Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Ransomware + Problem with Fingerprint Authentication device after malwa


  • This topic is locked This topic is locked
36 replies to this topic

#1 Andalucia

Andalucia

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 August 2015 - 09:23 PM

[Title: Possible Ransomware + Problem with Fingerprint Authentication device after malware cleaning]

 

Hi,

 

 

I’m having a problem with my Fingerprint Authentication device. I’m running an HP dv6-7214nr, Win 8.1. This came about after cleaning scans performed to rule out ransomware. 

 

 

Background to the current predicament:

 

A few days ago I was concerned about a possible infection by an ““Interpol/FBI”” Ransom scam virus, as I had come across a tab which opened itself up in my browser for a few seconds, while I was online. Being cautious, and without any apparent symptoms, I sought assistance online (on a different forum) to rule this out.

 

The result was that after performing any number of scans (logs attached here and detailed further down), and cleaning the findings (which I was told were most likely unconnected minor PUP’s),  I was told I was clean.

 

Upon rebooting I discovered that the fingerprinter no longer worked, and the blinking light which appear when one swipes a finger did not light up either. 

In addition, (perhaps connected – I don’t know) - In the device manager there's now a yellow triangle next to "Unknown USB Device (Device Request Descriptor Failed)". The device status says: "Windows has stopped this device because it has reported problems. (Code 43). A request for the USB device descriptor failed."

 

I don’t know if these 3 issues are connected (the scans that were cleaned, the fingerprinter, and the USB code 43), but I’d very much appreciate your assistance in resolving them!

 

 

To be clear: I did NOT encounter any popups or offline notices whatsoever (which I’ve since read are symptomatic), and was NOT locked out of my computer in any way – I was simply concerned, and preferred to be safe than sorry - hence my original inquiry reg. infection. I only encountered the scam letter once, for a few seconds, while surfing online with Firefox. I immediately disconnected the modem, shut the browser, and ultimately even uninstalled Firefox after running CCleaner.

 

Currently, other than the above mentioned issues, my computer seems to be performing perfectly.

 

 

 The scans that were run are as follows:

A.   Bitdefender Total Security (my resident, set for the deepest scans possible - came out clean)

B.   Bitdefender Programs: AntiCryptoWall; BootkitRemoval; Removal_Trojan_Ransom_IcePol; (- came out clean)

C.   Malwarebytes

D.   RKill

E.   RogueKiller

F.   Junkware Removal Tool (already attached)

G.  AdwCleaner (already attached)

H.  Farber scan (First + Additional)

 

The only suspect findings were as follows:

    A.   Malwarebytes detected: <key><path>HKU\S-1-5-21-1745969249-26260195-2738223308-1002\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>e0cecd3ddbb088ae4a371465d430837d</hash></key>[THIS ITEM WAS QUARANTINED AND THEN DELETED!]

    B.   RogueKiller detected: any number of IAT:Inl(Hook.IEAT) – all of them associated with chrome.exe. It was later explained that these were nothing to worry about…

    C.   Junkware Removal Tool detected and deleted: any number of things that might seem to a novice such as myself to be innocuous (attached).

 

    D.   AdwCleaner detected: several registry Keyes that were deleted.

 

At the forum where I was advised to perform the scans which created this problem (but where they were unable to resolve it), I was similarly advised at the end to perform a “Farbar” scan which revealed the following, which I suspect is connected. Perhaps something was deleted that should not have been…

 

==================== Faulty Device Manager Devices =============

Name: Validity Sensors (WBF) (PID=0018)

Description: Validity Sensors (WBF) (PID=0018)

Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}

Manufacturer: Validity Sensors, Inc.

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Qualcomm Atheros QCA9565 Bluetooth 4.0 Adapter

Description: Qualcomm Atheros QCA9565 Bluetooth 4.0 Adapter

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Qualcomm Atheros Communications

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

=====================================================

 

I tried to find the original driver from this HP Site; Under "Driver-Keyboard, Mouse and Input Devices" I tried to install "Validity Fingerprint Sensor Driver" - both with the HP assistant and without, but to no avail. (Reboot was not helpful either). Note: error in Device Manager remains the same. I also posted to the HP site but no one turned up to assist.

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Update:

 

Though I’ve used both Flash Drives and External Hard Drives several times since completing the scans, tonight I encountered a problem when I plugged in the EHD. It did not register under “My Computer”, and I noticed a second error in the Device Manager (another yellow triangle next to “USB Mass Storage Device” – details below). However after a reboot – It’s recognized again, and the additional error is gone… don’t know what to make of it…

 

This was the information I listed in the Device Manager:

 

Device Type: Port_Universal Serial Bus controllers

Manufacturer: Compatible USB storage device

Location: Port_#0008.Hub_#0003

Error: “Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38). The driver could not be loaded because a previous version of the driver is still in memory.”

Driver Version: 6.3.9600.17331

Digital Signer: Microsoft Windows

 

 

 

** Thanks very much in advance!!! **


Edited by Andalucia, 26 August 2015 - 01:50 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 30 August 2015 - 09:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/588056 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 30 August 2015 - 10:29 PM

Hi,

 

Yes, Please – I do still need assistance (!) Nothing has changed since posting.

 

Seeing as I’ve already posted the ‘FRST’ and ‘Addition’ scans above, and don’t see how I can attach any additional scans to this post at this point, I’ll hold off on executing additional Farbar scans at this time. If you do require additional ones, please instruct on how I might attach the new ones here.

 

Thanks, and hoping to hear from you soon.



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 01 September 2015 - 11:22 AM

Hi Andalucia,
 
Welcome to the Bleeping Computer malware removal forum. :) My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#5 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 01 September 2015 - 03:02 PM

Hi polskamachina,

 

Thanks for picking up the gauntlet! Ready when you are.

 

Regards



#6 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 02 September 2015 - 01:15 AM

Hi again polskamachina,

 

 

Just wanted to keep you updated:

 

While this past week since I posted has largely been uneventful, something strange did happened this evening. While browsing, I noticed the system getting “heavier” and opened the Task Manager to see what was up.

 

There was an item which had opened multiple times… it looked like multiple (many) java process were running; looking one up – the properties read: “javaws”, and the folder address was: C:\Program Files (x86)\Java\jre1.8.0_60\bin.

 

I shut down, rebooted, cleaned (with Ccleaner), scanned with both Malwarebytes and Bitdefender Total, and came out clean. This was the only time I’ve ever noticed this happening, and so far it has not reoccurred. Don’t know if it’s connected, but want to report everything.

