1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Health Alert Pop Up- unable to remove

Discussion in 'Virus & Other Malware Removal' started by FastFifty, Apr 13, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    Hi there. I am trying to get rid of these horrible "health alert" pop ups and links that are taking over my moms computer. It is affecting Google Chrome and IE. I have tried removing the program through the control panel, I have tried disabling extensions, settings, I uninstalled and reinstalled Google Chrome to no avail.... I just downloaded Spybot search and destroy, although the scan turned up a TON of items needing fixing (one of them with a high risk rating), i am STILL having these annoying popups and its extremely frustrating. I would be so grateful if you can help me remove this virus/adware.


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
    Processor Count: 4
    RAM: 3532 Mb
    Graphics Card: AMD Radeon HD 8400, 512 Mb
    Hard Drives: C: Total - 937222 MB, Free - 867406 MB; D: Total - 15128 MB, Free - 1841 MB;
    Motherboard: Hewlett-Packard, 2B05
    Antivirus: Windows Defender, Disabled
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello and welcome to TSG,

    Use the instructions in the following link to show hidden files:

    http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

    Next,

    Uninstall Spybot search and destroy

    Next,

    Run the following scans and post the produced logs:

    Step 1

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Step 2

    Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

    • Quit all running programs.
    • For Windows XP, double-click to start.
    • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
    • Read and accept the EULA (End User Licene Agreement)
    • Click Scan to scan the system.
    • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
    • Post back the report which should also be located here:

    C:\Programdata\RogueKiller\Logs <-------- W7/8
    C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

    Thank you,

    Kevin...
     
  3. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    Here are the logs from the Farbar scan tool.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
    Ran by clarence (administrator) on CATHY-CLARENCE on 14-04-2015 15:29:08
    Running from C:\Users\clarence\Downloads
    Loaded Profiles: clarence (Available profiles: clarence)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    () C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    () C:\Windows\rcore.exe
    (MicroTools) C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe
    (Rational Thought Solutions) C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    () C:\Program Files (x86)\Optimizer Pro 3.79\OptProSmartScan.exe
    () C:\Program Files (x86)\Optimizer Pro 3.79\OptProReminder.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIEE.EXE
    (FUJIFILM Corporation) C:\Program Files\FinePixViewerS\QuickDCF2.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUpd.exe
    (Farbar) C:\Users\clarence\Downloads\FRST64 (1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13663448 2014-01-13] (Realtek Semiconductor)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [718248 2015-02-11] (McAfee, Inc.)
    HKLM-x32\...\Run: [gmsd_ca_38] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2014-12-04] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Run: [BearShare] => "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [148008 2015-04-08] ()
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Policies\Explorer: [NoControlPanel] 0
    AppInit_DLLs-x32: c:/progra~3/{e6d50~1/171~1.0/ceta.dll => "c:\progra~3\{e6d50~1\171~1.0\ceta.dll" File Not Found
    AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
    ShortcutTarget: Exif Launcher S.lnk -> C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\clarence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
    ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{8af46f50-e9a8-98a0-8af4-46f50e9abd43}\hqghumeaylnlf.exe (PC Utilities Software Limited)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:54974;https=127.0.0.1:54974
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyD0D0AtC0D0EzztBtBzztBtN0D0Tzu0StCtDzyzztN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyEtDtA0FzztBtAtG0AtByE0CtGzy0A0CtCtGyByE0A0DtGtAtCyCtDtA0CtAtCtD0E0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCtBzy0DtDzzyBtGyD0E0F0CtGyE0AtDyEtG0ByD0DyCtGyD0FtCzyzz0C0FtDtDyD0EtD2Q&cr=587518245&ir=
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM -> {92F4845E-5F40-4FB6-82C8-EE0C613CDE73} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM-x32 -> {92F4845E-5F40-4FB6-82C8-EE0C613CDE73} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> DefaultScope {0F3E5F15-1B6C-47FA-95BD-45D1A895F913} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA0D20141025&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyD0D0AtC0D0EzztBtBzztBtN0D0Tzu0StCtDzyzztN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyEtDtA0FzztBtAtG0AtByE0CtGzy0A0CtCtGyByE0A0DtGtAtCyCtDtA0CtAtCtD0E0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCtBzy0DtDzzyBtGyD0E0F0CtGyE0AtDyEtG0ByD0DyCtGyD0FtCzyzz0C0FtDtDyD0EtD2Q&cr=587518245&ir=
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {0F3E5F15-1B6C-47FA-95BD-45D1A895F913} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA0D20141025&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {92F4845E-5F40-4FB6-82C8-EE0C613CDE73} URL =
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-02] (Microsoft Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-02] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Toolbar: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-02] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-03-03] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-02] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2014-12-01] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-194837296-4037038390-1075605202-1001: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-10-25]
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-25]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.ca/
    CHR StartupUrls: Default -> "hxxp://www.google.ca/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
    CHR Extension: (Google Wallet) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
    CHR Profile: C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
    CHR Extension: (Google Docs) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
    CHR Extension: (Google Drive) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]
    CHR Extension: (YouTube) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
    CHR Extension: (Nimbus Screenshot) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-12-06]
    CHR Extension: (Google Search) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
    CHR Extension: (Google Sheets) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
    CHR Extension: (SiteAdvisor) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-15]
    CHR Extension: (Nimbus Screen Capture App) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gooiepmnbooemimlnlbijlfoofgjnngn [2014-12-06]
    CHR Extension: (Pin It Button) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-23]
    CHR Extension: (Google Wallet) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
    CHR Extension: (Gmail) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-13]
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-13]
    CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 5d9df4c6; c:\Program Files (x86)\Optimizer Pro 3.79\OptProMon.dll [2313768 2015-04-14] ()
    R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
    R2 DZdoNHWKoS; C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe [2734464 2015-01-04] (Rational Thought Solutions)
    R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 EZ Software Updater; C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe [220672 2014-09-07] () [File not signed] <==== ATTENTION
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-08] (WildTangent)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-10] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [752232 2015-03-03] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [605472 2015-02-27] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)
    R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
    R2 rcores; C:\windows\rcore.exe [4686336 2014-12-29] () [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-13] (Realtek Semiconductor)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-04] (Fuyu LIMITED) [File not signed]
    R2 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [2968696 2014-12-13] (MicroTools)
    S2 Update ResultsBay; "C:\Program Files (x86)\ResultsBay\updateResultsBay.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-02-28] (McAfee, Inc.)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
    S1 wpnfd_1_10_0_1; system32\drivers\wpnfd_1_10_0_1.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 15:29 - 2015-04-14 15:30 - 00029372 _____ () C:\Users\clarence\Downloads\FRST.txt
    2015-04-14 15:28 - 2015-04-14 15:29 - 00000000 ____D () C:\FRST
    2015-04-14 15:27 - 2015-04-14 15:27 - 01136128 _____ (Farbar) C:\Users\clarence\Downloads\FRST.exe
    2015-04-14 15:25 - 2015-04-14 15:26 - 00001500 _____ () C:\Users\clarence\Desktop\FRST64.exe - Shortcut.lnk
    2015-04-14 15:25 - 2015-04-14 15:25 - 02096640 _____ (Farbar) C:\Users\clarence\Downloads\FRST64 (1).exe
    2015-04-14 15:24 - 2015-04-14 15:24 - 02096640 _____ (Farbar) C:\Users\clarence\Downloads\FRST64.exe
    2015-04-14 10:31 - 2015-04-14 10:31 - 00003278 _____ () C:\windows\System32\Tasks\Optimizer Pro Schedule
    2015-04-14 10:31 - 2015-04-14 10:31 - 00000000 ____D () C:\Users\clarence\Documents\Optimizer Pro
    2015-04-14 10:31 - 2015-04-14 10:31 - 00000000 ____D () C:\Users\clarence\AppData\Roaming\Optimizer Pro
    2015-04-14 10:30 - 2015-04-14 15:22 - 00000000 ____D () C:\ProgramData\{8af46f50-e9a8-98a0-8af4-46f50e9abd43}
    2015-04-14 10:30 - 2015-04-14 10:30 - 00001118 _____ () C:\Users\clarence\Desktop\Optimizer Pro.lnk
    2015-04-14 10:30 - 2015-04-14 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
    2015-04-14 10:30 - 2015-04-14 10:30 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.79
    2015-04-13 18:41 - 2015-04-13 18:41 - 00509440 _____ (Tech Support Guy System) C:\Users\clarence\Downloads\SysInfo.exe
    2015-04-13 18:22 - 2015-04-14 15:19 - 00000155 _____ () C:\windows\wininit.ini
    2015-04-13 16:39 - 2015-04-14 15:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-04-13 16:39 - 2015-04-14 15:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-04-13 16:39 - 2015-04-13 16:39 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
    2015-04-13 16:38 - 2015-04-13 16:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\clarence\Downloads\spybot-2.4.exe
    2015-04-10 20:05 - 2015-04-14 15:21 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-10 20:05 - 2015-04-14 15:10 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-10 20:05 - 2015-04-13 20:38 - 00001107 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-10 20:05 - 2015-04-10 20:05 - 00003904 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-04-10 20:05 - 2015-04-10 20:05 - 00003668 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-04-10 20:05 - 2015-04-10 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-04-10 10:47 - 2015-04-10 10:47 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2015-04-10 10:47 - 2015-04-10 10:47 - 00002074 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2015-04-02 07:39 - 2015-04-09 16:05 - 00000364 _____ () C:\Users\clarence\Sti_Trace.log
    2015-04-01 19:40 - 2015-04-01 19:40 - 00000953 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
    2015-04-01 19:40 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\windows\system32\esxw2ud.dll
    2015-04-01 19:40 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\windows\system32\escsvc64.exe
    2015-04-01 19:39 - 2015-04-01 19:39 - 00000000 ____D () C:\Program Files (x86)\epson
    2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
    2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
    2015-04-01 12:05 - 2015-02-28 01:10 - 00076064 _____ (McAfee, Inc.) C:\windows\system32\Drivers\McPvDrv.sys
    2015-04-01 12:04 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
    2015-03-31 16:14 - 2015-03-31 16:14 - 00002229 _____ () C:\Users\clarence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-03-31 16:14 - 2015-03-31 16:14 - 00002119 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-03-31 16:14 - 2015-03-31 16:14 - 00002119 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-03-31 16:14 - 2015-03-31 16:14 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
    2015-03-31 16:14 - 2015-03-31 16:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
    2015-03-31 16:09 - 2015-04-02 07:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-31 16:09 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-03-27 10:47 - 2015-03-27 10:47 - 00000000 ___SD () C:\windows\SysWOW64\GWX
    2015-03-27 10:47 - 2015-03-27 10:47 - 00000000 ___SD () C:\windows\system32\GWX
    2015-03-27 10:45 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
    2015-03-27 10:45 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
    2015-03-25 16:20 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-03-25 16:20 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-03-25 16:20 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-03-25 16:20 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-03-25 16:20 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-03-25 16:20 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-03-25 16:20 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-03-25 16:08 - 2015-03-25 16:08 - 00282992 _____ () C:\windows\Minidump\032515-17171-01.dmp
    2015-03-25 10:54 - 2015-03-25 10:55 - 00282992 _____ () C:\windows\Minidump\032515-17265-01.dmp
    2015-03-23 21:42 - 2015-03-23 21:42 - 00000000 ____D () C:\ProgramData\ATI
    2015-03-23 21:33 - 2015-03-23 21:34 - 00000000 ____D () C:\Program Files\AMD Quick Stream
    2015-03-23 21:33 - 2015-03-23 21:33 - 00058610 _____ () C:\windows\SysWOW64\CCCInstall_201503232133244780.log
    2015-03-23 21:33 - 2015-03-23 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
    2015-03-23 21:33 - 2015-03-23 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2015-03-23 21:33 - 2015-03-23 21:33 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2015-03-23 21:33 - 2014-10-28 14:24 - 00229056 _____ (AppEx Networks Corporation) C:\windows\system32\Drivers\appexDrv.sys
    2015-03-23 21:27 - 2015-03-23 21:27 - 00000000 ____D () C:\Program Files (x86)\AMD

