WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer is super slow/lagging [Solved]

Started by sekirsc , Jul 29 2014 05:12 PM

This topic is locked

20 replies to this topic

#1 sekirsc

Authentic Member

Authentic Member
35 posts

Posted 29 July 2014 - 05:12 PM

I don't know what is wrong with my laptop. It is constantly running slow, when i search the internet it is constantly lagging, when I watch videos it lags as well, and I am constantly being kicked out of programs. I have tried running a bunch of scans but everything usually comes up clean. Can someone please help? Below is a HIjack Log and Startup Log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:05:46 PM, on 7/29/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.17126)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Steven\Downloads\ccsetup416.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Steven\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: Wondershare Player 1.6.0 - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Player\DelayPluginI.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38D1W2J705Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe

O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - http://www.worldwinn...ts/wwhearts.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Protocol: WSIEChrome - {6D02ED5F-FD0D-4C4C - (no file)

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 12930 bytes

StartupList report, 7/29/2014, 6:07:26 PM

StartupList version: 1.52.2

Started from : C:\Users\Steven\Downloads\HiJackThis.EXE

Detected: Unknown Windows (WinNT 6.02.1008)

Detected: Internet Explorer v11.0 (11.00.9600.17126)

* Using default options

==================================================

Running processes:

C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Steven\Downloads\ccsetup416.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Steven\Downloads\HiJackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RemoteControl10 = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

Wondershare Helper Compact.exe = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

DelaypluginInstall = C:\ProgramData\Wondershare\Player\DelayPluginI.exe

QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

HPMessageService = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

TkBellExe = "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

(Default) =

StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

Power2GoExpress8 = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"

iCloudServices = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

HP Officejet 4630 series (NET) = "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38D1W2J705Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}

(no name) - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll - {43D9786F-A485-683B-9B5B-ACC97ABC17FC}

(no name) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskMachineCore.job

GoogleUpdateTaskMachineUA.job

HPCeeScheduleForSteven.job

--------------------------------------------------

Enumerating Download Program Files:

[{555F1BBC-6EC2-474F-84AF-633EF097FF54}]

CODEBASE = http://www.worldwinn...ts/wwhearts.cab

[Wwlaunch Control]

InProcServer32 = C:\Windows\DOWNLO~1\wwlaunch.ocx

CODEBASE = http://www.worldwinn...ed/wwlaunch.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\system32\napinsp.dll

NameSpace #2: C:\WINDOWS\system32\pnrpnsp.dll

NameSpace #3: C:\WINDOWS\system32\pnrpnsp.dll

NameSpace #4: C:\WINDOWS\system32\NLAapi.dll

NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------

End of report, 7,065 bytes

Report generated in 0.188 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 31 July 2014 - 11:19 AM

Hi sekirsc,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 sekirsc

Authentic Member

Authentic Member
35 posts

Posted 31 July 2014 - 02:45 PM

Results of screen317's Security Check version 0.99.86

x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Defender

Bitdefender Antivirus Free Edition

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 60

Java version out of Date!