 

I don’t want to come off paranoid, but do want to mention everything that might conceivably be relevant: Once I was up and running again, I kept inspecting the Task Manager for quite a while to make sure nothing strange was happening. I did notice another process (single, low memory) I’d never noticed before, and thought to mention it: “com surrogate”. I ended the task, and haven’t seen it again.

 

I hope these are just false alarms, but I am concerned. I’ve never ever been infected with anything up till now.

 

 

** Thanks and Regards **



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 02 September 2015 - 10:48 AM

Hi Andalucia :)

 

That's good detective work. However you should know in advance that trying to watch what's going on in the Task Manager and connecting it to malware is not always productive. I am working on a response to your issues and will get back to you.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#8 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 02 September 2015 - 12:29 PM

Hi polskamachina,

 

 

I understand :)

 

Look forward to hearing from you when you’re ready. I appreciate your help!



#9 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 02 September 2015 - 09:34 PM

Hi polskamachina,

 

Begging your pardon – but one more update: I ran the Microsoft Windows maintenance tool [Control Panel\All Control Panel Items\Troubleshooting\Hardware and Sound]; and it found that the Qualcomm Atheros Bluetooth was turned off. Upon turning it back on again – lo and behold – the fingerprint authentication device is back working, and the yellow triangle in the Device Manager indicating a code 43 error with an Unknown USB Device – is gone (!).

 

It’s not clear to me how this adapter has to do with the fingerprinter, (or possible infection) but at least that’s one concern off the list.

 

Having said that – the problem I’d mentioned earlier with multiple java process running simultaneously and causing the system to hang (- always when Firefox is running) and necessitate a shut down – has reoccurred twice more…

 

I hope you’ll still be available to help me investigate if the system has been infected.

 

 

Thanks again and regards :)


Edited by Andalucia, 02 September 2015 - 09:42 PM.


#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 02 September 2015 - 11:38 PM

Hi Andalucia :)

 

Thank you for the update. I will modify my instructions to reflect your findings.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 04 September 2015 - 10:10 AM

Hi Andalucia :)

 

Sorry for the delay in getting back to you.

 

Let me officially welcome you to the Virus, Trojan, Spyware, and Malware Removal Logs forum.
What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's begin with the fixing.

 

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, click on the download link for your operating system Windows x64: jre-8u60-windows-x64.exe and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Programs and Features in  and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click, jre-8u60-windows-x64.exe to install the newest version.
  • If the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. However, be aware that the Java updater prompts you to make Yahoo Search your browser's default search engine and home page...the option is pre-checked.
 

Please let me know if you're system is still locking up.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#12 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 04 September 2015 - 12:15 PM

Hi Polkamachina,

 

 

Thanks for your instructions. I will follow through to the letter  :thumbup2: 

 

I do have a couple things to mention just to make sure I'm understanding you fully:

  1. FYI: I recently updated Java to v.60, (I do believe this was before all this happened) and am surprised that you say it's not recognized as such... The version of Java I have installed (as per the Control Panel) is “Java 8 update 60 (8.0.600.27)” I believe I’d downloaded and installed: “jre-8u60-windows-i586-iftw”. Also - I see the Java Updater running in the Task Manager, but it has not prompted me for an update... anyhow – I AM UNINSTALLING THIS AND STARTING AFRESH AS PER INSTRUCTIONS :)
  2. I understand NOT to run any tools, but does this include not cleaning with CCleaner, or scanning with Bitdefender, Malwarebytes; and allowing Bitdefender's anti-ransomware (“AntiCryptoWall”) to be turned on in the background? If not - should I turn them all off? (Obviously I'd rather not...)
  3. Just to be clear - my system was not chronically locking up - only a few times... It actually seemed to happen mostly (2-3 times) just when I’d open up the “respond” box to post to you… I wonder if this opens up some Java features and has something to do with it…?

 

I am going to create a backup (will take some time) and finish carrying out the instructions, and then report back to you. I’ll be back pretty soon.

 

 

In the meantime – Thanks!



#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 04 September 2015 - 01:38 PM

Hi Andalucia :)

I understand NOT to run any tools, but does this include not cleaning with CCleaner, or scanning with Bitdefender, Malwarebytes; and allowing Bitdefender's anti-ransomware (“AntiCryptoWall”) to be turned on in the background? If not - should I turn them all off? (Obviously I'd rather not...)

That's an important question. I would say it's OK to keep your background Bitdefender tools running. CCleaner is fine. What we don't want is for you to run a tool that will automatically modify your system. Some tools are very powerful and can brick your computer quite quickly if not used properly.

 

I will follow up on your Java questions soon.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 04 September 2015 - 03:38 PM

Hi Andalucia :)
 
Your logs showed an older version of Java and that's why the instructions were given to update it.
 
It is possible that between the time your ran the FRST scan and the time you checked your Java version, the software was automatically updated which is what it's supposed to do. It is also good to remove the older versions of Java so I hope you were able to do that.
 
Regarding your browser hanging, can you remember what other instances besides using the Bleeping Computer "respond box" initiated a hang?
 
Let's run another FRST scan and see what it says about Java.
 
If you didn't save your FRST64 program, then download Farbar Recovery Scan Tool and save it to your Desktop.
 

  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Check the box for Addition.txt
  • Press the Scan button.
  • When finished, it will produce two logs called FRST.txt and addition.txt in the same directory from which the tool was run.
  • Please copy and paste the logs in your next reply to me.

Let me know if you have any questions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#15 Andalucia

Andalucia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 06 September 2015 - 12:46 AM

Hi Polkamachina,

 

 

I’m back :)

 

Several updates please:

 

 

A) BEFORE uninstall/reinstallation of Java: you’d asked about other occurrences of the Java hang. It did actually happen one more time this afternoon, right after using the browser (Firefox). I’d opened the browser directly to a single Amazon page from a bookmark, just to briefly check on an item there, then closed it again, and ran Ccleaner. During the very short period the page was open I did no notice anything was up; but apparently that set something off I wasn’t aware of till later - when I returned to my PC to find the following notices:

 

“Error Encountered while envoking Java Web Start SysExec) C:\Program Files (x86\Java\jre1.8.0_60\bin\javaws.exe)”

and a “Low memory notice”  prompting me to close programs.  I forced Shut Down, and upon Reboot I was back to normal.

 

 

B) I believe it was DURING the uninstalling of Java (right on the onset) - I got this notice: “Java™WebStart 11.60.2.27-fcs Cannot find message file”. I continued with the uninstall, then rebooted, verified it was uninstalled, and proceeded to RE-install.

Note: I now see “Java Update Scheduler (32bit)” in the Task Manager. Should this not be 64 bit?...