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 15:29 - 2015-01-04 04:17 - 00000334 _____ () C:\windows\Tasks\Voo Update.job
    2015-04-14 15:27 - 2015-01-04 08:28 - 00000000 ____D () C:\Users\clarence\AppData\Local\HealthAlert
    2015-04-14 15:26 - 2014-09-27 15:25 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CBEB180B-0C14-4504-A42C-A4E0CCBAB19C}
    2015-04-14 15:26 - 2014-09-27 13:18 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-194837296-4037038390-1075605202-1001
    2015-04-14 15:26 - 2014-04-02 15:15 - 00825254 _____ () C:\windows\system32\perfh00C.dat
    2015-04-14 15:26 - 2014-04-02 15:15 - 00186674 _____ () C:\windows\system32\perfc00C.dat
    2015-04-14 15:26 - 2013-08-24 17:38 - 01889418 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-04-14 15:25 - 2014-09-27 15:24 - 02095149 _____ () C:\windows\WindowsUpdate.log
    2015-04-14 15:24 - 2014-10-25 11:22 - 00000000 __RSD () C:\Users\clarence\Documents\McAfee Vaults
    2015-04-14 15:23 - 2015-01-04 09:26 - 00000000 ___HD () C:\Users\Public\Temp
    2015-04-14 15:21 - 2015-01-03 21:47 - 00002476 _____ () C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5_user.job
    2015-04-14 15:21 - 2015-01-03 21:47 - 00002476 _____ () C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.job
    2015-04-14 15:21 - 2015-01-03 21:46 - 00005548 _____ () C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.job
    2015-04-14 15:21 - 2015-01-03 21:46 - 00005212 _____ () C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.job
    2015-04-14 15:21 - 2015-01-03 21:46 - 00004188 _____ () C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.job
    2015-04-14 15:21 - 2015-01-03 21:46 - 00003154 _____ () C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-1.job
    2015-04-14 15:21 - 2015-01-03 21:46 - 00001798 _____ () C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-10_user.job
    2015-04-14 15:21 - 2014-09-27 22:34 - 00000000 ___DO () C:\Users\clarence\SkyDrive
    2015-04-14 15:20 - 2013-08-24 17:32 - 00161906 _____ () C:\windows\PFRO.log
    2015-04-14 15:20 - 2013-08-22 10:46 - 00023263 _____ () C:\windows\setupact.log
    2015-04-14 15:20 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-04-14 15:19 - 2013-08-22 09:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-04-14 15:08 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
    2015-04-14 12:22 - 2013-08-22 11:20 - 00000000 ____D () C:\windows\CbsTemp
    2015-04-14 07:18 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\FxsTmp
    2015-04-13 18:03 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
    2015-04-13 13:19 - 2014-09-29 06:46 - 00003194 _____ () C:\windows\System32\Tasks\HPCeeScheduleForclarence
    2015-04-13 13:19 - 2014-09-29 06:46 - 00000374 _____ () C:\windows\Tasks\HPCeeScheduleForclarence.job
    2015-04-12 15:57 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2015-04-12 07:52 - 2014-09-28 13:22 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
    2015-04-12 07:50 - 2014-09-28 13:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-04-10 20:05 - 2014-10-04 18:45 - 00000000 ____D () C:\Users\clarence\AppData\Local\Deployment
    2015-04-10 20:05 - 2014-10-04 18:45 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-04-10 10:48 - 2014-12-27 11:40 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2015-04-10 10:47 - 2014-10-26 18:35 - 00000000 ____D () C:\ProgramData\Adobe
    2015-04-10 10:47 - 2014-10-26 18:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-04-06 16:43 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\LiveKernelReports
    2015-04-04 14:14 - 2015-01-04 09:33 - 00000000 ____D () C:\ProgramData\1887373585
    2015-04-04 06:12 - 2014-09-27 15:25 - 00000000 ____D () C:\Users\clarence
    2015-04-04 06:11 - 2013-08-22 10:44 - 00485448 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-04-03 07:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-04-01 19:40 - 2015-01-08 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2015-04-01 12:04 - 2014-10-25 11:15 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2015-04-01 12:03 - 2013-08-22 11:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2015-03-31 16:09 - 2014-09-27 15:25 - 00000000 ____D () C:\Users\clarence\AppData\Local\VirtualStore
    2015-03-26 20:52 - 2014-12-13 20:30 - 00000000 ____D () C:\windows\system32\appraiser
    2015-03-26 20:52 - 2014-10-02 18:03 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-03-26 07:57 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\NDF
    2015-03-25 17:37 - 2014-04-02 14:20 - 00065536 _____ () C:\windows\system32\spu_storage.bin
    2015-03-25 17:35 - 2014-12-31 09:11 - 00000000 ____D () C:\Program Files (x86)\Raptr
    2015-03-25 17:34 - 2014-04-02 14:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
    2015-03-25 17:34 - 2014-04-02 14:43 - 00000000 ____D () C:\Program Files (x86)\CyberLink
    2015-03-25 17:34 - 2014-04-02 14:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-03-25 16:08 - 2014-10-07 06:39 - 00000000 ____D () C:\windows\Minidump
    2015-03-25 16:08 - 2014-10-07 06:38 - 382940531 _____ () C:\windows\MEMORY.DMP
    2015-03-23 21:33 - 2014-09-30 19:09 - 00000000 ____D () C:\ProgramData\AMD
    2015-03-23 21:32 - 2014-09-30 19:07 - 00000000 ____D () C:\Program Files\AMD
    2015-03-23 21:31 - 2014-09-30 19:02 - 00000000 ____D () C:\Program Files\ATI Technologies
    2015-03-23 21:27 - 2013-08-24 17:59 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-03-23 21:25 - 2014-09-28 14:53 - 00000000 ____D () C:\AMD

    ==================== Files in the root of some directories =======

    2015-01-04 09:17 - 2015-01-04 09:17 - 0000046 _____ () C:\Users\clarence\AppData\Roaming\WB.CFG

    Some content of TEMP:
    ====================
    C:\Users\clarence\AppData\Local\Temp\optprosetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-07 04:33

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015
    Ran by clarence at 2015-04-14 15:31:13
    Running from C:\Users\clarence\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks)
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version: - SEIKO EPSON Corporation)
    EZ Software Updater version 1.2.0.4 (HKLM-x32\...\EZ Software Updater_is1) (Version: 1.2.0.4 - )
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
    FUJIFILM FinePixViewer S Ver.2.1 (HKLM-x32\...\{88B32652-CAE0-4909-A463-5840D2689D93}) (Version: 2.1.0.3 - FUJIFILM Corporation)
    Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
    Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7135 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.206 - McAfee, Inc.)
    Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    13-03-2015 08:33:03 Windows Update
    23-03-2015 21:11:58 Windows Update
    25-03-2015 17:32:41 Configured LabelPrint
    01-04-2015 19:36:01 Installed Software Updater
    10-04-2015 10:45:35 McAfee Vulnerability Scanner

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02A2D9C9-6731-4AF9-B0E2-CE3AC2CE0EB0} - System32\Tasks\Voo Update => C:\Users\clarence\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {071F36A9-84F3-4AC6-8DFC-9D719E64E13D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
    Task: {093247C9-2ABB-4BFF-AA97-DA38D5EB6994} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
    Task: {13D8A4A6-ECA1-4FAD-9FEC-C117439B25CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1412AA6F-848B-45E1-BBFD-2DA33014AEE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {17578367-98CF-41F8-A525-38DD36915201} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-3 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.exe <==== ATTENTION
    Task: {2C369365-B4A9-478E-AA0C-E390651A55F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
    Task: {2CFC2894-9553-46C7-AA7A-82D2AD983FD7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-02] (Microsoft Corporation)
    Task: {346E0415-D823-4E88-9B58-B97DE97972CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
    Task: {367EA950-7BDC-4F09-80EE-A3B1CFF557E7} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-1 => C:\Program Files (x86)\HQVideo-2.9dV02.01\HQVideo-2.9dV02.01-codedownloader.exe <==== ATTENTION
    Task: {382A49DD-70B6-4386-B788-03590E69DA17} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5_user => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: {38824507-6158-4CF5-8148-663B5D9B107C} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: {41D0C4A8-2634-45DF-9CAB-187F08D1B39E} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {4CFBEAE9-8B6D-47DE-A009-037E7F5108EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {50807405-E56A-4909-9328-1E5B8059B947} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {509FD816-7D17-4C81-9C88-FB2AEA69CC2C} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [2015-04-08] () <==== ATTENTION
    Task: {59CDCFCA-208F-47BA-B286-E64C7390812D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {60315667-8BF3-4684-80D5-DADF2A1E8AA5} - System32\Tasks\HPCeeScheduleForclarence => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {6198ACD4-B879-4705-951E-51534907086C} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-6 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.exe <==== ATTENTION
    Task: {64BD76E1-91CB-4545-89E6-1998311C6023} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {6A61C6D5-DFD7-40E9-8EBF-5C8949D539DF} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-10_user => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-10.exe <==== ATTENTION
    Task: {6A6741B5-589C-4E64-A1FD-81FF522E4928} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
    Task: {86C50E60-FDDA-44F6-B4EA-C1E1F3628ED2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {94C89049-54CA-40B5-A4D0-77D99A5960BC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {9DBF7BEA-EE51-4AB6-A7D9-6AD9FB4546A8} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-7 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.exe <==== ATTENTION
    Task: {A24BDECE-B98D-48ED-A2C8-0063A0206E6A} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {BAD72240-0480-4FE3-A674-5CAAE30B3456} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {C64B0F05-A325-49B3-9BF7-FBD1B6987FFE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {C7EC989B-3CB1-4D88-968B-20E6E81A54FB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {E64DFD27-4FCC-477D-BE58-16AE184D1AF2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {FF9942B0-318F-4A60-B527-83042A6E66AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-1.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\HQVideo-2.9dV02.01-codedownloader.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-10_user.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-10.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5_user.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\HPCeeScheduleForclarence.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\windows\Tasks\Voo Update.job => C:\Users\clarence\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2013-09-05 06:22 - 2013-09-05 06:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-09-05 06:24 - 2013-09-05 06:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-09-05 06:24 - 2013-09-05 06:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-09-05 06:21 - 2013-09-05 06:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-09-05 06:21 - 2013-09-05 06:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-09-05 06:21 - 2013-09-05 06:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-09-05 06:36 - 2013-09-05 06:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-09-05 06:36 - 2013-09-05 06:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2015-04-02 07:53 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-02-06 21:07 - 2014-09-07 14:59 - 00220672 _____ () C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe
    2015-01-04 09:23 - 2014-12-29 11:13 - 04686336 _____ () C:\windows\rcore.exe
    2015-04-02 07:55 - 2015-04-02 07:55 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-04-14 10:30 - 2015-04-08 13:47 - 00422952 _____ () C:\Program Files (x86)\Optimizer Pro 3.79\OptProSmartScan.exe
    2015-04-14 10:30 - 2015-04-08 13:47 - 00892968 _____ () C:\Program Files (x86)\Optimizer Pro 3.79\OptProReminder.exe
    2013-09-05 06:31 - 2013-09-05 06:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2015-04-14 10:30 - 2015-04-14 10:30 - 02313768 _____ () c:\Program Files (x86)\Optimizer Pro 3.79\OptProMon.dll
    2014-10-22 18:00 - 2007-03-05 09:22 - 00081920 _____ () C:\Program Files\FinePixViewerS\wia_register_event.dll
    2015-04-10 20:05 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
    2015-04-10 20:05 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
    2014-04-02 14:43 - 2013-08-05 03:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-04-10 20:05 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
    2015-04-10 20:05 - 2015-03-30 17:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\clarence\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\clarence\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dscf0101.jpg
    DNS Servers: 192.168.1.254 - 75.153.176.9

