORD    0x1

    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege\0SeCreateGlobalPrivilege\0SeCreatePageFilePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege\0SeShutdownPrivilege

    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters

    ServiceDllUnloadOnStop    REG_DWORD    0x1

    ServiceMain    REG_SZ    WUServiceMain

    ServiceDll    REG_EXPAND_SZ    %systemroot%\system32\wuaueng.dll

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security

    Security    REG_BINARY    010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo\0

    Type    REG_DWORD    0x5

    Action    REG_DWORD    0x1

    Guid    REG_BINARY    E6CA9F65DB5BA94DB1FFCA2A178D46E0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\TriggerInfo\1

    Type    REG_DWORD    0x5

    Action    REG_DWORD    0x1

    Guid    REG_BINARY    C846FB5489F04C46B1FD59D1B62C3B50

 

 

 

========= End of Reg: =========

 

EmptyTemp: => Removed 1022.9 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 01:48:35 ====

[B-boy/StyLe/]

Hi,

 

You really should be a little more patient since we have different time zone and I can't be 24h online.

Since you ran the script more than once I can't see if everything was deleted (but I guess that it went fine since the entries are no longer found).

 

Ok, please download and run the following MSFixIt and follow the prompts.

Next please run a new scan with FRST (make sure that Addition.txt is checked before you press the SCAN button) and post back both logs in your next reply.

 

Thanks!

 

 

Regards,

Georgi

[jfzoom]

Hey Georgi, sorry about that

 

oh and when I ran that version of MSFixit I got the following error

 

"This Microsoft Fix It does not apply to your operating system or application version."

 

and thank you for all the help so far, everything already seems to be running more smoothly

[B-boy/StyLe/]

Hi,

 

No worries. I am here to guide you through the whole process and simply wanted to let you know that doing things on your own will leave me out of the loop.

I am glad to hear there is an improvement.

Ok, please skip the MSFixIt tool and continue with FRST and post back the results.

Thanks!

 

 

Regards,

Georgi

[B-boy/StyLe/]

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.
Thank you for your understanding!


Regards,
Georgi

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!