 

 

C) I have not yet tried the internet since revamping Java… (until now that is, though so far - so good).  I do notice that in Firefox Plugins, there used to be one for Java (the new 60 version) and now it’s gone… Do I need to get it back? (not sure I remember how...).

 

 

D) Regarding the FRST64 scan: 

 

First off, please note: until I know we’ve established I’m clean, I’ve made the new practice of applying “airplane mode” whenever not using the internet. This was so while scanning with FRST64, and will probably be the case with other scans you may request. Please let me know if you’d rather turn airplane mode off.

 

Please find the following scans (FRST + Addition) separated by 3 rows of ++++ :)

 

P.S – if we do end up deleting anything, or if you do find anything fishy – you’ll let me know beforehand, right? :unsure:

 

 

Thanks again, Polkamachina (!!)

Best Regards

 

 

----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by [NAME] (administrator) on [NAME] (06-09-2015 00:13:00)
Running from C:\Users\[NAME]\Desktop\My Documents\Computer stuff\0 - INS & Program Files\00 - Security 2015
Loaded Profiles: [NAME] (Available Profiles: [NAME] & Administrator & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDAntiCryptoWall.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-30] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2013-01-04] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-23] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-07-16] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\Run: [Google Update] => C:\Users\[NAME]\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [74144 2012-09-28] (Hewlett-Packard Company)
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-23] (Bitdefender)
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-08-25] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-08-25] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-08-25] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-08-25] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {AF7B716A-8791-45FE-816E-C6B922D08CB2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AF7B716A-8791-45FE-816E-C6B922D08CB2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1745969249-26260195-2738223308-1002 -> {AF7B716A-8791-45FE-816E-C6B922D08CB2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1745969249-26260195-2738223308-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} ->  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKU\S-1-5-21-1745969249-26260195-2738223308-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{156E8292-61C8-4909-93F2-00532718CB3C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dbfd7502-d4c7-4d8d-a9df-304589fa415c}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-07] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-07-16] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1745969249-26260195-2738223308-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\[NAME]\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1745969249-26260195-2738223308-1002: @talk.google.com/O1DPlugin -> C:\Users\[NAME]\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1745969249-26260195-2738223308-1002: @tools.google.com/Google Update;version=3 -> C:\Users\[NAME]\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1745969249-26260195-2738223308-1002: @tools.google.com/Google Update;version=9 -> C:\Users\[NAME]\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1745969249-26260195-2738223308-1002: hp.com/HPDetect -> C:\Users\[NAME]\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-10] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\[NAME]\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\v\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Lightshot (screenshot tool) - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2015-05-28]
FF Extension: Disconnect - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\2.0@disconnect.me.xpi [2015-08-18]
FF Extension: Ghostery - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\firefox@ghostery.com.xpi [2015-08-21]
FF Extension: Open in Private Browsing Mode - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\jid1-0FHdJAAQ7Nb73Q@jetpack.xpi [2015-03-07]
FF Extension: Privacy Badger - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2015-08-18]
FF Extension: Private Tab - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\privateTab@infocatcher.xpi [2015-03-07]
FF Extension: Safe Preview - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\safepreview@everhelper.me.xpi [2015-08-07]
FF Extension: TrafficLight - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\trafficlight@bitdefender.com.xpi [2015-05-15]
FF Extension: Facebook Phishing Protector - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2015-08-07]
FF Extension: Perfect Redirector - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\{4B797F68-9C25-4926-8959-728E54D7B699}.xpi [2015-08-07]
FF Extension: NoScript - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-08-21]
FF Extension: Googlebar Lite - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2015-03-07]
FF Extension: Adblock Plus - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-07]
FF Extension: WorldIP - C:\Users\[NAME]\AppData\Roaming\Mozilla\Firefox\Profiles\anrq3nwj.default-1425684543997\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2015-08-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-28]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-08-28]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-12-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-13]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR Profile: C:\Users\[NAME]\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitdefender Wallet) - C:\Users\[NAME]\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-07-18]
CHR Extension: (Website Logon) - C:\Users\[NAME]\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-05-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\[NAME]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\[NAME]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-03]
CHR Extension: (Hangouts) - C:\Users\[NAME]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\[NAME]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-29] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244752 2012-07-16] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-12] (Bitdefender)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-23] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S5 3ware; C:\Windows\System32\drivers\3ware.sys [108896 2013-08-22] (LSI)
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [533824 2014-10-07] (Microsoft Corporation)
R5 acpiex; C:\Windows\System32\Drivers\acpiex.sys [79712 2013-08-22] (Microsoft Corporation)
S5 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S5 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] (Microsoft Corporation)
S5 amdsata; C:\Windows\System32\drivers\amdsata.sys [79200 2013-08-22] (Advanced Micro Devices)
S5 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259424 2013-08-22] (AMD Technologies Inc.)
S5 amdxata; C:\Windows\System32\drivers\amdxata.sys [25952 2013-08-22] (Advanced Micro Devices)
S5 arcsas; C:\Windows\System32\drivers\arcsas.sys [114016 2013-08-22] (PMC-Sierra, Inc.)
S5 atapi; C:\Windows\System32\drivers\atapi.sys [26464 2013-08-22] (Microsoft Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R5 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-06-23] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-06-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-06-23] (BitDefender)
S5 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation)
S5 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R5 CLFS; C:\Windows\System32\drivers\CLFS.sys [377152 2015-03-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [561928 2015-03-30] (Microsoft Corporation)
S3 dc3d; C:\Windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed]
R5 disk; C:\Windows\System32\drivers\disk.sys [100192 2013-08-22] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows ® Win 7 DDK provider)
S5 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R5 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [82784 2013-08-22] (Microsoft Corporation)
S5 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [114016 2013-08-22] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [79192 2014-02-22] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [354112 2014-08-25] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [30048 2013-08-22] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [589656 2014-04-07] (Microsoft Corporation)
S5 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [65888 2013-08-22] (Microsoft Corporation)
R5 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-06-23] (BitDefender LLC)
R5 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company)
S5 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] (Hewlett-Packard Company)
S5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24416 2013-08-22] (Microsoft Corporation)
S5 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [650808 2013-05-30] (Intel Corporation)
R5 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
S5 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412000 2013-08-22] (Intel Corporation)
S5 intelide; C:\Windows\System32\drivers\intelide.sys [18272 2013-08-22] (Microsoft Corporation)
R5 intelpep; C:\Windows\System32\drivers\intelpep.sys [39744 2014-10-17] (Microsoft Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit)
S5 isapnp; C:\Windows\System32\drivers\isapnp.sys [21856 2013-08-22] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100672 2014-10-28] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [178008 2015-06-28] (Microsoft Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-20] (Atheros)
S5 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [109408 2013-08-22] (LSI Corporation)
S5 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [93536 2013-08-22] (LSI Corporation)