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\StartupApproved\Run: => "BearShare"
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\StartupApproved\Run: => "Super Optimizer"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-194837296-4037038390-1075605202-500 - Administrator - Disabled)
    clarence (S-1-5-21-194837296-4037038390-1075605202-1001 - Administrator - Enabled) => C:\Users\clarence
    Guest (S-1-5-21-194837296-4037038390-1075605202-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-194837296-4037038390-1075605202-1003 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/14/2015 01:13:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (04/14/2015 01:13:59 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {00B6B608-B26A-4206-808D-52F11DBAD103}

    Error: (04/14/2015 01:13:58 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {00B6B608-B26A-4206-808D-52F11DBAD103}

    Error: (04/14/2015 11:59:43 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: MSHTML.dll, version: 11.0.9600.17690, time stamp: 0x54e7d023
    Exception code: 0xc0000005
    Fault offset: 0x00407d0b
    Faulting process id: 0x1460
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (04/14/2015 09:32:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: MSHTML.dll, version: 11.0.9600.17690, time stamp: 0x54e7d023
    Exception code: 0xc0000005
    Fault offset: 0x00407d0b
    Faulting process id: 0x16c4
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (04/13/2015 08:45:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: MSHTML.dll, version: 11.0.9600.17690, time stamp: 0x54e7d023
    Exception code: 0xc0000005
    Fault offset: 0x00407d0b
    Faulting process id: 0x1240
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (04/13/2015 06:38:40 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (04/13/2015 04:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b34

    Start Time: 01d0762a4094f0aa

    Termination Time: 10

    Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    Report Id: b22d7489-e21e-11e4-82d7-40a8f03ce9c0

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/13/2015 04:35:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: MSHTML.dll, version: 11.0.9600.17690, time stamp: 0x54e7d023
    Exception code: 0xc0000005
    Fault offset: 0x00407d0b
    Faulting process id: 0x210c
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (04/13/2015 01:14:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936


    System errors:
    =============
    Error: (04/14/2015 03:20:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update ResultsBay service failed to start due to the following error:
    %%2

    Error: (04/14/2015 03:19:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062

    Error: (04/14/2015 01:22:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 5 time(s).

    Error: (04/14/2015 11:31:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 4 time(s).

    Error: (04/14/2015 09:06:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).

    Error: (04/14/2015 02:11:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).

    Error: (04/14/2015 02:06:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    %%1

    Error: (04/13/2015 09:35:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/13/2015 08:47:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update ResultsBay service failed to start due to the following error:
    %%2

    Error: (04/13/2015 08:46:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062


    Microsoft Office Sessions:
    =========================
    Error: (04/14/2015 01:13:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (04/14/2015 01:13:59 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {00B6B608-B26A-4206-808D-52F11DBAD103}

    Error: (04/14/2015 01:13:58 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {00B6B608-B26A-4206-808D-52F11DBAD103}

    Error: (04/14/2015 11:59:43 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.1769054e7d023c000000500407d0b146001d076cb6ff56e99C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dll436d6727-e2bf-11e4-82d8-40a8f03ce9c0

    Error: (04/14/2015 09:32:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.1769054e7d023c000000500407d0b16c401d076b75bb96507C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dllc33fe18a-e2aa-11e4-82d8-40a8f03ce9c0

    Error: (04/13/2015 08:45:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.1769054e7d023c000000500407d0b124001d0764c388d4156C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dll82be5c52-e23f-11e4-82d7-40a8f03ce9c0

    Error: (04/13/2015 06:38:40 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: -2147024883

    Error: (04/13/2015 04:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SDScan.exe2.4.40.181b3401d0762a4094f0aa10C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeb22d7489-e21e-11e4-82d7-40a8f03ce9c0

    Error: (04/13/2015 04:35:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.1769054e7d023c000000500407d0b210c01d076294b430b59C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dll975f029c-e21c-11e4-82d7-40a8f03ce9c0

    Error: (04/13/2015 01:14:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936


    ==================== Memory info ===========================

    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
    Percentage of memory in use: 55%
    Total physical RAM: 3532.01 MB
    Available physical RAM: 1559.68 MB
    Total Pagefile: 7116.01 MB
    Available Pagefile: 4776.55 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:915.26 GB) (Free:846.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:14.77 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: A1A27D22)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================




    I will run the Rouge Tool and post the logs next
     
  4. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    And here is the Rouge Killer report.

    RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : clarence [Administrator]
    Started from : C:\Users\clarence\Downloads\RogueKiller.exe
    Mode : Scan -- Date : 04/14/2015 15:54:54

    ¤¤¤ Processes : 4 ¤¤¤
    [PUP] ProtectWindowsManager.exe(1432) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[-] -> Killed [TermProc]
    [Suspicious.Path|Proc.Injected] rcore.exe(2160) -- C:\windows\rcore.exe[-] -> Killed [TermProc]
    [Suspicious.Path] DZdoNHWKoS.exe(2444) -- C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe[7] -> Killed [TermProc]
    [PUP] (SVC) EZ Software Updater -- C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe[-] -> Stopped

    ¤¤¤ Registry : 30 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} -> Found
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-21-194837296-4037038390-1075605202-1001\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-194837296-4037038390-1075605202-1001\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DZdoNHWKoS ("C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe") -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EZ Software Updater (C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rcores (C:\windows\rcore.exe) -> Found
    [PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DZdoNHWKoS ("C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe") -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EZ Software Updater (C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcores (C:\windows\rcore.exe) -> Found
    [PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54974;https=127.0.0.1:54974 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54974;https=127.0.0.1:54974 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54974;https=127.0.0.1:54974 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54974;https=127.0.0.1:54974 -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.9 [-][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.9 [-][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{207D121A-040B-4C91-A88B-681C45A2F95A} | DhcpNameServer : 192.168.1.254 75.153.176.9 [-][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F6551621-8854-4B09-BF73-91DB0A661F70} | DhcpNameServer : 192.168.1.254 75.153.176.9 [-][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{207D121A-040B-4C91-A88B-681C45A2F95A} | DhcpNameServer : 192.168.1.254 75.153.176.9 [-][UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F6551621-8854-4B09-BF73-91DB0A661F70} | DhcpNameServer : 192.168.1.254 75.153.176.9 [-][UNITED STATES (US)] -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] Voo Update.job -- C:\Users\clarence\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
    [Suspicious.Path] \\Voo Update -- C:\Users\clarence\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] hqghumeaylnlf.lnk -- C:\Users\clarence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [[email protected]] C:\PROGRA~3\{8AF46~1\HQGHUM~1.EXE /startup -> Found

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 +++++
    --- User ---
    [MBR] fbaffaf46c3001d92b75859b018fa6cb
    [BSP] 7955ad5858a8b2c64f5390e092aaad30 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 3096576 | Size: 937223 MB
    4 - [SYSTEM] Basic data partition | Offset (sectors): 1922529280 | Size: 15129 MB
    User = LL1 ... OK
    User = LL2 ... OK



    Thank you for looking into this for me.
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Continue as follows:

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    Please open Malwarebytes Anti-Malware.

    • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
    • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
    • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • With some infections, you may see this message box.

      'Could not load DDA driver'
    • Click 'Yes' to this message, to allow the driver to load after a restart.
    • Allow the computer to restart. Continue with the rest of these instructions.
    • When the scan is complete, click Apply Actions.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    If Malwarebytes is not installed follow these instructions first:

    Download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish. Follow the instructions above....

    Next,

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Scan
    • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
    • You will get a prompt asking to close all programs. Click OK.
    • Click OK again to reboot your computer.
    • A text file will open after the restart. Please post the content of that logfile in your reply.
    • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

    Next,

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Next,

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
    Ensure to get the correct version for your system....
    32 Bit version:
    https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
    64 Bit version:
    https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.
    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    Next,

    Please follow these instructions carefully:

    Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
    "SavedLegacySettings"=-
    "DefaultConnectionSettings"=-
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=-
    "ProxyServer"=-
    

    Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

    Next navigate to your desktop, and enter the file name fixme.reg, and click Save.

    You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg. You will get a warning,
    agree to the merge, and then a message the file has been merged will immediately pop up.
    Then reboot.

    Let me see those logs, also give an update on any remaining issues or concerns...

    Thank you,

    Kevin....
     

    Attached Files:

  6. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    Ok my mom had a moment where she didn't trust me getting help from an online source and she she went and deleted all the programs and the logs.....

    So, I've finally gotten her onboard in trusting that you ARE actually going to help me, and she says she won't do that again.

    So, I have to reinstall FARBAR and Rogue killer....do i need to actually re scan and repost my reports again?

    Sorry about that. I really appreciate your help.
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Follow the instructions given in reply #5, post those logs... Let me know if any remaining issues or concerns...

    Thanks,

    Kevin..
     
  8. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    Ok Im going to start posting the logs before I lose track of where they all are. I am going to do everything you said, even though I must say after running the Malwarebytes, I am no longer having the pop ups. So....


