14:55:43.982 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:43.982 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:58.047 Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11
14:55:58.308 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:56:56.731 Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
14:58:03.901 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
14:58:03.949 3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]
14:58:03.973 5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]
15:11:07.974 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:11:08.028 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:43.982 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:58.047 Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11
14:55:58.308 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:56:56.731 Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
14:58:03.901 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
14:58:03.949 3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]
14:58:03.973 5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]
15:11:07.974 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:11:08.028 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
15:23:54.442 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:23:54.497 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Steven (administrator) on STEVE_EMMA on 31-07-2014 15:30:20
Running from C:\Users\Steven\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2013-09-28] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-06-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-27] (Electronic Arts)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-20] (CyberLink Corp.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1002\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Steven\AppData\Local\Roblox\Versions\version-de8b84f90efc4ca5\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Wondershare Player) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdegagmpemadclljncealhmmkojfoam [2014-03-05]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (RealDownloader) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-05]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-05-14] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U3 aswMBR; \??\C:\Users\Steven\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Steven\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 15:30 - 2014-07-31 15:32 - 00022947 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-07-31 15:30 - 2014-07-31 15:30 - 00000000 ____D () C:\FRST
2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip
2014-07-31 15:11 - 2014-07-31 15:23 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat
2014-07-31 14:55 - 2014-07-31 15:23 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt
2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe
2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt
2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe
2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt
2014-07-29 18:05 - 2014-07-29 18:06 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log
2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe
2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe
2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC
2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-28 10:05 - 2014-07-28 10:06 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe
2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM
2014-07-21 15:50 - 2014-07-31 13:57 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-21 15:50 - 2014-07-31 13:57 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 16:09 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 16:09 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-19 16:09 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-19 16:09 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-19 16:07 - 2014-07-19 16:09 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe
2014-07-18 15:57 - 2014-07-18 15:57 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 22:33 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe
2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 12:23 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-09 15:14 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 15:14 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 15:14 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 15:14 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 15:14 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 15:14 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 15:14 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 15:14 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 15:14 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 15:14 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 15:14 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 15:14 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 15:14 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 15:14 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 15:12 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 15:12 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 15:12 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 15:12 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 15:12 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 15:12 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 15:12 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 15:12 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 15:12 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 15:12 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 15:12 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 15:12 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 15:12 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 15:12 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 15:12 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 15:12 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 15:12 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 15:12 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 15:12 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 15:12 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 15:12 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 15:12 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 15:12 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 15:11 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 15:11 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 15:11 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 15:11 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 15:11 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 15:11 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 15:11 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 15:11 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 15:11 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 15:11 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:11 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 15:11 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 15:11 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:11 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 15:11 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 15:11 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 15:11 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 15:11 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 15:11 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 15:11 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover
2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 15:32 - 2014-07-31 15:30 - 00022947 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-07-31 15:30 - 2014-07-31 15:30 - 00000000 ____D () C:\FRST
2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-07-31 15:23 - 2014-07-31 15:11 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat
2014-07-31 15:23 - 2014-07-31 14:55 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt
2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip
2014-07-31 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 14:49 - 2014-01-27 20:31 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 13:57 - 2014-07-21 15:50 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-31 13:57 - 2014-07-21 15:50 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe
2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt
2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe
2014-07-31 11:22 - 2014-01-20 17:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-31 10:19 - 2014-05-14 23:37 - 00000000 ____D () C:\Users\Steven\Documents\Youcam
2014-07-31 10:15 - 2014-01-27 20:32 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-31 10:15 - 2014-01-27 20:31 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 10:13 - 2014-04-18 19:48 - 00000000 __RDO () C:\Users\Steven\OneDrive
2014-07-31 10:13 - 2014-01-26 12:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-31 10:11 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-30 11:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-29 18:36 - 2014-01-21 19:56 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-07-29 18:36 - 2014-01-21 19:56 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt
2014-07-29 18:06 - 2014-07-29 18:05 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log
2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe
2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe
2014-07-28 20:27 - 2014-04-23 14:26 - 00003174 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSteven
2014-07-28 20:27 - 2014-04-23 14:26 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSteven.job
2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC
2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-28 10:06 - 2014-07-28 10:05 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe
2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM
2014-07-27 16:06 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Emma\Documents\Youcam
2014-07-26 21:33 - 2014-04-30 02:04 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6097E0FD-3026-4BE4-8674-626F2B3EC1DF}
2014-07-26 21:31 - 2014-06-21 14:39 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\HpUpdate
2014-07-25 18:33 - 2014-01-20 22:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1005
2014-07-23 11:26 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 15:56 - 2014-06-20 10:42 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 15:47 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Steven
2014-07-19 16:10 - 2014-06-07 20:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 16:09 - 2014-07-19 16:07 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 16:09 - 2014-06-07 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe
2014-07-18 15:57 - 2014-07-18 15:57 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-07-18 15:48 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Emma
2014-07-17 07:39 - 2014-05-04 15:24 - 00001415 _____ () C:\Users\Emma\Desktop\ROBLOX Player.lnk
2014-07-17 07:39 - 2014-04-18 11:57 - 00001230 _____ () C:\Users\Emma\Desktop\ROBLOX Studio 2013.lnk
2014-07-17 07:39 - 2014-04-18 11:57 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 22:36 - 2014-07-15 22:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 22:33 - 2014-04-18 21:49 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe
2014-07-14 10:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-11 03:02 - 2014-07-19 16:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-19 16:09 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-10 14:59 - 2013-08-22 09:44 - 00483160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 14:57 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 12:31 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:31 - 2014-01-20 21:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 12:26 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 12:25 - 2014-01-20 21:11 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover
2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens
2014-07-03 23:40 - 2014-02-07 20:51 - 00000000 ____D () C:\ProgramData\Wondershare Player
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-31 14:02
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Steven at 2014-07-31 15:35:27
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.6.7225 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.6.3728 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.5108 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet 4630 series Basic Device Software (HKLM\...\{1EEDD93E-B341-4353-92D6-9A009443C91A}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{1A6CF6FE-7573-44F3-8C56-0F4E469D1791}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
ROBLOX Player for Steven (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Steven (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.13.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.13.0 - WonderShare Software Co.,Ltd.)