S5 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S5 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82784 2013-08-22] (LSI Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S5 megasas; C:\Windows\System32\drivers\megasas.sys [56672 2013-08-22] (LSI Corporation)
S5 megasr; C:\Windows\System32\drivers\megasr.sys [575840 2013-08-22] (LSI Corporation, Inc.)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [101720 2015-07-15] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17248 2013-08-22] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [78688 2013-08-22] (Microsoft Corporation)
S5 mvumis; C:\Windows\System32\drivers\mvumis.sys [63840 2013-08-22] (Marvell Semiconductor, Inc.)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [1113944 2015-07-14] (Microsoft Corporation)
R5 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [31376 2015-07-23] (NVIDIA Corporation)
S5 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2013-08-22] (NVIDIA Corporation)
S5 nvstor; C:\Windows\System32\drivers\nvstor.sys [168288 2013-08-22] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S5 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [124768 2013-08-22] (Microsoft Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [88896 2014-10-15] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [280384 2014-07-24] (Microsoft Corporation)
S5 pciide; C:\Windows\System32\drivers\pciide.sys [14688 2013-08-22] (Microsoft Corporation)
S5 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [114528 2013-08-22] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50016 2013-08-22] (Microsoft Corporation)
R5 pdc; C:\Windows\System32\drivers\pdc.sys [86336 2014-10-16] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [249688 2014-02-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S5 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107872 2013-08-22] (Microsoft Corporation)
S5 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Silicon Integrated Systems Corp.)
S5 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2013-08-22] (Silicon Integrated Systems)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2013-01-04] (Synaptics Incorporated)
R5 spaceport; C:\Windows\System32\drivers\spaceport.sys [415040 2014-10-28] (Microsoft Corporation)
S5 stexstor; C:\Windows\System32\drivers\stexstor.sys [31072 2013-08-22] (Promise Technology, Inc.)
S5 storahci; C:\Windows\System32\drivers\storahci.sys [107872 2013-08-22] (Microsoft Corporation)
S5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [49944 2014-10-28] (Microsoft Corporation)
S5 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S5 storvsc; C:\Windows\System32\drivers\storvsc.sys [45888 2013-08-22] (Microsoft Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-11-13] (Anchorfree Inc.)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2476376 2015-06-11] (Microsoft Corporation)
R5 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-23] (BitDefender S.R.L.)
S5 uagp35; C:\Windows\System32\drivers\uagp35.sys [64864 2013-08-22] (Microsoft Corporation)
S5 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [65888 2013-08-22] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [37728 2013-08-22] (Microsoft Corporation)
S5 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIA Technologies, Inc.)
S5 vmbus; C:\Windows\System32\drivers\vmbus.sys [97048 2014-10-28] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [73568 2013-08-22] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [377696 2013-08-22] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [310080 2014-06-18] (Microsoft Corporation)
S5 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIA Technologies Inc.,Ltd)
S5 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305504 2013-08-22] (VIA Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [839488 2013-08-22] (Microsoft Corporation)
R5 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [136512 2014-11-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R5 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 15:19 - 2015-09-05 15:19 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-09-05 15:19 - 2015-09-05 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-05 15:07 - 2015-09-05 15:21 - 00000462 _____ C:\WINDOWS\setupact.log
2015-09-05 15:07 - 2015-09-05 15:07 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-05 01:04 - 2015-09-05 01:04 - 00001600 _____ C:\Users\[NAME]\Desktop\MobileSync - (IOS Backup).lnk
2015-09-04 12:53 - 2015-09-04 12:53 - 56501344 _____ (Oracle Corporation) C:\Users\[NAME]\Downloads\jre-8u60-windows-x64.exe
2015-08-28 22:28 - 2015-09-02 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 14:57 - 2015-08-27 14:57 - 00001242 _____ C:\Users\[NAME]\Desktop\Frequent Flyer Stuff - Shortcut.lnk
2015-08-27 14:54 - 2015-08-27 14:54 - 00001170 _____ C:\Users\[NAME]\Desktop\tviaa - Shortcut.lnk
2015-08-27 14:42 - 2015-09-04 12:38 - 00001750 _____ C:\Users\[NAME]\Desktop\Interpol Virus - Shortcut.lnk
2015-08-27 14:16 - 2015-08-27 14:16 - 00001627 _____ C:\Users\[NAME]\Desktop\Desktop PROGRAM LAUNCH - Shortcut.lnk
2015-08-27 14:14 - 2015-08-27 14:14 - 00001501 _____ C:\Users\[NAME]\Desktop\CUETools - Shortcut.lnk
2015-08-26 12:05 - 2015-08-26 12:05 - 00001446 _____ C:\Users\[NAME]\Desktop\==LETTER=== - Shortcut.lnk
2015-08-21 22:52 - 2015-08-21 22:52 - 00001144 _____ C:\Users\[NAME]\AppData\Roaming\Microsoft\Windows\Start Menu\MiniLyrics.lnk
2015-08-21 22:26 - 2015-08-21 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-21 22:25 - 2015-08-21 22:25 - 00000000 ____D C:\Program Files\iPod
2015-08-21 17:36 - 2015-09-01 16:20 - 00000000 ____D C:\Users\[NAME]\AppData\Roaming\MiniLyrics
2015-08-21 17:36 - 2015-08-21 17:36 - 00000000 ____D C:\Program Files (x86)\MiniLyrics
2015-08-21 12:32 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-21 12:32 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-21 12:32 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-21 12:15 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-21 12:15 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-21 12:11 - 2015-09-05 15:19 - 00000000 ____D C:\Users\[NAME]\.oracle_jre_usage
2015-08-21 12:11 - 2015-08-21 12:11 - 00000000 ____D C:\Users\[NAME]\AppData\Roaming\Sun
2015-08-21 12:07 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-21 12:07 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-21 12:07 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-21 12:07 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-21 12:07 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-21 12:07 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-21 12:07 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-21 12:07 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-21 12:07 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-21 12:07 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-21 12:07 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-21 12:06 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-21 12:06 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-21 12:06 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-21 12:06 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-21 12:06 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-21 12:06 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-21 12:06 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-21 12:06 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-21 12:06 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-21 12:06 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-21 12:06 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-21 12:06 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-21 12:06 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-21 12:06 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-21 12:06 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-21 12:06 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-21 12:06 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-21 12:06 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-21 12:06 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-21 12:06 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-21 12:06 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-21 12:06 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-21 12:06 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-21 12:06 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-21 12:06 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-21 12:06 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-21 12:06 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-21 12:06 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-21 12:06 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-21 12:06 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-21 12:06 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-21 12:06 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-21 12:06 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-21 12:06 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-21 12:06 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-21 12:05 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-21 12:05 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-21 12:05 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-21 12:05 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-21 12:05 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-21 12:05 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-21 12:05 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-21 12:05 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-21 12:05 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-21 12:05 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-21 12:05 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-21 12:05 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-21 12:05 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-21 12:05 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-21 12:04 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-21 12:04 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-21 12:04 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-21 