    First is the Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
    Ran by clarence at 2015-04-16 18:23:41 Run:1
    Running from C:\Users\clarence\Downloads
    Loaded Profiles: clarence (Available profiles: clarence)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    HKLM-x32\...\Run: [gmsd_ca_38] => [X]
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Run: [BearShare] => "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
    C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    C:\Program Files (x86)\BearShare Applications
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [148008 2015-04-08] ()
    C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe
    C:\Program Files (x86)\Optimizer Pro 3.79\OptProSmartScan.exe
    C:\Program Files (x86)\Optimizer Pro 3.79\OptProReminder.exe
    C:\Program Files (x86)\Optimizer Pro 3.79
    AppInit_DLLs-x32: c:/progra~3/{e6d50~1/171~1.0/ceta.dll => "c:\progra~3\{e6d50~1\171~1.0\ceta.dll" File Not Found
    c:\progra~3\{e6d50~1
    AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File Not Found
    c:\progra~2\searchprotect
    Startup: C:\Users\clarence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
    ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{8af46f50-e9a8-98a0-8af4-46f50e9abd43}\hqghumeaylnlf.exe (PC Utilities Software Limited)
    C:\ProgramData\{8af46f50-e9a8-98a0-8af4-46f50e9abd43}
    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    C:\ProgramData\WindowsMangerProtect
    C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe
    C:\ProgramData\UgZmRiwEqRZ
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:54974;https=127.0.0.1:54974
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0 E0EyCyD0D0AtC0D0EzztBtBzztBtN0D0Tzu0StCtDzyzztN1L2XzutAtFyBtFtCtFtAtN1L1Czu tCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyEtDtA0FzztBtAtG0AtByE0CtGzy0A0CtCt GyByE0A0DtGtAtCyCtDtA0CtAtCtD0E0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCtBzy0DtDzz yBtGyD0E0F0CtGyE0AtDyEtG0ByD0DyCtGyD0FtCzyzz0C0FtDtDyD0EtD2Q&cr=587518245&i r=
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420379611&from=pcs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S766544265442&q={searchTerms}
    SearchScopes: HKLM-x32 -> {92F4845E-5F40-4FB6-82C8-EE0C613CDE73} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_15_01_ie&cd=2XzuyEtN2Y1L1Qzu0Bzz0 E0EyCyD0D0AtC0D0EzztBtBzztBtN0D0Tzu0StCtDzyzztN1L2XzutAtFyBtFtCtFtAtN1L1Czu tCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyEtDtA0FzztBtAtG0AtByE0CtGzy0A0CtCt GyByE0A0DtGtAtCyCtDtA0CtAtCtD0E0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyCtBzy0DtDzz yBtGyD0E0F0CtGyE0AtDyEtG0ByD0DyCtGyD0FtCzyzz0C0FtDtDyD0EtD2Q&cr=587518245&i r=
    FF Plugin HKU\S-1-5-21-194837296-4037038390-1075605202-1001: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    R2 5d9df4c6; c:\Program Files (x86)\Optimizer Pro 3.79\OptProMon.dll [2313768 2015-04-14] ()
    R2 EZ Software Updater; C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe [220672 2014-09-07] () [File not signed] <==== ATTENTION
    C:\Program Files (x86)\EZ Software Updater
    S2 Update ResultsBay; "C:\Program Files (x86)\ResultsBay\updateResultsBay.exe" [X]
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
    S1 wpnfd_1_10_0_1; system32\drivers\wpnfd_1_10_0_1.sys [X]
    C:\Users\clarence\AppData\Local\Temp\optprosetup.exe
    Task: {02A2D9C9-6731-4AF9-B0E2-CE3AC2CE0EB0} - System32\Tasks\Voo Update => C:\Users\clarence\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    C:\Users\clarence\AppData\Roaming\VOOUPD~1
    Task: {093247C9-2ABB-4BFF-AA97-DA38D5EB6994} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
    C:\Program Files (x86)\System Optimizer Pro
    Task: {17578367-98CF-41F8-A525-38DD36915201} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-3 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.exe <==== ATTENTION
    C:\Program Files (x86)\HQVideo-2.9dV02.01
    Task: {367EA950-7BDC-4F09-80EE-A3B1CFF557E7} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-1 => C:\Program Files (x86)\HQVideo-2.9dV02.01\HQVideo-2.9dV02.01-codedownloader.exe <==== ATTENTION
    Task: {382A49DD-70B6-4386-B788-03590E69DA17} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5_user => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: {38824507-6158-4CF5-8148-663B5D9B107C} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: {509FD816-7D17-4C81-9C88-FB2AEA69CC2C} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [2015-04-08] () <==== ATTENTION
    Task: {6198ACD4-B879-4705-951E-51534907086C} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-6 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.exe <==== ATTENTION
    Task: {6A61C6D5-DFD7-40E9-8EBF-5C8949D539DF} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-10_user => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-10.exe <==== ATTENTION
    Task: {9DBF7BEA-EE51-4AB6-A7D9-6AD9FB4546A8} - System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-7 => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.exe <==== ATTENTION
    Task: {A24BDECE-B98D-48ED-A2C8-0063A0206E6A} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {BAD72240-0480-4FE3-A674-5CAAE30B3456} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    C:\Program Files (x86)\AnyProtectEx
    Task: {E64DFD27-4FCC-477D-BE58-16AE184D1AF2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-1.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\HQVideo-2.9dV02.01-codedownloader.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-10_user.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-10.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5_user.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.exe <==== ATTENTION
    Task: C:\windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.job => C:\Program Files (x86)\HQVideo-2.9dV02.01\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\windows\Tasks\Voo Update.job => C:\Users\clarence\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    EmptyTemp:
    end



    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_ca_38 => value deleted successfully.
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare => value deleted successfully.
    "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" => File/Directory not found.
    "C:\Program Files (x86)\BearShare Applications" => File/Directory not found.
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
    "C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe" => File/Directory not found.
    "C:\Program Files (x86)\Optimizer Pro 3.79\OptProSmartScan.exe" => File/Directory not found.
    C:\Program Files (x86)\Optimizer Pro 3.79\OptProReminder.exe => Moved successfully.
    C:\Program Files (x86)\Optimizer Pro 3.79 => Moved successfully.
    "c:/progra~3/{e6d50~1/171~1.0/ceta.dll" => Value Data removed successfully.
    "c:\progra~3\{e6d50~1" => File/Directory not found.
    "c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" => Value Data removed successfully.
    "c:\progra~2\searchprotect" => File/Directory not found.
    C:\Users\clarence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
    C:\ProgramData\{8af46f50-e9a8-98a0-8af4-46f50e9abd43}\hqghumeaylnlf.exe => Moved successfully.
    C:\ProgramData\{8af46f50-e9a8-98a0-8af4-46f50e9abd43} => Moved successfully.
    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => Moved successfully.
    C:\ProgramData\WindowsMangerProtect => Moved successfully.
    C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe => Moved successfully.

    "C:\ProgramData\UgZmRiwEqRZ" directory move:

    Could not move "C:\ProgramData\UgZmRiwEqRZ" directory. => Scheduled to move on reboot.

    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
    HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
    HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{92F4845E-5F40-4FB6-82C8-EE0C613CDE73}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{92F4845E-5F40-4FB6-82C8-EE0C613CDE73} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
    "HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Software\MozillaPlugins\BearSharePlugin" => Key deleted successfully.
    C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll not found.
    5d9df4c6 => Service not found.
    EZ Software Updater => Service deleted successfully.
    C:\Program Files (x86)\EZ Software Updater => Moved successfully.
    Update ResultsBay => Service deleted successfully.
    cherimoya => Service deleted successfully.
    SPPD => Service deleted successfully.
    wpnfd_1_10_0_1 => Service deleted successfully.
    C:\Users\clarence\AppData\Local\Temp\optprosetup.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02A2D9C9-6731-4AF9-B0E2-CE3AC2CE0EB0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02A2D9C9-6731-4AF9-B0E2-CE3AC2CE0EB0}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Voo Update => Moved successfully.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-16 18:35:40)<=

    ==> ATTENTION: System is not rebooted.
    "C:\ProgramData\UgZmRiwEqRZ" => Directory could not move.

    ==== End of Fixlog 18:35:42 ====





    **************************************************************************************************************************************************************************************************************************************************************************************

    Now the Malwarbytes log...... you said to post the scan result so thats what im posting....there was also a protection log but you didn't mention it so I'll assume it's not of any use.


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2015-04-16
    Scan Time: 6:43:13 PM
    Logfile:
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.04.16.06
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: clarence

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 340182
    Time Elapsed: 17 min, 8 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 3
    PUP.Optional.HealthAlert.A, C:\FRST\Quarantine\C\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe.xBAD, 2528, Delete-on-Reboot, [62e4afbe8dfdb383988b07fd9b67946c]
    PUP.Optional.WebSteroids.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 5068, Delete-on-Reboot, [e85e2449117941f521d0093923e027d9]
    PUP.Optional.YouTubeDownloadPool.A, C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe, 2372, Delete-on-Reboot, [7ec881ec7a1049ed94fd8d345da655ab]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 42
    PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [e85e2449117941f521d0093923e027d9],
    PUP.Optional.WebSteroids.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [e85e2449117941f521d0093923e027d9],
    PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [e85e2449117941f521d0093923e027d9],
    PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [e85e2449117941f521d0093923e027d9],
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [d86e2e3f1a7045f1c9f7e959db287e82],
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [d86e2e3f1a7045f1c9f7e959db287e82],
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [d86e2e3f1a7045f1c9f7e959db287e82],
    PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [6fd7c4a9c2c8ad893a468a496b9849b7],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [9fa75e0fe4a688aea8bcce3661a34ab6],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [024482eb395168cedf1b2f1906fffe02],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [d0762f3e7119aa8c9e5bb395679eb749],
    PUP.Optional.EZSoftware.A, HKLM\SOFTWARE\WOW6432NODE\EZ Software Updater, Quarantined, [8db981ec5f2bf3437b8b38a7d92a2ed2],
    PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, Quarantined, [291d1e4fddad88ae2d2cbf1561a27d83],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HQVideo-2.9dV02.01, Quarantined, [65e1dd905535082ead3b8ebed233f10f],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HQVideo-2.9dV02.01-nv, Quarantined, [1b2bee7f8cfe37ff826685c7fe0718e8],
    PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [2b1b234aed9d3df972dd61e43dc89c64],
    PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.1, Quarantined, [073feb825337bf7794faf6e51ae911ef],
    PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [52f4610c6d1dad89d6b0b608a06340c0],
    PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [e95dc1ac94f683b3f18f22b1ff047b85],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [ad99a5c8f397a4920b5923e1d72d22de],
    PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [73d3adc0dcae95a184e033bb956ecd33],
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [f155a2cb523861d5511bf25f07fe8a76],
    PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [7cca2a43e2a8de58676003d0fd0603fd],
    PUP.Optional.YouTubeDownloadPool.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YouTubeDownload_P4, Quarantined, [7ec881ec7a1049ed94fd8d345da655ab],
    PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [3511d499b1d92610fbb9b5250ff4c937],
    PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES, Quarantined, [b5917bf2593168cecdb1b398b451fe02],
    PUP.Optional.Shopperz.A, HKU\S-1-5-18\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [94b2ef7e1b6f8caa99bc2a9b699a3cc4],
    PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [380ede8fb9d1280eb69f11b4649fc33d],
    PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [de6871fc2466191dd18462637291ce32],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\HQVideo-2.9dV02.01-nv, Quarantined, [57efc8a522683df9cb1eae9e699c40c0],
    PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\TutoTag, Quarantined, [26206d00aae0c5717595f94fdb2a4bb5],
    PUP.Optional.Vosteran.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\Vosteran Browser, Quarantined, [202671fc602a38fe80d65f71f90ae41c],
    PUP.Optional.Shopperz.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [f056ee7f3951ef47c78ef7cea45f817f],
    PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [3f07c7a6d1b904322c9549a073907a86],
    PUP.Optional.MultiIE.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [cf775f0ea1e994a252b32b1820e5f10f],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\APPDATALOW\SOFTWARE\HQVideo-2.9dV02.01, Quarantined, [1a2c5c11107a7eb81cce014b30d59b65],
    PUP.Optional.Vosteran.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [73d31459b7d3ab8b5b26a03311f2c63a],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [232388e575151c1a3b00c64a7193c040],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\INSTALLCORE, Quarantined, [2323145975157eb8d736b571c540659b],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [52f48be2a5e56dc990da875af1125aa6],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HQVid2.9dV02.01, Quarantined, [2c1abfae88025adc4220d40229dad729],
    PUP.Optional.SystemSpeedup, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\SYSTWEAK\ssd, Quarantined, [95b155186f1b4aecc2a15896fd06738d],