Wondershare Player(Build 1.6.0) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
08-07-2014 22:16:30 Removed Walgreens PictureMover.
19-07-2014 21:05:49 Installed Java 7 Update 65
30-07-2014 16:35:48 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {158B64B1-639C-4045-88D9-B5DB968A7209} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {17971E72-AA3C-458C-8FCF-203BDFA0F6C0} - System32\Tasks\HPCeeScheduleForSteven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1D275DFA-6814-43FD-8C33-CD3175A2D172} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {26D583AD-C46E-4BE7-B98C-11E422B7AF2D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-05-14] (Synaptics Incorporated)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EB70B7F-3D21-4629-BA64-0D5E7C24ECE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {32B69CF1-F155-416A-A514-7D89DE8E8738} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4308C5F9-050D-4A92-88A3-34D3489AD760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B132DC5-1D23-4A16-9B34-C26BEB19686B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-15] (Microsoft Corporation)
Task: {594E20E3-EFFD-429C-8671-99A4ABB7F2AA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-03-05] (Realtek Semiconductor)
Task: {69E67878-C797-47F4-AA95-334C380C5045} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8945BC5A-1B41-43E0-A8C7-66DF6479BAE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {8A951EBD-A8AC-4E80-B3BC-D14D538ABDCA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8B4A4FCA-FB16-43E7-A44E-DB0654F50CFB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A51007B9-E9F3-4D7D-B00E-93B10EAAFE7E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {BE18A5C6-A81D-4A53-8C44-C83CEC3A041F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C4B94A75-F57D-4D7A-BE96-FE8799297668} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C73992D6-B510-451E-9AAE-316932BA5C2B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C8EECC72-452E-4BBF-9396-C6D60B8F595E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CADAE820-BB38-408B-BD52-7AC048AE3ED3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF27F402-EE4D-4150-913A-FED3ECDA1570} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {F2B88467-CCAD-444B-B046-384FE278339E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {F77999E0-33CB-4D91-8A0A-94ED1245A704} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSteven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2014-06-23 14:49 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-06-23 14:49 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-04-23 04:51 - 2014-04-23 04:51 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-17 14:40 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-20 17:16 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-20 20:37 - 2014-04-15 22:47 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-07 20:51 - 2013-07-30 18:16 - 00941992 _____ () C:\Windows\SysWOW64\WPShellExt64.dll
2014-04-23 04:52 - 2014-04-23 04:52 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-29 22:28 - 2014-07-27 16:34 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-05-14 23:11 - 2014-02-20 23:13 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-05-14 23:10 - 2013-12-29 20:20 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-05-14 23:10 - 2014-02-20 23:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Steven\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Steven\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Steven\Desktop\aswMBR.exe:BDU
AlternateDataStreams: C:\Users\Steven\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Steven\Desktop\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\ccsetup415.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\ccsetup416.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\chromeinstall-7u65.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\HiJackThis.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\iExplorer_setup_3321.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 03:27:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/31/2014 11:27:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a0
Start Time: 01cfacd33979068b
Termination Time: 74
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 87c8b807-18cf-11e4-bebe-a01d486f9043
Faulting package full name:
Faulting package-relative application ID:
Error: (07/31/2014 10:46:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 461500
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 461500
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2014 08:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12609
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12609
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (07/31/2014 10:11:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:00:53 AM on 7/31/2014 was unexpected.
Error: (07/29/2014 08:43:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:39:55 PM on 7/29/2014 was unexpected.
Error: (07/27/2014 04:30:58 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (07/27/2014 04:31:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:22:45 PM on 7/27/2014 was unexpected.
Error: (07/23/2014 11:21:38 AM) (Source: DCOM) (EventID: 10001) (User: STEVE_EMMA)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable
Error: (07/21/2014 03:47:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:56:28 PM on 7/20/2014 was unexpected.
Error: (07/18/2014 03:47:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:46 AM on 7/17/2014 was unexpected.
Error: (07/14/2014 09:48:21 AM) (Source: DCOM) (EventID: 10010) (User: Steve_Emma)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/14/2014 09:47:51 AM) (Source: DCOM) (EventID: 10010) (User: Steve_Emma)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/10/2014 05:11:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
Microsoft Office Sessions:
=========================
Error: (07/31/2014 03:27:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (07/31/2014 11:27:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17126a001cfacd33979068b74C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE87c8b807-18cf-11e4-bebe-a01d486f9043
Error: (07/31/2014 10:46:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 461500
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 461500
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2014 08:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12609
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12609
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 3682.26 MB
Available physical RAM: 1762.88 MB
Total Pagefile: 5154.26 MB
Available Pagefile: 2578 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:274.93 GB) (Free:194.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1E1F4777)
Partition: GPT Partition Type.
==================== End Of Log ============================