12:04 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-21 12:04 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-21 12:04 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-21 12:04 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-21 12:04 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-21 12:04 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-21 12:04 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-21 12:04 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-21 12:04 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-21 12:04 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-21 12:03 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-21 12:03 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-21 12:03 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-21 12:03 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-21 12:03 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-21 12:03 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-21 12:03 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-21 12:03 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-21 12:03 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-21 12:03 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-21 12:03 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-21 12:03 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-21 12:03 - 2015-07-10 15:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-08-21 12:03 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-21 12:03 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-21 12:03 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-21 12:03 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-21 12:03 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-21 12:03 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-21 11:48 - 2015-08-21 11:48 - 00002552 _____ C:\Users\[NAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP Support Assistant.lnk
2015-08-21 11:48 - 2015-08-21 11:48 - 00002401 _____ C:\Users\[NAME]\AppData\Roaming\Microsoft\Windows\Start Menu\HP Support Assistant.lnk
2015-08-21 11:01 - 2015-08-21 11:01 - 00001200 _____ C:\Users\[NAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Mozilla Firefox.lnk
2015-08-21 10:35 - 2015-08-21 10:35 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-20 14:09 - 2015-08-20 14:09 - 00000000 ____D C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
2015-08-20 12:45 - 2015-08-20 12:46 - 48845272 _____ C:\Users\[NAME]\Downloads\Validity495_Win8.1_Fingerprint_Setup_A00_ZPE.exe
2015-08-19 21:32 - 2015-08-20 11:14 - 00074981 _____ C:\Users\[NAME]\Downloads\FRST.txt
2015-08-19 21:32 - 2015-08-19 22:40 - 00050013 _____ C:\Users\[NAME]\Downloads\Addition.txt
2015-08-19 21:31 - 2015-09-06 00:13 - 00000000 ____D C:\FRST
2015-08-19 17:21 - 2015-09-05 15:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-08-19 16:59 - 2015-08-20 10:34 - 00000000 ____D C:\AdwCleaner
2015-08-19 12:33 - 2015-08-20 11:03 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-19 12:33 - 2015-08-20 10:35 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-08-19 07:09 - 2015-09-05 15:06 - 00003106 _____ C:\WINDOWS\System32\Tasks\BDAntiCryptoWallTask
2015-08-19 07:07 - 2015-08-19 07:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiCryptoWall
2015-08-19 05:38 - 2015-08-19 05:38 - 00001183 _____ C:\Users\[NAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Malwarebytes Anti-Malware.lnk
2015-08-19 05:16 - 2015-09-05 15:21 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-19 05:16 - 2015-08-19 05:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-19 05:16 - 2015-08-19 05:16 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-19 05:16 - 2015-08-19 05:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-19 05:16 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-19 05:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-19 05:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-17 15:51 - 2015-08-21 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 00:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-06 00:02 - 2012-12-20 18:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-05 23:43 - 2012-12-20 18:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002UA.job
2015-09-05 23:27 - 2013-07-29 14:31 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-05 22:27 - 2013-07-29 14:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-05 21:56 - 2014-07-09 21:06 - 00000000 ____D C:\Users\[NAME]\AppData\Roaming\ClassicShell
2015-09-05 18:36 - 2012-12-19 18:19 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1745969249-26260195-2738223308-1002
2015-09-05 17:28 - 2013-11-03 15:33 - 01532384 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-05 15:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-05 15:20 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-05 15:18 - 2014-03-04 06:37 - 00000000 ____D C:\Program Files\Java
2015-09-05 15:11 - 2013-01-21 15:31 - 00000000 ____D C:\Users\[NAME]\AppData\Local\CrashDumps
2015-09-05 14:54 - 2013-10-28 13:54 - 00000000 ____D C:\Users\[NAME]
2015-09-05 14:43 - 2012-12-20 18:38 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002Core.job
2015-09-05 01:04 - 2012-12-20 18:40 - 00000000 ____D C:\Users\[NAME]\AppData\Roaming\Apple Computer
2015-09-05 00:45 - 2014-07-18 13:12 - 00000000 ____D C:\Users\[NAME]\Documents\Outlook Files
2015-09-04 13:55 - 2013-09-30 00:04 - 00958356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-04 12:48 - 2014-09-07 01:39 - 00000000 ____D C:\Users\[NAME]\Downloads\Bitdefender Safepay
2015-09-04 08:52 - 2012-12-19 18:12 - 00000000 ____D C:\Users\[NAME]\AppData\Local\Packages
2015-09-03 21:22 - 2013-01-04 09:44 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-02 23:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-02 13:16 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-02 13:11 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-02 02:38 - 2013-01-13 16:00 - 00000000 ____D C:\Program Files\CCleaner
2015-09-02 00:02 - 2012-12-19 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-01 23:48 - 2012-12-28 12:18 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2015-08-29 14:01 - 2014-07-22 21:38 - 00000000 ____D C:\Lyrics
2015-08-28 22:22 - 2013-07-29 14:31 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 22:22 - 2013-07-29 14:31 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-27 16:16 - 2014-07-18 18:26 - 00000000 ____D C:\Users\[NAME]\Desktop\from iPad
2015-08-27 15:33 - 2013-10-03 14:55 - 00000000 ____D C:\Users\[NAME]\AppData\Roaming\vlc
2015-08-27 14:37 - 2012-12-20 18:38 - 00003878 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002UA
2015-08-27 14:37 - 2012-12-20 18:38 - 00003498 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002Core
2015-08-26 05:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing
2015-08-25 19:08 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-21 22:26 - 2015-07-21 20:08 - 00000000 ____D C:\Program Files\iTunes
2015-08-21 22:25 - 2014-07-12 19:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-21 22:25 - 2014-05-07 00:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-21 14:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-21 12:33 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-21 12:30 - 2014-08-28 04:11 - 00000000 ____D C:\Users\[NAME]\AppData\Local\Adobe
2015-08-21 12:23 - 2013-08-22 10:44 - 00498608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-21 12:21 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-21 12:21 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-21 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-08-21 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-21 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-21 12:21 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-21 12:15 - 2013-09-29 07:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-21 12:13 - 2013-09-29 07:37 - 00000000 ____D C:\ProgramData\Oracle
2015-08-21 12:09 - 2012-12-20 18:08 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-21 12:08 - 2015-04-24 20:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-21 12:08 - 2014-12-02 15:06 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-21 12:08 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-21 12:08 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-21 11:27 - 2012-08-17 16:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-08-21 11:27 - 2012-08-17 16:07 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-20 14:11 - 2012-08-17 16:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-20 14:11 - 2012-08-17 15:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-20 14:11 - 2012-08-17 15:51 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-20 13:55 - 2012-08-03 20:02 - 00000000 ____D C:\SWSetup
2015-08-20 13:53 - 2012-12-19 18:14 - 00000000 ____D C:\Users\[NAME]\AppData\Local\Hewlett-Packard
2015-08-19 22:40 - 2014-08-21 10:39 - 00000000 ____D C:\Users\[NAME]
2015-08-19 07:07 - 2014-07-13 00:46 - 00000000 ____D C:\Program Files\Bitdefender
2015-08-19 07:07 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-19 05:16 - 2013-10-29 06:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-13 21:50 - 2015-02-11 17:24 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-13 21:50 - 2015-02-11 17:24 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 03:02 - 2012-12-20 18:39 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2013-08-25 08:22 - 2014-03-12 13:54 - 0000100 _____ () C:\Users\[NAME]\AppData\Roaming\Camdata.ini
2013-08-25 08:22 - 2014-03-12 13:54 - 0000408 _____ () C:\Users\[NAME]\AppData\Roaming\CamLayout.ini
2013-08-25 08:22 - 2014-03-12 13:54 - 0000408 _____ () C:\Users\[NAME]\AppData\Roaming\CamShapes.ini
2013-08-24 06:37 - 2014-03-12 13:14 - 0004416 _____ () C:\Users\[NAME]\AppData\Roaming\CamStudio.cfg
2014-12-07 14:23 - 2014-12-07 14:23 - 0000017 _____ () C:\Users\[NAME]\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\ProgramData\C__Users_[NAME]_AppData_Local_Temp_7zODA16.tmp_RealHideIP.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-05 18:36