Google Chrome 35.0.1916.153

Google Chrome 36.0.1985.125

````````Process Check: objlist.exe by Laurent````````

Bitdefender Antivirus Free Edition gzserv.exe

Bitdefender Antivirus Free Edition gziface.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Run date: 2014-07-31 13:57:27

-----------------------------

13:57:27.050 OS Version: Windows x64 6.2.9200

13:57:27.050 Number of processors: 2 586 0x200

13:57:27.054 ComputerName: STEVE_EMMA UserName: Steven

13:57:28.982 Initialize success

13:57:29.066 VM: initialized successfully

13:57:29.108 VM: Amd CPU BiosDisabled

13:57:38.345 VM: supported disk I/O storport.sys

14:02:18.970 AVAST engine defs: 14073101

14:55:43.982 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"

Run date: 2014-07-31 13:57:27

-----------------------------

13:57:27.050 OS Version: Windows x64 6.2.9200

13:57:27.050 Number of processors: 2 586 0x200

13:57:27.054 ComputerName: STEVE_EMMA UserName: Steven

13:57:28.982 Initialize success

13:57:29.066 VM: initialized successfully

13:57:29.108 VM: Amd CPU BiosDisabled

13:57:38.345 VM: supported disk I/O storport.sys

14:02:18.970 AVAST engine defs: 14073101

14:55:43.982 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"

14:55:58.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b

14:55:58.047 Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11

14:55:58.213 Disk 0 MBR read successfully

14:55:58.228 Disk 0 MBR scan

14:55:58.292 Disk 0 unknown MBR code

14:55:58.308 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

14:55:58.686 Disk 0 scanning C:\WINDOWS\system32\drivers

14:56:47.215 Service scanning

14:56:56.731 Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5

14:58:03.807 Modules scanning

14:58:03.857 Disk 0 trace - called modules:

14:58:03.901 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys

14:58:03.926 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000dadb6770]

14:58:03.949 3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]

14:58:03.973 5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]

14:58:05.462 AVAST engine scan C:\WINDOWS

14:58:09.585 AVAST engine scan C:\WINDOWS\system32

15:06:31.334 AVAST engine scan C:\WINDOWS\system32\drivers

15:07:09.371 AVAST engine scan C:\Users\Steven

15:11:07.974 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"

15:11:08.028 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"

Run date: 2014-07-31 13:57:27

-----------------------------

13:57:27.050 OS Version: Windows x64 6.2.9200

13:57:27.050 Number of processors: 2 586 0x200

13:57:27.054 ComputerName: STEVE_EMMA UserName: Steven

13:57:28.982 Initialize success

13:57:29.066 VM: initialized successfully

13:57:29.108 VM: Amd CPU BiosDisabled

13:57:38.345 VM: supported disk I/O storport.sys

14:02:18.970 AVAST engine defs: 14073101

14:55:43.982 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"

14:55:58.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b

14:55:58.047 Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11

14:55:58.213 Disk 0 MBR read successfully

14:55:58.228 Disk 0 MBR scan

14:55:58.292 Disk 0 unknown MBR code

14:55:58.308 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

14:55:58.686 Disk 0 scanning C:\WINDOWS\system32\drivers

14:56:47.215 Service scanning

14:56:56.731 Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5

14:58:03.807 Modules scanning

14:58:03.857 Disk 0 trace - called modules:

14:58:03.901 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys

14:58:03.926 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000dadb6770]

14:58:03.949 3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]

14:58:03.973 5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]

14:58:05.462 AVAST engine scan C:\WINDOWS

14:58:09.585 AVAST engine scan C:\WINDOWS\system32

15:06:31.334 AVAST engine scan C:\WINDOWS\system32\drivers

15:07:09.371 AVAST engine scan C:\Users\Steven

15:11:07.974 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"

15:11:08.028 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"

15:18:35.839 AVAST engine scan C:\ProgramData

15:19:57.370 Scan finished successfully

15:23:54.442 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"

15:23:54.497 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01

Ran by Steven (administrator) on STEVE_EMMA on 31-07-2014 15:30:20

Running from C:\Users\Steven\Desktop

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2013-09-28] ()

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-06-05] (RealNetworks, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)

HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-27] (Electronic Arts)

HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-20] (CyberLink Corp.)

HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)

ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)

GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1005\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS

SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll (Wondershare)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinn...ts/wwhearts.cab

DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File

Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Steven\AppData\Local\Roblox\Versions\version-de8b84f90efc4ca5\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com

FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2014-02-07]

FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-05]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:

=======

CHR HomePage: https://www.yahoo.co...t&type=avastbcl

CHR StartupUrls: "https://www.yahoo.co...&type=avastbcl"

CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]

CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]

CHR Extension: (Wondershare Player) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdegagmpemadclljncealhmmkojfoam [2014-03-05]

CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]

CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]

CHR Extension: (RealDownloader) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-05]

CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]

CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]

CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2014-02-07]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-18] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-18] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)

R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-05-14] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

U3 aswMBR; \??\C:\Users\Steven\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Steven\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 15:30 - 2014-07-31 15:32 - 00022947 _____ () C:\Users\Steven\Desktop\FRST.txt

2014-07-31 15:30 - 2014-07-31 15:30 - 00000000 ____D () C:\FRST

2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe

2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip

2014-07-31 15:11 - 2014-07-31 15:23 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat

2014-07-31 14:55 - 2014-07-31 15:23 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt

2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe

2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt

2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe

2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt

2014-07-29 18:05 - 2014-07-29 18:06 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log

2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe

2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe

2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC

2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk

2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer

2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer

2014-07-28 10:05 - 2014-07-28 10:06 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe

2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM

2014-07-21 15:50 - 2014-07-31 13:57 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002

2014-07-21 15:50 - 2014-07-31 13:57 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002

2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-19 16:09 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-19 16:09 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-19 16:09 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-19 16:09 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-19 16:07 - 2014-07-19 16:09 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe

2014-07-18 15:57 - 2014-07-18 15:57 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys

2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-15 22:33 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files\iTunes

2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod

2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe

2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-07-10 12:23 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll

2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk

2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk

2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc

2014-07-09 15:14 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-07-09 15:14 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-07-09 15:14 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-07-09 15:14 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-07-09 15:14 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe

2014-07-09 15:14 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe

2014-07-09 15:14 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-07-09 15:14 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2014-07-09 15:14 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2014-07-09 15:14 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll

2014-07-09 15:14 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll

2014-07-09 15:14 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-07-09 15:14 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2014-07-09 15:14 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-07-09 15:12 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-07-09 15:12 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-07-09 15:12 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-07-09 15:12 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-07-09 15:12 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-07-09 15:12 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-07-09 15:12 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-07-09 15:12 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-07-09 15:12 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-07-09 15:12 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-07-09 15:12 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-07-09 15:12 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-07-09 15:12 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-07-09 15:12 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-07-09 15:12 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-07-09 15:12 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-07-09 15:12 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-07-09 15:12 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-07-09 15:12 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-07-09 15:12 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-07-09 15:12 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-07-09 15:12 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-07-09 15:12 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-07-09 15:11 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-07-09 15:11 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-07-09 15:11 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-07-09 15:11 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2014-07-09 15:11 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll

2014-07-09 15:11 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-07-09 15:11 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2014-07-09 15:11 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-07-09 15:11 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-07-09 15:11 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 15:11 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-07-09 15:11 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-07-09 15:11 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 15:11 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-07-09 15:11 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-07-09 15:11 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-07-09 15:11 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2014-07-09 15:11 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-07-09 15:11 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2014-07-09 15:11 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover

2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 15:32 - 2014-07-31 15:30 - 00022947 _____ () C:\Users\Steven\Desktop\FRST.txt

2014-07-31 15:30 - 2014-07-31 15:30 - 00000000 ____D () C:\FRST

2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe

2014-07-31 15:23 - 2014-07-31 15:11 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat

2014-07-31 15:23 - 2014-07-31 14:55 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt

2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip

2014-07-31 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-31 14:49 - 2014-01-27 20:31 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-31 13:57 - 2014-07-21 15:50 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002

2014-07-31 13:57 - 2014-07-21 15:50 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002

2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe

2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt

2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe

2014-07-31 11:22 - 2014-01-20 17:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1002

2014-07-31 10:19 - 2014-05-14 23:37 - 00000000 ____D () C:\Users\Steven\Documents\Youcam

2014-07-31 10:15 - 2014-01-27 20:32 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-31 10:15 - 2014-01-27 20:31 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-31 10:13 - 2014-04-18 19:48 - 00000000 __RDO () C:\Users\Steven\OneDrive

2014-07-31 10:13 - 2014-01-26 12:59 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-07-31 10:11 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-30 11:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-07-29 18:36 - 2014-01-21 19:56 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2014-07-29 18:36 - 2014-01-21 19:56 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt

2014-07-29 18:06 - 2014-07-29 18:05 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log

2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe

2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe

2014-07-28 20:27 - 2014-04-23 14:26 - 00003174 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSteven

2014-07-28 20:27 - 2014-04-23 14:26 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSteven.job

2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC

2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk

2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer

2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer

2014-07-28 10:06 - 2014-07-28 10:05 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe

2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM

2014-07-27 16:06 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Emma\Documents\Youcam

2014-07-26 21:33 - 2014-04-30 02:04 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6097E0FD-3026-4BE4-8674-626F2B3EC1DF}

2014-07-26 21:31 - 2014-06-21 14:39 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\HpUpdate

2014-07-25 18:33 - 2014-01-20 22:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1005

2014-07-23 11:26 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-07-21 15:56 - 2014-06-20 10:42 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-21 15:47 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Steven

2014-07-19 16:10 - 2014-06-07 20:52 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-19 16:09 - 2014-07-19 16:07 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log

2014-07-19 16:09 - 2014-06-07 20:51 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe

2014-07-18 15:57 - 2014-07-18 15:57 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys

2014-07-18 15:48 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Emma

2014-07-17 07:39 - 2014-05-04 15:24 - 00001415 _____ () C:\Users\Emma\Desktop\ROBLOX Player.lnk

2014-07-17 07:39 - 2014-04-18 11:57 - 00001230 _____ () C:\Users\Emma\Desktop\ROBLOX Studio 2013.lnk

2014-07-17 07:39 - 2014-04-18 11:57 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-07-15 22:36 - 2014-07-15 22:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iTunes

2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod

2014-07-15 22:33 - 2014-04-18 21:49 - 00000000 ___DC () C:\WINDOWS\Panther

2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe

2014-07-14 10:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2014-07-11 03:02 - 2014-07-19 16:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-11 02:56 - 2014-07-19 16:09 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-11 02:56 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-11 02:55 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-10 14:59 - 2013-08-22 09:44 - 00483160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-07-10 14:57 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-07-10 12:31 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 12:31 - 2014-01-20 21:12 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-07-10 12:26 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-07-10 12:25 - 2014-01-20 21:11 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk

2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk

2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc

2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover

2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens

2014-07-03 23:40 - 2014-02-07 20:51 - 00000000 ____D () C:\ProgramData\Wondershare Player

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-31 14:02

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01

Ran by Steven at 2014-07-31 15:35:27

Running from C:\Users\Steven\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)

Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

AMD Catalyst Control Center (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden

AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )

Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)

Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)

CyberLink LabelPrint (x32 Version: 2.5.6.7225 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)

CyberLink Media Suite 10 (x32 Version: 10.0.6.3728 - CyberLink Corp.) Hidden

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)

CyberLink PowerDVD (x32 Version: 10.0.8.5108 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 5.0 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)

HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)

HP Officejet 4630 series Basic Device Software (HKLM\...\{1EEDD93E-B341-4353-92D6-9A009443C91A}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden

HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)

HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)

iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Product Improvement Study for HP Officejet 4630 series (HKLM\...\{1A6CF6FE-7573-44F3-8C56-0F4E469D1791}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

ROBLOX Player for Steven (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)

ROBLOX Studio 2013 for Steven (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)

Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)

The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Wondershare DVD Slideshow Builder Deluxe(Build 6.1.13.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.13.0 - WonderShare Software Co.,Ltd.)

Wondershare Player(Build 1.6.0) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)

Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

08-07-2014 22:16:30 Removed Walgreens PictureMover.

19-07-2014 21:05:49 Installed Java 7 Update 65

30-07-2014 16:35:48 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {158B64B1-639C-4045-88D9-B5DB968A7209} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {17971E72-AA3C-458C-8FCF-203BDFA0F6C0} - System32\Tasks\HPCeeScheduleForSteven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {1D275DFA-6814-43FD-8C33-CD3175A2D172} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {26D583AD-C46E-4BE7-B98C-11E422B7AF2D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-05-14] (Synaptics Incorporated)