    Registry Values: 7
    PUP.Optional.Ask.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9fa7d39a4248d066a22a72cabb48c838],
    PUP.Optional.Ask.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{4F524A2D-5350-4500-76A7-7A786E7484D7}, ä¨*ä½&#146;卐ä&#148;&#128;ꝶ硺ç&#145;®í&#158;&#132;, Quarantined, [9fa7d39a4248d066a22a72cabb48c838]
    PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, Quarantined, [4ff7fe6f41499d99b97becd47a893fc1]
    PUP.Optional.Vosteran.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [40068edf385202340479635b30d31de3]
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 626A8F7D-04FD-474B-A9DB-26E5C4E52F2F, Quarantined, [f155a2cb523861d5511bf25f07fe8a76]
    PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES|ImagePath, C:\windows\rcore.exe, Quarantined, [b5917bf2593168cecdb1b398b451fe02]
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\INSTALLCORE|tb, 0X1L1C1C1J2Z, Quarantined, [2323145975157eb8d736b571c540659b]

    Registry Data: 1
    PUP.Optional.Tikotin.A, HKU\S-1-5-21-194837296-4037038390-1075605202-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://tikotin.com, Good: (www.google.com), Bad: (http://tikotin.com),Replaced,[2b1b54194941d95de445d4310afc837d]

    Folders: 14
    PUP.Optional.HealthAlert.A, C:\Users\clarence\AppData\Local\HealthAlert, Quarantined, [c77f600ddbaf77bfeb64bd1dbe458c74],
    Rogue.Multiple, C:\ProgramData\1887373585, Quarantined, [ba8c234a4446af8707d6d4a781827e82],
    Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [ac9a026b4b3fc2746c71b8c38d7605fb],
    PUP.Optional.Techgile.A, C:\Program Files (x86)\Techgile, Quarantined, [2c1a323b8efc9c9a11c8307a30d37987],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVideo-2.9dV02.01, Quarantined, [163074f91b6fc175e254d4da689b7e82],
    PUP.Optional.VooUpdate.A, C:\Users\clarence\AppData\Roaming\VooUpdate, Quarantined, [3412026b345686b0127c8f26a95a8a76],
    PUP.Optional.VooUpdate.A, C:\Users\clarence\AppData\Roaming\VooUpdate\UpdateProc, Quarantined, [3412026b345686b0127c8f26a95a8a76],
    PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player, Quarantined, [67dff37a2763dc5ada72883008fb49b7],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\installer, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\language, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\logs, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\scan_results, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\swf, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],

    Files: 53
    PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNewH_01009.Wdf, Delete-on-Reboot, ,
    PUP.Optional.HealthAlert.A, C:\FRST\Quarantine\C\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe.xBAD, Delete-on-Reboot, [62e4afbe8dfdb383988b07fd9b67946c],
    PUP.Optional.WebSteroids.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Delete-on-Reboot, [e85e2449117941f521d0093923e027d9],
    PUP.Optional.HealthAlert.A, C:\ProgramData\UgZmRiwEqRZ\dat\cFsgndwTRv.exe, Delete-on-Reboot, [12349dd01c6e45f1041f04009270d22e],
    PUP.Optional.ZombieInvasion.A, C:\ProgramData\UgZmRiwEqRZ\dat\JNDfcVzmM.dll, Delete-on-Reboot, [f74f501d048696a09d689858ca3bb34d],
    PUP.Optional.HealthAlert.A, C:\ProgramData\UgZmRiwEqRZ\dat\nrUhNgXb.exe, Delete-on-Reboot, [c68081ec1c6ec373d64d976da45e4ab6],
    PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, Quarantined, [3d09b0bd1f6b290d30a2052d47bb05fb],
    PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Quarantined, [4ff781eca3e785b1d31ad04105fdb947],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, Quarantined, [b591bbb2a5e546f076071f18cf31cd33],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVideo-2.9dV02.01\utils.exe, Quarantined, [0046df8e5a3083b372b86ae428d88b75],
    PUP.Optional.Bandoo, C:\Users\clarence\Downloads\iLividSetup-r2126-n-bi.exe, Quarantined, [093d412ccbbf2b0b67ece852768b2bd5],
    PUP.Optional.SearchProtect, C:\Windows\apppatch\apppatch64\VCLdr64.dll, Quarantined, [034384e9f19980b6911378dd2fd3966a],
    PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP1.job, Quarantined, [8fb7a4c9692177bfd5bddbe658abbb45],
    PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP2.job, Quarantined, [b19506678505dc5a98faa021748f7b85],
    PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP3.job, Quarantined, [ed5983eaabdf8da9e5ad328fa261867a],
    PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP1, Quarantined, [7ec83d30d8b23ef8dbb8625ff11255ab],
    PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP2, Quarantined, [e36346275d2d2d090a89546da45f8b75],
    PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP3, Quarantined, [b690a4c93852b581920106bb1ce7f60a],
    PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, Quarantined, [f3539bd2bfcb82b4662903cbf40f8d73],
    PUP.Optional.VooUpdate.A, C:\Windows\Tasks\Voo Update.job, Quarantined, [b78fabc273172610e239a62a3ac99c64],
    PUP.Optional.HealthAlert.A, C:\Users\clarence\AppData\Local\HealthAlert\data2.dat, Quarantined, [c77f600ddbaf77bfeb64bd1dbe458c74],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-1, Quarantined, [2521313cb8d2c96d80dfbe2ee51ed22e],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-10_user, Quarantined, [b690d09d890168ce6cf33eae55ae4eb2],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-3, Quarantined, [0f37422b741648ee78e722ca897acd33],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5, Quarantined, [5fe7d69763270f271a45a646bc47ee12],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5_user, Quarantined, [7bcb27465f2b300679e65597f90afa06],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-6, Quarantined, [4006d29bf1999b9b0c53cc2047bc639d],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-7, Quarantined, [78ce2f3e95f5d264adb20ae26b98de22],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-1.job, Quarantined, [0e385617bccec2748e4cfb4a7392d42c],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-10_user.job, Quarantined, [c3836d00fb8fb0861dbd4005788d956b],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-3.job, Quarantined, [5cea0964b2d802340bcf04418b7a14ec],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5.job, Quarantined, [45014825a2e884b2cb0f7bca3bca639d],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-5_user.job, Quarantined, [51f5bab3dab058de5e7c60e58e7718e8],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-6.job, Quarantined, [1c2a83ea2961dc5a0bcf1b2a3cc9c63a],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\1794db38-3b40-4cea-9b1a-d404883bbdf7-7.job, Quarantined, [9bab15583c4ef541f7e3eb5a788d4eb2],
    PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [ce78d499a3e7b3839c61b98f9e67c53b],
    PUP.Optional.YouTubeDownloadPool.A, C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe, Delete-on-Reboot, [7ec881ec7a1049ed94fd8d345da655ab],
    PUP.Optional.Score.A, C:\Windows\rcore.exe, Quarantined, [b5917bf2593168cecdb1b398b451fe02],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVideo-2.9dV02.01\bgNova.html, Quarantined, [163074f91b6fc175e254d4da689b7e82],
    PUP.Optional.VooUpdate.A, C:\Users\clarence\AppData\Roaming\VooUpdate\UpdateProc\bkup.dat, Quarantined, [3412026b345686b0127c8f26a95a8a76],
    PUP.Optional.VooUpdate.A, C:\Users\clarence\AppData\Roaming\VooUpdate\UpdateProc\config.dat, Quarantined, [3412026b345686b0127c8f26a95a8a76],
    PUP.Optional.VooUpdate.A, C:\Users\clarence\AppData\Roaming\VooUpdate\UpdateProc\info.dat, Quarantined, [3412026b345686b0127c8f26a95a8a76],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\installer\ab.test.json, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\installer\tempfile.t, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\language\de.xml, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\language\en.xml, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\language\fr.xml, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\swf\mov01.swf, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\swf\swfA1O.swf, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\swf\swfAmXW.swf, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],
    PUP.Optional.AnyProtect.A, C:\Users\clarence\AppData\Roaming\AnyProtectEx\swf\swfAzOQ.swf, Quarantined, [44029ecf8cfe61d50e945d5fe71c22de],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    **************************************************************************************************************************************************************************************************************************************************************************************




    Next is the AdwCleaner Log




    # AdwCleaner v4.201 - Logfile created 16/04/2015 at 21:56:31
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-15.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : clarence - CATHY-CLARENCE
    # Running from : C:\Users\clarence\Downloads\adwcleaner_4.201.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\HealthAlert
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\d1c3aa9800005849
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
    Folder Deleted : C:\Program Files (x86)\predm
    Folder Deleted : C:\Program Files (x86)\DriverRestore
    Folder Deleted : C:\Program Files (x86)\XTab
    Folder Deleted : C:\Program Files (x86)\download Manager
    Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\clarence\AppData\Local\StormFall
    Folder Deleted : C:\Users\clarence\AppData\Roaming\Systweak
    File Deleted : C:\Users\Public\Desktop\Free Games.lnk
    File Deleted : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
    File Deleted : C:\windows\System32\roboot64.exe

    ***** [ Scheduled tasks ] *****

    Task Deleted : APSnotifierPP1

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\clarence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
    Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
    Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
    Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
    Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
    Key Deleted : HKLM\SOFTWARE\dbc4a00b-eb33-e003-6171-4d234cc11686
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
    Key Deleted : HKCU\Software\AnyProtect
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\DriverRestore
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\SPPDCOM
    Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZ Software Updater_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:54974;hxxps=127.0.0.1:54974
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Google Chrome v42.0.2311.90

    [C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce

    -\\ Opera v0.0.0.0


    *************************

    AdwCleaner[R0].txt - [7614 bytes] - [16/04/2015 21:20:35]
    AdwCleaner[S0].txt - [7176 bytes] - [16/04/2015 21:56:31]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7235 bytes] ##########




    **************************************************************************************************************************************************************************************************************************************************************************************

    And the Junkware removal tool

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.7 (04.16.2015:2)
    OS: Windows 8.1 x64
    Ran by clarence on 2015-04-16 at 22:05:42.90
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Users\clarence\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
    Successfully deleted: [File] C:\Users\clarence\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
    Successfully deleted: [File] C:\windows\wininit.ini



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\clarence\documents\optimizer pro





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2015-04-16 at 22:10:54.73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    **************************************************************************************************************************************************************************************************************************************************************************************

    I felt like I was losing track of where all the logs were so I thought I would post where I've gotten too this far. I'm going to download the malicious software tool now and carry on.
    Thank you so much again. There's already a noticeable difference in the way the PC is running.
     