==================== End of log ============================

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by [NAME] (2015-09-06 00:13:49)
Running from C:\Users\[NAME]\Desktop\My Documents\Computer stuff\0 - INS & Program Files\00 - Security 2015
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1745969249-26260195-2738223308-500 - Administrator - Enabled) => C:\Users\Administrator.[NAME]
Guest (S-1-5-21-1745969249-26260195-2738223308-501 - Limited - Enabled) => C:\Users\Guest
[NAME] (S-1-5-21-1745969249-26260195-2738223308-1002 - Administrator - Enabled) => C:\Users\[NAME]

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Franחais, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.15 - Adobe Systems)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AntiCryptoWall (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.8.13 - Bitdefender)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aunsoft Video to Audio Converter Ver 2.0.0.4206 (HKLM-x32\...\{9F52C8D7-2E69-4F75-B570-D8C010709C38}_is1) (Version:  - )
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DICOM LiteBox 2.02 (HKLM-x32\...\DICOM LiteBox 2.02_is1) (Version:  - Etiam)
eMule (HKLM-x32\...\eMule) (Version:  - )
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\HPConnectedMusic) (Version: 1.1 (build 37) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.7.49 - Crintsoft)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Shapes 0.1.05-home (HKLM-x32\...\{EACD4344-36CB-4ACD-8566-BFE6C272CBAA}_is1) (Version: 0.1.05-home - Rossen Radev)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 1.9.16.7446 - Medixant)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.15.0 - Synaptics Incorporated)
Syncios version 2.0.3 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.0.3 - Anvsoft, Inc.)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
כלי ההגהה של Microsoft Office 2013 - עברית (HKLM\...\{90150000-001F-040D-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
כלי ההגהה של Microsoft Office 2013 - עברית (HKLM-x32\...\{90150000-001F-040D-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1745969249-26260195-2738223308-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\[NAME]\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1745969249-26260195-2738223308-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\[NAME]\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1745969249-26260195-2738223308-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1745969249-26260195-2738223308-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\[NAME]\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

19-08-2015 16:40:28 JRT Pre-Junkware Removal
29-08-2015 13:39:26 Scheduled Checkpoint
05-09-2015 14:26:22 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0328C829-211F-44CE-A4BD-227C700CF791} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {05A624C0-CE67-4F94-BF02-47A06DAA6AA4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {12AF995C-94AD-4C12-84EB-59F2211E40CC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {14F363BD-FE10-47E4-8C74-576EC7887B35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002UA => C:\Users\[NAME]\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1B90D580-D98C-4F03-9900-26198D433A39} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1F7CFD8D-4193-4CA4-943C-936331E65E8A} - System32\Tasks\{F57FEC39-FEB0-4C9F-9FA3-AF51CB52EFD1} => pcalua.exe -a "C:\Program Files (x86)\CDex\uninstall.exe"
Task: {2582A830-FA23-42B5-86C9-DDC959663B07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {2DD19DBD-FC4E-4030-BDF9-666BBD209512} - System32\Tasks\{F887EB1B-C49F-4837-B4E9-B4E54DCC37BE} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/privacy
Task: {2E413E1A-AC70-4BC0-8FDB-1C6105CEF063} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-06-23] (Bitdefender)
Task: {2EFFC7C5-C4FB-4BC6-A218-D7B66BF60AD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {2FEE5B4A-9582-4DE5-A308-1AA8E0CC732A} - System32\Tasks\{F568A7E5-F48E-4A05-8302-59D6EF1E1EBD} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/eula
Task: {33188645-C644-4205-B429-0FAD5215DFF4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {354E0FB7-5107-4A2A-ABA9-FC50217FC0E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {3D81F5FE-0CF7-4BFB-A7B1-50E1944F1F28} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-01-04] (Synaptics Incorporated)
Task: {43CBAAC7-1B38-46B9-A97F-80F11898B603} - System32\Tasks\{9C49E35C-00B1-44BE-A4AF-2F09979B141A} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/eula
Task: {5060CCF5-83B8-44A1-BA44-DED2DE646FAF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-21] (Microsoft Corporation)
Task: {50CF9548-2FA3-416E-B856-4155CB980015} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {592F1EF2-99A2-4F27-8661-2DDAC544E2C5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {59F64D35-970B-4B18-9902-3A95943B3D10} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6E703496-7044-4906-A0AA-26D96ADA5C3B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
Task: {75ABF35D-6105-458D-8D98-3C05CB27B70D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {8A2BCA33-EC1D-44A5-A4E1-F7D0F8A84ED9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8C7FC92E-152C-4F71-8B82-7FCB3AE15103} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {9A8FD3E9-A78D-42D0-8319-8B381EE56A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A203609D-841A-4E13-BA87-AA15AE452971} - System32\Tasks\{BEC274CB-7CD7-4C21-B863-D1E4C25D6A0F} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/eula
Task: {AAAFCDD2-6539-43F1-AEA6-AE7F0D6F163D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {B4315C94-5BB0-49E9-A975-78F767857808} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {C038560F-1846-495B-915E-B324EFC41B88} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {C276EC12-5BB4-4541-8AC4-70CED297DB93} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe
Task: {C9A31B8B-82BF-4542-961E-AE3F74F0BB72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
Task: {CD1437DE-8C7A-474E-A966-DF855AADD4D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002Core => C:\Users\[NAME]\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D207A7EA-18EF-42AF-935A-CBA7E07450DA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D643F36E-ABC4-4E04-B11A-B74286BADA0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {D65880CA-F8DC-4E05-A355-2303173FF0B4} - System32\Tasks\{8D7A69C4-8A1E-4BC7-B1BB-FE80F1E8A8CF} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/privacy
Task: {D6B62992-0AD5-42B1-A960-E374914F0ACB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {D8C02909-8FFF-4621-9D6D-8AFBB2965608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DB2F187E-8132-4EFF-9A92-F43C7BE5CB7B} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDAntiCryptoWall.exe [2015-08-17] ()
Task: {F35EBCE4-F4ED-46A3-A569-AD20209A2878} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {FCF48368-78B1-4627-BFB8-4A4108BF1138} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002Core.job => C:\Users\[NAME]\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1745969249-26260195-2738223308-1002UA.job => C:\Users\[NAME]\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-04 11:34 - 2014-09-04 11:34 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-13 00:49 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-07-13 00:49 - 2014-07-11 17:30 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-13 00:49 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-09-05 15:29 - 2015-09-05 15:29 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_012\ashttpbr.mdl
2015-09-05 15:29 - 2015-09-05 15:29 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_012\ashttpdsp.mdl
2015-09-05 15:29 - 2015-09-05 15:29 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_012\ashttpph.mdl
2015-09-05 15:29 - 2015-09-05 15:29 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_012\ashttprbl.mdl
2014-12-02 13:06 - 2015-07-23 00:06 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-28 13:48 - 2015-07-22 21:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 16:35 - 2015-01-20 16:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-06 04:47 - 2012-09-06 04:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2014-06-10 13:19 - 2014-06-10 13:19 - 08892072 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-07 02:19 - 2013-02-07 02:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-08-19 07:07 - 2015-08-17 18:02 - 01216264 _____ () C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDAntiCryptoWall.exe
2015-08-19 07:07 - 2015-08-14 14:49 - 00614400 _____ () C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDMetrics.dll
2014-06-10 13:19 - 2014-06-10 13:19 - 08892072 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-07 02:19 - 2013-02-07 02:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2015-03-30 21:16 - 2015-07-24 00:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-11 14:18 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-05 01:26 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-02 13:06 - 2015-07-23 00:06 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\[NAME]\OneDrive:ms-properties
AlternateDataStreams: C:\Users\[NAME]\Downloads\jre-8u60-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\[NAME]\Downloads\Validity495_Win8.1_Fingerprint_Setup_A00_ZPE.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1745969249-26260195-2738223308-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\[NAME]\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Bdagent"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "UnlockerAssistant"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "Bitdefender Wallet Application Agent"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "Bitdefender Wallet"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "Bitdefender Wallet Agent"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E7C42B69955995E7929515AEEC0F7269"
HKU\S-1-5-21-1745969249-26260195-2738223308-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8A0BF6A-89CD-49DF-BEE8-0E4C0F6106A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{91B08B12-05A9-40C3-AD4D-FF0492C11CED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B361929F-F9A3-4740-881D-86DBBCB2E0D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{79CFA739-2B30-4FAD-B9D6-827C87B04FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F17DD4BC-28E2-42E8-BF98-442CCDEB4831}] => (Allow) C:\Users\[NAME]\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{FDDC4D74-CD02-4C61-9122-50ED1DE877E1}] => (Allow) C:\Users\[NAME]\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{5714BB36-1755-4CB4-8EA4-543C5CC5AD26}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{6C8A64B9-F742-4A3D-9D21-E632FEDEEF61}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{E8730C21-181F-4BE2-B9A0-86F7BD7B139E}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{E6B6E50D-6B86-44BF-8583-8B472BF60F2E}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{CC9986E1-019C-4C0A-8521-DF4AD7167D25}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{D0DDD2B3-E0F9-4280-AEC3-1CAC893D520E}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{6BCAB19D-7BFC-4259-B489-26E806DE6970}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{99FAEA8B-DAD8-4C6A-9611-7D6B7A40EF03}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{87B8963B-3E57-4BA2-8C71-418EA41E421E}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{2E14A41A-3098-4457-8D95-B96397D79F0E}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{2AB186B9-82B6-45D2-B650-D216ACB91A5F}] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{18EB4535-A503-453F-88C4-B222BFB6F050}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{862FEE36-A86E-4D7F-9353-5CD106D27FA3}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{5CC95E2C-8B65-470D-8FAE-456A626CC07F}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{91746648-9151-4DF3-80F0-81008F48E8E9}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{1970D3B0-F790-4164-B29B-D6A6F4C494D1}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{8D762727-3FFA-4B67-A2B8-45751E76128F}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{3D64E1D4-4E09-4137-8FF2-EC0B2AA1A9DA}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{1692E140-CE75-417B-8D2F-7F522AC11474}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{9FDE2808-2340-4FF2-B0E2-A4CABA288031}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{36108711-E990-495B-91C5-C4D8FFFA5AEA}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{D3250F0A-A335-43AD-A2EB-E77017F486A2}] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{AC4281B8-4238-4BE3-A15C-F7E6B6342FBF}] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{72697CFA-6400-4DAB-80A3-DF4CBB1CC030}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{14553C48-18F5-4255-A0D2-9ED39AD4011C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{ECE2104B-9C89-43D0-9567-5557C876D6D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0040CC04-EC91-429B-B6DA-54AACE92B58F}] => (Allow) LPort=1900
FirewallRules: [{22BE7F40-953A-44D9-8B56-55B5F7766C52}] => (Allow) LPort=2869
FirewallRules: [{3D3F4044-D6FB-4800-873D-3E5C2A0DA5C3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{030F3DCE-2C20-4778-9159-3F600E61EB83}] => (Allow) C:\Program Files (x86)\HP SimplePass\CheckUpdate.exe
FirewallRules: [{0BEF73CF-F7BB-4792-BB79-97ED6D1EA647}] => (Allow) C:\Program Files (x86)\HP SimplePass\CheckUpdate.exe
FirewallRules: [{D9699838-5C9C-4DB4-B27B-2F1CDED41D1E}] => (Allow) C:\Program Files (x86)\HP SimplePass\CheckUpdate.exe
FirewallRules: [{3C1FDDF2-8071-43C0-98F0-7B192F9E98F8}] => (Allow) C:\Program Files (x86)\HP SimplePass\CheckUpdate.exe
FirewallRules: [{95F68216-D30E-4221-BB6E-737B18F40095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C1A39FDA-CA25-4A15-9F8E-A2DC834806A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EFDCCA49-4778-4EC2-A0AF-6CE5BFF7DBC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1BD859D5-057A-4813-8F68-7B51F239DC97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4C2A4CA8-4679-4EB1-835E-20E766629BAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DE9FA14F-8A3B-4C8F-9337-76A0353D06E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4B914A6-702B-4FED-A988-C2C4739FD93B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC311DB1-BB58-428D-91FD-13BCF779661C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{066FC8E6-B3E1-40AB-A130-423867635DEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{176A4F69-57C3-481F-8B0C-5A877456140F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{65421871-653D-472B-9C6B-997803C786EB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{756E33A6-A6A6-4D87-A529-C416B43329FF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8D212AA4-EDF6-4A79-9A02-72AEE856EEF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{351058F6-64F6-4FAA-9B7B-7FB34C46FD5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E72090BD-5535-4C3B-9F68-989A5997B2DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CF947951-0721-4982-B018-EA215B849216}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3B5CD4E3-E67B-49E2-AA7F-BE9807C5BA0E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6CC97BE6-B9BA-440C-BC85-4F4AE0D59C0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{011EA638-4043-497E-816D-AE2CC89F6B32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{29D179D2-1803-4B2C-8772-FEC4DC1FF35D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3F53925A-F1B4-4CA7-90C7-ABA6094025A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0C7C8465-0662-4229-A6F8-0A7DE92351E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{45A77940-FF15-4337-9146-5C83B0A4D2D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B43E3A9-B7F7-4E09-BE7C-56082541E63A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B14EF5F-8B7E-4196-90AA-446D573CCDB0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9C2AEB2B-6C52-4D25-BE5A-79F17830EF39}] => (Allow) C:\Users\[NAME]\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2015 03:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.5.9.1002, time stamp: 0x5065e128
Faulting module name: IAStorUtil.ni.dll, version: 11.5.9.1002, time stamp: 0x5065e124
Exception code: 0xc0000005
Fault offset: 0x0002f3fd
Faulting process id: 0x1f0c
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3
Faulting package full name: IAStorDataMgrSvc.exe4
Faulting package-relative application ID: IAStorDataMgrSvc.exe5