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {2EB70B7F-3D21-4629-BA64-0D5E7C24ECE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {32B69CF1-F155-416A-A514-7D89DE8E8738} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {4308C5F9-050D-4A92-88A3-34D3489AD760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {4B132DC5-1D23-4A16-9B34-C26BEB19686B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-15] (Microsoft Corporation)

Task: {594E20E3-EFFD-429C-8671-99A4ABB7F2AA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-03-05] (Realtek Semiconductor)

Task: {69E67878-C797-47F4-AA95-334C380C5045} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8945BC5A-1B41-43E0-A8C7-66DF6479BAE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)

Task: {8A951EBD-A8AC-4E80-B3BC-D14D538ABDCA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {8B4A4FCA-FB16-43E7-A44E-DB0654F50CFB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {A51007B9-E9F3-4D7D-B00E-93B10EAAFE7E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)

Task: {BE18A5C6-A81D-4A53-8C44-C83CEC3A041F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {C4B94A75-F57D-4D7A-BE96-FE8799297668} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {C73992D6-B510-451E-9AAE-316932BA5C2B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {C8EECC72-452E-4BBF-9396-C6D60B8F595E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {CADAE820-BB38-408B-BD52-7AC048AE3ED3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EF27F402-EE4D-4150-913A-FED3ECDA1570} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {F2B88467-CCAD-444B-B046-384FE278339E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {F77999E0-33CB-4D91-8A0A-94ED1245A704} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForSteven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-06-23 14:49 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll

2014-06-23 14:49 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll

2014-04-23 04:51 - 2014-04-23 04:51 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-04-17 14:40 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-01-20 17:16 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-01-20 20:37 - 2014-04-15 22:47 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-02-07 20:51 - 2013-07-30 18:16 - 00941992 _____ () C:\Windows\SysWOW64\WPShellExt64.dll

2014-04-23 04:52 - 2014-04-23 04:52 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-01-29 22:28 - 2014-07-27 16:34 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll

2014-01-29 22:27 - 2014-07-27 16:34 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll

2014-01-29 22:27 - 2014-07-27 16:34 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll

2014-01-29 22:27 - 2014-07-27 16:34 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll

2014-01-29 22:27 - 2014-07-27 16:34 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll

2014-01-29 22:27 - 2014-07-27 16:34 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll

2014-01-29 22:27 - 2014-07-27 16:34 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll

2014-01-29 22:27 - 2014-07-27 16:34 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

2014-05-14 23:11 - 2014-02-20 23:13 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll

2014-05-14 23:10 - 2013-12-29 20:20 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll

2014-05-14 23:10 - 2014-02-20 23:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2014-07-19 16:27 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-19 16:27 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

2014-07-19 16:27 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-19 16:27 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-19 16:27 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2014-07-19 16:27 - 2014-07-15 04:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Steven\Downloads:Shareaza.GUID

AlternateDataStreams: C:\Users\Steven\OneDrive:ms-properties

AlternateDataStreams: C:\Users\Steven\Desktop\aswMBR.exe:BDU

AlternateDataStreams: C:\Users\Steven\Desktop\FRST64.exe:BDU

AlternateDataStreams: C:\Users\Steven\Desktop\SecurityCheck.exe:BDU

AlternateDataStreams: C:\Users\Steven\Downloads\ccsetup415.exe:BDU

AlternateDataStreams: C:\Users\Steven\Downloads\ccsetup416.exe:BDU

AlternateDataStreams: C:\Users\Steven\Downloads\chromeinstall-7u65.exe:BDU

AlternateDataStreams: C:\Users\Steven\Downloads\HiJackThis.exe:BDU

AlternateDataStreams: C:\Users\Steven\Downloads\iExplorer_setup_3321.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/31/2014 03:27:11 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (07/31/2014 11:27:18 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a0

Start Time: 01cfacd33979068b

Termination Time: 74

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 87c8b807-18cf-11e4-bebe-a01d486f9043

Faulting package full name:

Faulting package-relative application ID:

Error: (07/31/2014 10:46:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 461500

Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 461500

Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2014 08:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12609

Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12609

Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (07/31/2014 10:11:02 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:00:53 AM on ‎7/‎31/‎2014 was unexpected.

Error: (07/29/2014 08:43:24 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:39:55 PM on ‎7/‎29/‎2014 was unexpected.

Error: (07/27/2014 04:30:58 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Error: (07/27/2014 04:31:24 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 4:22:45 PM on ‎7/‎27/‎2014 was unexpected.

Error: (07/23/2014 11:21:38 AM) (Source: DCOM) (EventID: 10001) (User: STEVE_EMMA)

Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (07/21/2014 03:47:10 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 5:56:28 PM on ‎7/‎20/‎2014 was unexpected.

Error: (07/18/2014 03:47:59 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:09:46 AM on ‎7/‎17/‎2014 was unexpected.

Error: (07/14/2014 09:48:21 AM) (Source: DCOM) (EventID: 10010) (User: Steve_Emma)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/14/2014 09:47:51 AM) (Source: DCOM) (EventID: 10010) (User: Steve_Emma)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/10/2014 05:11:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Microsoft Office Sessions:

=========================

Error: (07/31/2014 03:27:11 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (07/31/2014 11:27:18 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: IEXPLORE.EXE11.0.9600.17126a001cfacd33979068b74C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE87c8b807-18cf-11e4-bebe-a01d486f9043