  9. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    Ok here's the windows malicious software removal log


    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Sep 29 08:29:49 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 29 10:32:54 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Sep 30 20:30:55 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 30 20:32:28 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Sun Oct 05 16:12:23 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Sun Oct 05 16:13:34 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Sun Oct 05 17:07:58 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Sun Oct 05 17:08:02 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 01:40:38 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 01:40:41 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 03:14:23 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 03:15:52 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 05:56:09 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 05:56:14 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 08:27:37 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 08:27:40 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 14:04:24 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 14:04:34 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 16:57:22 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 16:58:05 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 17:24:40 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 17:24:43 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 18:07:17 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 18:07:20 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Mon Oct 06 22:08:50 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 06 22:09:03 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 04:33:53 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 04:35:07 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 08:02:20 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 08:02:37 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 08:13:18 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 08:13:21 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 11:35:40 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 11:35:54 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 12:06:16 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 12:06:20 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 12:23:37 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 12:23:40 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 14:33:49 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 14:33:52 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 15:01:53 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 15:01:57 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Tue Oct 07 15:42:41 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 07 15:42:44 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
    Started On Fri Oct 17 23:38:37 2014

    Engine: 1.1.11005.0
    Signatures: 1.185.2035.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 17 23:43:35 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
    Started On Fri Nov 14 06:59:55 2014

    Engine: 1.1.11104.0
    Signatures: 1.187.1116.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 14 07:03:20 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
    Started On Thu Dec 11 20:04:39 2014

    Engine: 1.1.11202.0
    Signatures: 1.189.872.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 20:09:32 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
    Started On Wed Jan 14 16:43:56 2015

    Engine: 1.1.11302.0
    Signatures: 1.191.1276.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 16:48:44 2015


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)
    Started On Fri Feb 13 10:20:44 2015

    Engine: 1.1.11302.0
    Signatures: 1.191.3593.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 13 10:28:35 2015


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
    Started On Tue Mar 10 20:30:48 2015

    Engine: 1.1.11400.0
    Signatures: 1.193.1181.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 10 20:36:09 2015


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
    Started On Thu Apr 16 12:29:53 2015

    Engine: 1.1.11502.0
    Signatures: 1.195.1215.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 12:39:39 2015


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
    Started On Thu Apr 16 22:25:59 2015

    Engine: 1.1.11502.0
    Signatures: 1.195.1215.0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 22:26:41 2015


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
    Started On Thu Apr 16 22:27:28 2015

    Engine: 1.1.11502.0
    Signatures: 1.195.1215.0



    **************************************************************************************************************************************************************************************************************************************************************************************

    Ok when I did the fixme.reg bit, it did not say anything about merging files, it said something along the lines of "if you do not trust the content in fixme.reg do not add it to your registry"...meaning it added the file as opposed to merging it. IS that ok?

    Everything seems to be working great now. Thank you.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    We need to run another scan to double check all is ok, continue please:

    Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

    Thank you,

    Kevin...
     
  11. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
    Ran by clarence (administrator) on CATHY-CLARENCE on 17-04-2015 13:55:06
    Running from C:\Users\clarence\Downloads
    Loaded Profiles: clarence (Available profiles: clarence)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
    (FUJIFILM Corporation) C:\Program Files\FinePixViewerS\QuickDCF2.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
    (Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Solitaire.exe
    (McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
    (McAfee, Inc.) C:\Program Files\mcafee\VirusScan\mcods.exe
    (McAfee, Inc.) C:\Program Files\mcafee\vul\McVulAlert.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [718248 2015-02-11] (McAfee, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\Policies\Explorer: [NoControlPanel] 0
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
    ShortcutTarget: Exif Launcher S.lnk -> C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {92F4845E-5F40-4FB6-82C8-EE0C613CDE73} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> DefaultScope {75A0BB31-C502-4B47-AD79-A5EA3C22EB9F} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA0D20141025&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {75A0BB31-C502-4B47-AD79-A5EA3C22EB9F} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA0D20141025&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {92F4845E-5F40-4FB6-82C8-EE0C613CDE73} URL =
    SearchScopes: HKU\S-1-5-21-194837296-4037038390-1075605202-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-02] (Microsoft Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-02] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-02] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-03-03] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-02] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2014-12-01] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-10-25]
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-25]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.ca/
    CHR StartupUrls: Default -> "hxxp://www.google.ca/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Bookmark Manager) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
    CHR Extension: (Google Wallet) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
    CHR Profile: C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
    CHR Extension: (Google Docs) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
    CHR Extension: (Google Drive) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]
    CHR Extension: (YouTube) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
    CHR Extension: (Nimbus Screenshot) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-12-06]
    CHR Extension: (Google Search) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
    CHR Extension: (Google Sheets) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
    CHR Extension: (SiteAdvisor) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-15]
    CHR Extension: (Nimbus Screen Capture App) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gooiepmnbooemimlnlbijlfoofgjnngn [2014-12-06]
    CHR Extension: (Pin It Button) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-23]
    CHR Extension: (Google Wallet) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
    CHR Extension: (Gmail) - C:\Users\clarence\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-13]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-13]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
    R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-10] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [752232 2015-03-03] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [605472 2015-02-27] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)
    R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    S2 DZdoNHWKoS; "C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-02-28] (McAfee, Inc.)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-14] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-16 22:46 - 2015-04-16 22:46 - 00000618 _____ () C:\Users\clarence\Desktop\fixme.reg
    2015-04-16 22:25 - 2015-04-16 22:25 - 45142720 _____ (Microsoft Corporation) C:\Users\clarence\Downloads\Windows-KB890830-x64-V5.23.exe
    2015-04-16 22:24 - 2015-04-16 22:24 - 00110543 _____ () C:\Users\clarence\Desktop\confirmation.htm
    2015-04-16 22:10 - 2015-04-16 22:10 - 00001023 _____ () C:\Users\clarence\Desktop\JRT.txt
    2015-04-16 22:05 - 2015-04-16 22:05 - 00000207 _____ () C:\windows\tweaking.com-regbackup-CATHY-CLARENCE-Windows-8.1-(64-bit).dat
    2015-04-16 22:05 - 2015-04-16 22:05 - 00000000 ____D () C:\RegBackup
    2015-04-16 22:01 - 2015-04-16 22:01 - 02686137 _____ (Thisisu) C:\Users\clarence\Downloads\JRT.exe
    2015-04-16 21:59 - 2015-04-16 21:59 - 00007343 _____ () C:\Users\clarence\Desktop\AdwCleaner[S0].txt
    2015-04-16 21:20 - 2015-04-16 21:56 - 00000000 ____D () C:\AdwCleaner
    2015-04-16 21:19 - 2015-04-16 21:19 - 02217984 _____ () C:\Users\clarence\Downloads\adwcleaner_4.201.exe
    2015-04-16 18:41 - 2015-04-16 22:15 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-16 18:41 - 2015-04-16 18:41 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-16 18:40 - 2015-04-16 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-16 18:40 - 2015-04-16 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-16 18:40 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-04-16 18:40 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-04-16 18:40 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2015-04-16 18:39 - 2015-04-16 18:39 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\clarence\Desktop\mbam-setup-2.1.4.1018.exe
    2015-04-16 18:23 - 2015-04-16 18:23 - 00000000 ____D () C:\Users\clarence\Downloads\FRST-OlderVersion
    2015-04-16 18:21 - 2015-04-16 18:21 - 00009025 _____ () C:\Users\clarence\Downloads\Fixlist.txt
    2015-04-15 14:57 - 2015-04-17 09:45 - 00000000 ____D () C:\Users\clarence\AppData\Local\CrashDumps
    2015-04-14 15:45 - 2015-04-14 15:57 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-14 15:45 - 2015-04-14 15:45 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2015-04-14 15:42 - 2015-04-14 15:43 - 16866392 _____ () C:\Users\clarence\Downloads\RogueKiller.exe
    2015-04-14 15:31 - 2015-04-14 15:33 - 00036569 _____ () C:\Users\clarence\Downloads\Addition.txt
    2015-04-14 15:29 - 2015-04-17 13:56 - 00023527 _____ () C:\Users\clarence\Downloads\FRST.txt
    2015-04-14 15:28 - 2015-04-17 13:55 - 00000000 ____D () C:\FRST
    2015-04-14 15:24 - 2015-04-16 18:23 - 02097664 _____ (Farbar) C:\Users\clarence\Downloads\FRST64.exe
    2015-04-14 12:23 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-04-14 12:23 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2015-04-14 12:23 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
    2015-04-14 12:23 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2015-04-14 12:23 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
    2015-04-14 12:23 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
    2015-04-14 12:23 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2015-04-14 12:23 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2015-04-14 12:23 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
    2015-04-14 12:23 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
    2015-04-14 12:23 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2015-04-14 12:23 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2015-04-14 12:23 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2015-04-14 12:23 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2015-04-14 12:23 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2015-04-14 12:23 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
    2015-04-14 12:23 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2015-04-14 12:23 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2015-04-14 12:23 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2015-04-14 12:23 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2015-04-14 12:23 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2015-04-14 12:23 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
    2015-04-14 12:23 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2015-04-14 12:23 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2015-04-14 12:23 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2015-04-14 12:23 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2015-04-14 12:23 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2015-04-14 12:23 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2015-04-14 12:23 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2015-04-14 12:23 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2015-04-14 12:23 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-04-14 12:23 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-04-14 12:23 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-04-14 12:23 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-04-14 12:23 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-04-14 12:23 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-04-14 12:23 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-04-14 12:23 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-04-14 12:23 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-04-14 12:23 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2015-04-14 12:23 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-04-14 12:23 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-04-14 12:23 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-04-14 12:23 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-04-14 12:23 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2015-04-14 12:23 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2015-04-14 12:23 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-04-14 12:23 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-04-14 12:23 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-04-14 12:23 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2015-04-14 12:23 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-04-14 12:23 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-04-14 12:23 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-04-14 12:23 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-04-14 12:23 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-04-14 12:23 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-04-14 12:23 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
    2015-04-14 12:23 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
    2015-04-14 12:23 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
    2015-04-14 12:23 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
    2015-04-14 12:23 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
    2015-04-14 12:22 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-04-14 12:22 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-04-14 12:22 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-04-14 12:22 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-04-14 12:22 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-04-14 12:22 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-04-14 12:22 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-04-13 18:41 - 2015-04-13 18:41 - 00509440 _____ (Tech Support Guy System) C:\Users\clarence\Downloads\SysInfo.exe
    2015-04-13 16:39 - 2015-04-14 15:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-04-13 16:39 - 2015-04-14 15:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-04-13 16:39 - 2015-04-13 16:39 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
    2015-04-13 16:38 - 2015-04-13 16:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\clarence\Downloads\spybot-2.4.exe
    2015-04-10 20:05 - 2015-04-17 10:10 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-10 20:05 - 2015-04-17 07:19 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-10 20:05 - 2015-04-16 21:56 - 00001313 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-10 20:05 - 2015-04-16 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-04-10 20:05 - 2015-04-10 20:05 - 00003904 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-04-10 20:05 - 2015-04-10 20:05 - 00003668 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-04-10 10:47 - 2015-04-10 10:47 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2015-04-10 10:47 - 2015-04-10 10:47 - 00002074 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2015-04-02 07:39 - 2015-04-09 16:05 - 00000364 _____ () C:\Users\clarence\Sti_Trace.log
    2015-04-01 19:40 - 2015-04-01 19:40 - 00000953 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
    2015-04-01 19:40 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\windows\system32\esxw2ud.dll
    2015-04-01 19:40 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\windows\system32\escsvc64.exe
    2015-04-01 19:39 - 2015-04-01 19:39 - 00000000 ____D () C:\Program Files (x86)\epson
    2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
    2015-04-01 19:36 - 2015-04-01 19:36 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
    2015-04-01 12:05 - 2015-02-28 01:10 - 00076064 _____ (McAfee, Inc.) C:\windows\system32\Drivers\McPvDrv.sys
    2015-04-01 12:04 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
    2015-03-31 16:14 - 2015-03-31 16:14 - 00002229 _____ () C:\Users\clarence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-03-31 16:14 - 2015-03-31 16:14 - 00002119 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-03-31 16:14 - 2015-03-31 16:14 - 00002119 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2015-03-31 16:14 - 2015-03-31 16:14 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
    2015-03-31 16:14 - 2015-03-31 16:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
    2015-03-31 16:09 - 2015-04-02 07:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-31 16:09 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-03-27 10:47 - 2015-03-27 10:47 - 00000000 ___SD () C:\windows\SysWOW64\GWX
    2015-03-27 10:47 - 2015-03-27 10:47 - 00000000 ___SD () C:\windows\system32\GWX
    2015-03-27 10:45 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
    2015-03-27 10:45 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
    2015-03-25 16:08 - 2015-03-25 16:08 - 00282992 _____ () C:\windows\Minidump\032515-17171-01.dmp
    2015-03-25 10:54 - 2015-03-25 10:55 - 00282992 _____ () C:\windows\Minidump\032515-17265-01.dmp
    2015-03-23 21:42 - 2015-03-23 21:42 - 00000000 ____D () C:\ProgramData\ATI
    2015-03-23 21:33 - 2015-03-23 21:34 - 00000000 ____D () C:\Program Files\AMD Quick Stream
    2015-03-23 21:33 - 2015-03-23 21:33 - 00058610 _____ () C:\windows\SysWOW64\CCCInstall_201503232133244780.log
    2015-03-23 21:33 - 2015-03-23 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
    2015-03-23 21:33 - 2015-03-23 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2015-03-23 21:33 - 2015-03-23 21:33 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2015-03-23 21:33 - 2014-10-28 14:24 - 00229056 _____ (AppEx Networks Corporation) C:\windows\system32\Drivers\appexDrv.sys
    2015-03-23 21:27 - 2015-03-23 21:27 - 00000000 ____D () C:\Program Files (x86)\AMD