Error: (09/05/2015 03:23:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/05/2015 03:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process id: 0xcc4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (09/05/2015 03:10:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.5.9.1002, time stamp: 0x5065e128
Faulting module name: IAStorUtil.ni.dll, version: 11.5.9.1002, time stamp: 0x5065e124
Exception code: 0xc0000005
Fault offset: 0x0002f3fd
Faulting process id: 0x1308
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3
Faulting package full name: IAStorDataMgrSvc.exe4
Faulting package-relative application ID: IAStorDataMgrSvc.exe5

Error: (09/05/2015 03:10:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/05/2015 03:01:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.5.9.1002, time stamp: 0x5065e128
Faulting module name: IAStorUtil.ni.dll, version: 11.5.9.1002, time stamp: 0x5065e124
Exception code: 0xc0000005
Fault offset: 0x0002f3fd
Faulting process id: 0xc20
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3
Faulting package full name: IAStorDataMgrSvc.exe4
Faulting package-relative application ID: IAStorDataMgrSvc.exe5

Error: (09/05/2015 03:01:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (09/05/2015 09:56:04 PM) (Source: DCOM) (EventID: 10001) (User: [NAME])
Description: C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE -Embedding740{0BA2D9E2-D4C8-45B2-8F5B-B3ADE5E461E6}UnavailableUnavailable

Error: (09/05/2015 03:23:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/05/2015 03:10:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/05/2015 03:01:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (09/05/2015 03:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe11.5.9.10025065e128IAStorUtil.ni.dll11.5.9.10025065e124c00000050002f3fd1f0c01d0e8104a5c2991C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\4567f0b4105babcc65c194edbecb35e8\IAStorUtil.ni.dll8b944521-5403-11e5-bf70-a0b3cc48d6be

Error: (09/05/2015 03:23:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/05/2015 03:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02KERNELBASE.dll6.3.9600.1793655a68dd1c00001420009d4f2cc401d0e80e9fc559c8C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dlldf8b4314-5401-11e5-bf6f-a0b3cc48d6be

Error: (09/05/2015 03:10:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe11.5.9.10025065e128IAStorUtil.ni.dll11.5.9.10025065e124c00000050002f3fd130801d0e80e77269c74C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\4567f0b4105babcc65c194edbecb35e8\IAStorUtil.ni.dllb880c221-5401-11e5-bf6f-a0b3cc48d6be

Error: (09/05/2015 03:10:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/05/2015 03:01:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe11.5.9.10025065e128IAStorUtil.ni.dll11.5.9.10025065e124c00000050002f3fdc2001d0e80d44a955c5C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\4567f0b4105babcc65c194edbecb35e8\IAStorUtil.ni.dll8659b887-5400-11e5-bf6e-a0b3cc48d6be

Error: (09/05/2015 03:01:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


CodeIntegrity:
===================================
  Date: 2013-10-29 11:21:24.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:24.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:24.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:24.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:24.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:23.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:23.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:23.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:23.677
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-29 11:21:23.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8081.27 MB
Available physical RAM: 4900.64 MB
Total Virtual: 16273.27 MB
Available Virtual: 12445.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:670.15 GB) (Free:261.44 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.71 GB) (Free:3.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of log ============================


Edited by Andalucia, 06 September 2015 - 01:13 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users