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-17 13:57 - 2014-09-27 15:25 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CBEB180B-0C14-4504-A42C-A4E0CCBAB19C}
    2015-04-17 13:53 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
    2015-04-17 10:33 - 2014-09-27 13:18 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-194837296-4037038390-1075605202-1001
    2015-04-17 09:47 - 2014-09-27 15:24 - 01789768 _____ () C:\windows\WindowsUpdate.log
    2015-04-17 09:40 - 2014-10-20 04:52 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-04-17 09:40 - 2014-10-20 04:52 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-04-17 07:30 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
    2015-04-17 07:22 - 2014-10-25 11:22 - 00000000 __RSD () C:\Users\clarence\Documents\McAfee Vaults
    2015-04-17 07:20 - 2014-09-27 22:34 - 00000000 ___DO () C:\Users\clarence\SkyDrive
    2015-04-16 22:54 - 2014-04-02 15:15 - 00825254 _____ () C:\windows\system32\perfh00C.dat
    2015-04-16 22:54 - 2014-04-02 15:15 - 00186674 _____ () C:\windows\system32\perfc00C.dat
    2015-04-16 22:54 - 2013-08-24 17:38 - 01889418 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-04-16 22:49 - 2013-08-22 10:46 - 00024410 _____ () C:\windows\setupact.log
    2015-04-16 22:49 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-04-16 22:49 - 2013-08-22 09:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-04-16 21:57 - 2013-08-24 17:32 - 00539492 _____ () C:\windows\PFRO.log
    2015-04-16 19:08 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\PLA
    2015-04-16 18:23 - 2015-01-04 08:24 - 00000000 ____D () C:\ProgramData\UgZmRiwEqRZ
    2015-04-16 12:39 - 2014-09-29 08:29 - 00000000 ____D () C:\windows\system32\MRT
    2015-04-16 12:29 - 2013-08-22 11:20 - 00000000 ____D () C:\windows\CbsTemp
    2015-04-16 12:23 - 2014-12-13 20:30 - 00000000 ____D () C:\windows\system32\appraiser
    2015-04-16 12:23 - 2014-10-02 18:03 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-04-16 08:37 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\FxsTmp
    2015-04-15 15:21 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\LiveKernelReports
    2015-04-15 13:16 - 2014-04-02 14:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-15 13:14 - 2014-04-02 14:19 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
    2015-04-15 13:13 - 2014-04-02 14:37 - 00000000 ___HD () C:\Program Files (x86)\Temp
    2015-04-15 13:12 - 2014-04-02 14:37 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2015-04-14 15:23 - 2015-01-04 09:26 - 00000000 ___HD () C:\Users\Public\Temp
    2015-04-13 19:24 - 2014-12-14 02:52 - 00792056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-04-13 19:24 - 2014-12-14 02:52 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-13 13:19 - 2014-09-29 06:46 - 00003194 _____ () C:\windows\System32\Tasks\HPCeeScheduleForclarence
    2015-04-13 13:19 - 2014-09-29 06:46 - 00000374 _____ () C:\windows\Tasks\HPCeeScheduleForclarence.job
    2015-04-12 15:57 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2015-04-12 07:52 - 2014-09-28 13:22 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
    2015-04-12 07:50 - 2014-09-28 13:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-04-10 20:05 - 2014-10-04 18:45 - 00000000 ____D () C:\Users\clarence\AppData\Local\Deployment
    2015-04-10 20:05 - 2014-10-04 18:45 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-04-10 10:48 - 2014-12-27 11:40 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2015-04-10 10:47 - 2014-10-26 18:35 - 00000000 ____D () C:\ProgramData\Adobe
    2015-04-10 10:47 - 2014-10-26 18:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-04-04 06:12 - 2014-09-27 15:25 - 00000000 ____D () C:\Users\clarence
    2015-04-04 06:11 - 2013-08-22 10:44 - 00485448 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-04-03 07:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-04-01 19:40 - 2015-01-08 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2015-04-01 12:04 - 2014-10-25 11:15 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2015-04-01 12:03 - 2013-08-22 11:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2015-04-01 11:16 - 2014-09-29 08:29 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-03-31 16:09 - 2014-09-27 15:25 - 00000000 ____D () C:\Users\clarence\AppData\Local\VirtualStore
    2015-03-26 07:57 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\NDF
    2015-03-25 17:37 - 2014-04-02 14:20 - 00065536 _____ () C:\windows\system32\spu_storage.bin
    2015-03-25 17:35 - 2014-12-31 09:11 - 00000000 ____D () C:\Program Files (x86)\Raptr
    2015-03-25 17:34 - 2014-04-02 14:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
    2015-03-25 17:34 - 2014-04-02 14:43 - 00000000 ____D () C:\Program Files (x86)\CyberLink
    2015-03-25 16:08 - 2014-10-07 06:39 - 00000000 ____D () C:\windows\Minidump
    2015-03-25 16:08 - 2014-10-07 06:38 - 382940531 _____ () C:\windows\MEMORY.DMP
    2015-03-23 21:33 - 2014-09-30 19:09 - 00000000 ____D () C:\ProgramData\AMD
    2015-03-23 21:32 - 2014-09-30 19:07 - 00000000 ____D () C:\Program Files\AMD
    2015-03-23 21:31 - 2014-09-30 19:02 - 00000000 ____D () C:\Program Files\ATI Technologies
    2015-03-23 21:27 - 2013-08-24 17:59 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-03-23 21:25 - 2014-09-28 14:53 - 00000000 ____D () C:\AMD

    ==================== Files in the root of some directories =======

    2015-01-04 09:17 - 2015-01-04 09:17 - 0000046 _____ () C:\Users\clarence\AppData\Roaming\WB.CFG

    Some content of TEMP:
    ====================
    C:\Users\clarence\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\clarence\AppData\Local\Temp\Quarantine.exe
    C:\Users\clarence\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-07 04:33


    ==================== End Of Log ============================


    **************************************************************************************************************************************************************************************************************************************************************************************



    Addition.txt


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
    Ran by clarence at 2015-04-17 13:57:51
    Running from C:\Users\clarence\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks)
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version: - SEIKO EPSON Corporation)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
    FUJIFILM FinePixViewer S Ver.2.1 (HKLM-x32\...\{88B32652-CAE0-4909-A463-5840D2689D93}) (Version: 2.1.0.3 - FUJIFILM Corporation)
    Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
    Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.206 - McAfee, Inc.)
    Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-194837296-4037038390-1075605202-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\clarence\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    01-04-2015 19:36:01 Installed Software Updater
    10-04-2015 10:45:35 McAfee Vulnerability Scanner
    15-04-2015 13:09:00 Removed NVIDIA PhysX
    17-04-2015 09:38:11 McAfee Vulnerability Scanner

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {071F36A9-84F3-4AC6-8DFC-9D719E64E13D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
    Task: {093247C9-2ABB-4BFF-AA97-DA38D5EB6994} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
    Task: {13D8A4A6-ECA1-4FAD-9FEC-C117439B25CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1412AA6F-848B-45E1-BBFD-2DA33014AEE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {2C369365-B4A9-478E-AA0C-E390651A55F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
    Task: {2CFC2894-9553-46C7-AA7A-82D2AD983FD7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-02] (Microsoft Corporation)
    Task: {346E0415-D823-4E88-9B58-B97DE97972CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
    Task: {41D0C4A8-2634-45DF-9CAB-187F08D1B39E} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {4CFBEAE9-8B6D-47DE-A009-037E7F5108EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {50807405-E56A-4909-9328-1E5B8059B947} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {59CDCFCA-208F-47BA-B286-E64C7390812D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {60315667-8BF3-4684-80D5-DADF2A1E8AA5} - System32\Tasks\HPCeeScheduleForclarence => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {64BD76E1-91CB-4545-89E6-1998311C6023} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {79420387-8724-448F-8076-4308606206C5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
    Task: {86C50E60-FDDA-44F6-B4EA-C1E1F3628ED2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {94C89049-54CA-40B5-A4D0-77D99A5960BC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {C64B0F05-A325-49B3-9BF7-FBD1B6987FFE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {C7EC989B-3CB1-4D88-968B-20E6E81A54FB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {FF9942B0-318F-4A60-B527-83042A6E66AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\HPCeeScheduleForclarence.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-09-05 06:22 - 2013-09-05 06:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-09-05 06:24 - 2013-09-05 06:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-09-05 06:24 - 2013-09-05 06:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-09-05 06:21 - 2013-09-05 06:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-09-05 06:21 - 2013-09-05 06:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-09-05 06:21 - 2013-09-05 06:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-09-05 06:36 - 2013-09-05 06:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-09-05 06:36 - 2013-09-05 06:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2015-04-02 07:53 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-04-02 07:55 - 2015-04-02 07:55 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-09-05 06:31 - 2013-09-05 06:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-11-24 22:27 - 2014-11-24 22:27 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
    2014-10-22 18:00 - 2007-03-05 09:22 - 00081920 _____ () C:\Program Files\FinePixViewerS\wia_register_event.dll
    2014-04-02 14:43 - 2013-08-05 03:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-04-16 19:25 - 2015-04-16 19:25 - 01131008 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\72dff8d45b73e9b02b3838d29765607a\Windows.ApplicationModel.ni.dll
    2015-04-16 19:25 - 2015-04-16 19:25 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
    2015-04-16 19:25 - 2015-04-16 19:25 - 00808448 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\7abff64c7c1ea1fae5bd170c8238b73e\Windows.Storage.ni.dll
    2015-04-16 19:25 - 2015-04-16 19:25 - 00133120 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.System\c639835fe3da556a2cbe2e03540996c0\Windows.System.ni.dll
    2015-04-16 19:25 - 2015-04-16 19:25 - 00402432 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ae4a1bf110c1a12f619514bde2b27939\Windows.Security.ni.dll
    2014-09-29 06:13 - 2014-09-29 06:13 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll
    2015-04-16 19:26 - 2015-04-16 19:26 - 00239616 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\94af4549db265c6f339c287c8675d234\Windows.Globalization.ni.dll
    2015-04-16 16:11 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
    2015-04-16 16:11 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
    2015-04-16 16:11 - 2015-04-13 17:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\clarence\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\clarence\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dscf0101.jpg
    DNS Servers: 192.168.1.254 - 75.153.176.9

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\StartupApproved\Run: => "BearShare"
    HKU\S-1-5-21-194837296-4037038390-1075605202-1001\...\StartupApproved\Run: => "Super Optimizer"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-194837296-4037038390-1075605202-500 - Administrator - Disabled)
    clarence (S-1-5-21-194837296-4037038390-1075605202-1001 - Administrator - Enabled) => C:\Users\clarence
    Guest (S-1-5-21-194837296-4037038390-1075605202-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-194837296-4037038390-1075605202-1003 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/17/2015 01:54:15 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (04/17/2015 09:45:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: sqmapi.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504626
    Exception code: 0xc0000005
    Fault offset: 0x0000b7c0
    Faulting process id: 0x1694
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (04/16/2015 06:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: FRST64.exe, version: 15.4.2015.4, time stamp: 0x552eadab
    Faulting module name: FRST64.exe, version: 15.4.2015.4, time stamp: 0x552eadab
    Exception code: 0xc0000005
    Fault offset: 0x0000000000024a00
    Faulting process id: 0x1774
    Faulting application start time: 0xFRST64.exe0
    Faulting application path: FRST64.exe1
    Faulting module path: FRST64.exe2
    Report Id: FRST64.exe3
    Faulting package full name: FRST64.exe4
    Faulting package-relative application ID: FRST64.exe5

    Error: (04/16/2015 06:17:35 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (04/16/2015 06:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: MSHTML.dll, version: 11.0.9600.17690, time stamp: 0x54e7d023
    Exception code: 0xc0000005
    Fault offset: 0x00407d0b
    Faulting process id: 0x1f08
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (04/16/2015 04:06:02 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (04/16/2015 04:06:02 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {E6386062-B8BF-486E-B402-3B713BB1C6E2}

    Error: (04/16/2015 04:06:01 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {E6386062-B8BF-486E-B402-3B713BB1C6E2}

    Error: (04/16/2015 03:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
    Faulting module name: MSHTML.dll, version: 11.0.9600.17690, time stamp: 0x54e7d023
    Exception code: 0xc0000005
    Fault offset: 0x00407d0b
    Faulting process id: 0x1264
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (04/16/2015 00:39:14 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8


    System errors:
    =============
    Error: (04/17/2015 10:38:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 5 time(s).

    Error: (04/17/2015 09:00:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 4 time(s).

    Error: (04/17/2015 07:43:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    %%1

    Error: (04/17/2015 03:23:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).

    Error: (04/17/2015 01:22:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).

    Error: (04/16/2015 11:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/16/2015 10:49:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DZdoNHWKoS service failed to start due to the following error:
    %%2

    Error: (04/16/2015 10:49:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062

    Error: (04/16/2015 10:06:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (04/16/2015 10:06:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee CSP Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (04/17/2015 01:54:15 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: -2147024883

    Error: (04/17/2015 09:45:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9sqmapi.dll_unloaded6.3.9600.1741554504626c00000050000b7c0169401d07914af028e74C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEsqmapi.dllfc4e66f9-e507-11e4-82dc-40a8f03ce9c0

    Error: (04/16/2015 06:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: FRST64.exe15.4.2015.4552eadabFRST64.exe15.4.2015.4552eadabc00000050000000000024a00177401d07893f050fc36C:\Users\clarence\Downloads\FRST64.exeC:\Users\clarence\Downloads\FRST64.exe48414661-e487-11e4-82d9-40a8f03ce9c0

    Error: (04/16/2015 06:17:35 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: -2147024883

    Error: (04/16/2015 06:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.1769054e7d023c000000500407d0b1f0801d078812c4a6973C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dllfc55174e-e485-11e4-82d9-40a8f03ce9c0

    Error: (04/16/2015 04:06:02 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (04/16/2015 04:06:02 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {E6386062-B8BF-486E-B402-3B713BB1C6E2}

    Error: (04/16/2015 04:06:01 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {E6386062-B8BF-486E-B402-3B713BB1C6E2}

    Error: (04/16/2015 03:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.1769054e7d023c000000500407d0b126401d0787f666f7ce1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\MSHTML.dllb59d9cbe-e472-11e4-82d9-40a8f03ce9c0

    Error: (04/16/2015 00:39:14 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8


    ==================== Memory info ===========================

    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
    Percentage of memory in use: 45%
    Total physical RAM: 3532.01 MB
    Available physical RAM: 1912.49 MB
    Total Pagefile: 7116.01 MB
    Available Pagefile: 4537.06 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.85 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:915.26 GB) (Free:854.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:14.77 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: A1A27D22)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

    **************************************************************************************************************************************************************************************************************************************************************************************


    I am wondering what your thoughts are regarding McAfee Antivirus. On my laptop I use AVG Free and I never have issues, whereas my mom PAYS for her McAfee subscription and ends up with a computer that was totally infested in viruses. What antivirus do YOU use, or recommend? I can't thank you enough for your help.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    I use Kaspersky IS and Malwarebytes Premium on all of my systems, that is what I recommend....

    Continue:

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    Uninstall the following outdated versions of Java:

    Java 8 Update 31
    Java 8 Update 40


    Post log from FRST, also let me know if any remaining issues or concerns...

    Thanks,

    Kevin..
     

    Attached Files:

  13. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    Here is the Fixlog.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2015 01
    Ran by clarence at 2015-04-19 15:23:28 Run:2
    Running from C:\Users\clarence\Downloads
    Loaded Profiles: clarence (Available profiles: clarence)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    S2 DZdoNHWKoS; "C:\ProgramData\UgZmRiwEqRZ\DZdoNHWKoS.exe" [X]
    C:\ProgramData\UgZmRiwEqRZ
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
    C:\Users\clarence\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\clarence\AppData\Local\Temp\Quarantine.exe
    C:\Users\clarence\AppData\Local\Temp\sqlite3.dll
    Task: {093247C9-2ABB-4BFF-AA97-DA38D5EB6994} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
    C:\Program Files (x86)\System Optimizer Pro
    EmptyTemp:
    end



    *****************

    DZdoNHWKoS => Service deleted successfully.
    C:\ProgramData\UgZmRiwEqRZ => Moved successfully.
    IntcAzAudAddService => Service deleted successfully.
    RSUSBSTOR => Service deleted successfully.
    C:\Users\clarence\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\clarence\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\clarence\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{093247C9-2ABB-4BFF-AA97-DA38D5EB6994}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{093247C9-2ABB-4BFF-AA97-DA38D5EB6994}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperFastPC_AutorunOnStartup" => Key Deleted successfully.
    "C:\Program Files (x86)\System Optimizer Pro" => File/Directory not found.
    EmptyTemp: => Removed 1.4 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 15:29:55 ====




    I uninstalled the Java Updates. The computer appears to be running smoothly, finally.
    Thanks so much Kevin. Your help has been fantastic.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run the following to clean up....

    Download "Delfix by Xplode" and save it to your desktop.

    Or use the following if first link is down:

    "Delfix link mirror"

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:


    • Remove disinfection tools
    • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
    • Reset system settings

    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Any remnant files/logs from tools we have used can be deleted…

    Next,

    Read the following link to fully understand PC security and best practices, you may find it useful....

    http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

    If no remaining issues or concerns hit the "Mark Solved" tab at the top or bottom of the thread....

    Thanks,

    Kevin
     
  15. FastFifty

    FastFifty Thread Starter

    Joined:
    Apr 13, 2015
    Messages:
    9
    Awesome, thanks Kevin.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Health Alert unable
  1. pugly
    Replies:
    7
    Views:
    1,270
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1146560

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice