I tried system restore function but did not do anything. Any help would be greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by reina (administrator) on FOOTCARENURSE on 31-01-2015 16:29:59
Running from C:\Users\reina\Desktop
Loaded Profiles: reina (Available profiles: reina)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Google Inc.) C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe
(Pay By Ads LTD) C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-23] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\Run: [Google Update] => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-27] (Google Inc.)
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\Run: [Yahoo! Search] => C:\Users\reina\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe [535472 2014-08-05] (Pay By Ads LTD)
Startup: C:\Users\reina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-2586556045-1720471783-4283924833-1001] => file://C:\Program Files (x86)\BrowseMark\bin\Pac9064.js
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=md ... 762769&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_15_ie&cd=2XzuyEtN2Y1L1QzutDtDtByD0A0ByDtD0CyD0E0FtAtDyCtAtN0D0Tzu0SzztAtCtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyDyD0CtAyCyDtBtDtGtA0B0F0BtGyE0B0DyCtGzztAyB0EtGyByDyEtA0EtC0D0E0AtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0E0BtBzz0CzytGyEyD0D0FtGtAzztCzytG0FzzyBzytGyBtD0F0A0EtCyByB0Bzy0C0F2Q&cr=2036762769&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_15_ie&cd=2XzuyEtN2Y1L1QzutDtDtByD0A0ByDtD0CyD0E0FtAtDyCtAtN0D0Tzu0SzztAtCtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyDyD0CtAyCyDtBtDtGtA0B0F0BtGyE0B0DyCtGzztAyB0EtGyByDyEtA0EtC0D0E0AtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0E0BtBzz0CzytGyEyD0D0FtGtAzztCzytG0FzzyBzytGyBtD0F0A0EtCyByB0Bzy0C0F2Q&cr=2036762769&ir=
SearchScopes: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001 -> DefaultScope {8F2A4CD5-BB7C-4744-B9F9-2DDE69E28371} URL = http://rts.dsrlte.com/?q={searchTerms}&r=101
SearchScopes: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_15_ie&cd=2XzuyEtN2Y1L1QzutDtDtByD0A0ByDtD0CyD0E0FtAtDyCtAtN0D0Tzu0SzztAtCtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyDyD0CtAyCyDtBtDtGtA0B0F0BtGyE0B0DyCtGzztAyB0EtGyByDyEtA0EtC0D0E0AtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0E0BtBzz0CzytGyEyD0D0FtGtAzztCzytG0FzzyBzytGyBtD0F0A0EtCyByB0Bzy0C0F2Q&cr=2036762769&ir=
SearchScopes: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001 -> {8F2A4CD5-BB7C-4744-B9F9-2DDE69E28371} URL = http://rts.dsrlte.com/?q={searchTerms}&r=101
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: BrowseMark 1.0.0.4 -> {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} -> C:\Program Files (x86)\BrowseMark\BrowseMarkBHO.dll (BrowseMark)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab
DPF: HKLM-x32 {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://reports.idstc.com/ActiveReports/ ... rview2.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\reina\AppData\Roaming\Mozilla\Firefox\Profiles\ocatb8gi.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\reina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @talk.google.com/O1DPlugin -> C:\Users\reina\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @tools.google.com/Google Update;version=3 -> C:\Users\reina\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2586556045-1720471783-4283924833-1001: @tools.google.com/Google Update;version=9 -> C:\Users\reina\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\reina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\reina\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\reina\AppData\Roaming\Mozilla\Firefox\Profiles\ocatb8gi.default\Extensions\trash [2015-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MaintainerSvc2.49.6826863; C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe [123680 2014-12-17] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2014-08-05] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 {1d80e5b5-4071-4723-b69d-7303dd29b08f}w64; C:\Windows\System32\drivers\{1d80e5b5-4071-4723-b69d-7303dd29b08f}w64.sys [48832 2014-12-01] (StdLib)
R1 {5e58d02b-6bcf-4282-80e0-3181dfa24f06}w64; C:\Windows\System32\drivers\{5e58d02b-6bcf-4282-80e0-3181dfa24f06}w64.sys [48832 2014-10-15] (StdLib)
R1 {90b6a102-782f-4c36-a3a9-17de29ea9425}w64; C:\Windows\System32\drivers\{90b6a102-782f-4c36-a3a9-17de29ea9425}w64.sys [48832 2014-10-22] (StdLib)
R1 {b054ca2a-b52e-4dce-852f-fc425b1df036}w64; C:\Windows\System32\drivers\{b054ca2a-b52e-4dce-852f-fc425b1df036}w64.sys [48832 2014-10-14] (StdLib)
R1 {b7ef6559-ecf4-497a-81ce-d499dec7003c}w64; C:\Windows\System32\drivers\{b7ef6559-ecf4-497a-81ce-d499dec7003c}w64.sys [48832 2014-10-15] (StdLib)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys [61120 2014-05-13] (StdLib)
R1 {fe03a0d6-671a-4d18-b668-b656ba92ccf5}w64; C:\Windows\System32\drivers\{fe03a0d6-671a-4d18-b668-b656ba92ccf5}w64.sys [48832 2014-10-21] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 18:45 - 2015-01-31 18:45 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-31 16:29 - 2015-01-31 16:30 - 00019570 _____ () C:\Users\reina\Desktop\FRST.txt
2015-01-31 16:29 - 2015-01-31 16:30 - 00000000 ____D () C:\FRST
2015-01-31 16:28 - 2015-01-31 16:28 - 02130944 _____ (Farbar) C:\Users\reina\Desktop\FRST64.exe
2015-01-31 16:15 - 2015-01-31 16:15 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 16:15 - 2015-01-31 16:15 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Users\reina\AppData\Local\Mozilla
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 16:15 - 2015-01-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-31 16:10 - 2015-01-31 16:10 - 00243440 _____ () C:\Users\reina\Downloads\Firefox Setup Stub 35.0.1.exe.0ju06d7.partial
2015-01-31 16:08 - 2015-01-31 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 19:01 - 2014-12-17 09:13 - 00000000 ____D () C:\Program Files (x86)\ASP
2015-01-31 19:01 - 2014-12-17 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2015-01-31 19:01 - 2014-10-29 18:43 - 00000000 ____D () C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf
2015-01-31 19:01 - 2014-07-10 12:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-01-31 19:01 - 2014-04-10 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2015-01-31 19:01 - 2014-04-10 19:17 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2015-01-31 19:01 - 2014-04-10 19:17 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 __RSD () C:\windows\Media
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\WinMetadata
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\zh-HK
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\WinMetadata
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\uk-UA
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\tr-TR
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\th-TH
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sl-SI
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sk-SK
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\ro-RO
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\lv-LV
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\lt-LT
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\hr-HR
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\he-IL
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\et-EE
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\en-GB
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\bg-BG
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\ar-SA
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\FileManager
2015-01-31 19:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Camera
2015-01-31 19:00 - 2014-12-17 10:44 - 00000000 ____D () C:\windows\system32\appraiser
2015-01-31 18:55 - 2014-04-10 19:17 - 00000000 ____D () C:\Users\reina\AppData\Roaming\systweak
2015-01-31 18:55 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\registration
2015-01-31 18:55 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-01-31 16:25 - 2014-02-27 21:14 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001UA.job
2015-01-31 16:19 - 2014-02-22 18:59 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2586556045-1720471783-4283924833-1001
2015-01-31 16:19 - 2014-02-22 18:42 - 01237721 _____ () C:\windows\WindowsUpdate.log
2015-01-31 16:19 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-31 16:15 - 2014-12-01 19:26 - 00000000 ____D () C:\Users\reina\AppData\Roaming\Mozilla
2015-01-31 16:14 - 2014-02-22 18:55 - 00000000 __RDO () C:\Users\reina\SkyDrive
2015-01-31 16:14 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-31 16:10 - 2014-04-10 19:17 - 00003090 _____ () C:\windows\System32\Tasks\RegClean Pro
2015-01-31 16:09 - 2013-08-24 16:38 - 00891984 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-31 16:08 - 2014-02-23 18:37 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-01-31 16:06 - 2014-12-17 09:09 - 00003068 _____ () C:\windows\System32\Tasks\Right Backup_startup
2015-01-31 16:06 - 2014-04-10 19:17 - 00003120 _____ () C:\windows\System32\Tasks\Advanced System Protector_startup
2015-01-31 16:05 - 2014-02-22 18:55 - 00000000 ____D () C:\Users\reina\Documents\Youcam
2015-01-31 16:03 - 2014-02-22 18:51 - 00000000 ____D () C:\Users\reina
2015-01-31 16:03 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-31 15:45 - 2013-08-24 16:32 - 00103492 _____ () C:\windows\PFRO.log
2015-01-29 21:12 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-18 22:13 - 2013-08-22 09:46 - 00018092 _____ () C:\windows\setupact.log
==================== Files in the root of some directories =======
2014-04-10 20:16 - 2014-12-01 20:16 - 0000126 _____ () C:\Users\reina\AppData\Roaming\WB.CFG
Some content of TEMP:
====================
C:\Users\reina\AppData\Local\Temp\BackupSetup.exe
C:\Users\reina\AppData\Local\Temp\COMAP.EXE
C:\Users\reina\AppData\Local\Temp\GUREBF7.exe
C:\Users\reina\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
C:\Users\reina\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe
C:\Users\reina\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-19 04:07
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by reina at 2015-01-31 16:30:33
Running from C:\Users\reina\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\JoinMe) (Version: 1.18.0.183 - LogMeIn, Inc.)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - systweak.com) <==== ATTENTION
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Yahoo! Search (HKU\S-1-5-21-2586556045-1720471783-4283924833-1001\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2586556045-1720471783-4283924833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\reina\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
17-12-2014 09:11:04 Windows Update
15-01-2015 10:56:41 Scheduled Checkpoint
26-01-2015 17:13:37 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06D4AFA3-5810-4B80-9D2E-4F127350C4F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {1290CA25-FFFE-41F7-ADE2-775D46082E8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {1BE1F99E-0545-4BC4-B692-D7164ACC4350} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
Task: {200DBABB-241C-49F7-BA62-39BCABE7E8EE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-01] (Microsoft Corporation)
Task: {420ACA46-FB7E-49AC-8CB7-2F731E65FE23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {52F14598-7F6C-4CF3-B829-4C024BC9A414} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION
Task: {5314F886-289D-4183-B721-633A2E2C9DDD} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {974157D2-C8F5-44F2-A0D4-7B704F01CC6D} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {975C042D-FABC-4010-A3F6-6AC7B8AE8FA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001Core => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {CC8C91A9-5635-4BD6-A5D3-B5626EAC0437} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {DC98D6B3-034A-4E1A-9DD2-5474F91E69CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001UA => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {E2C5306C-7D69-49BE-8A20-961D2D354380} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {E72850D2-BEC0-4074-A096-0418AD8B2CA1} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {ED97014C-FC87-40FA-AB88-3852D03346B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001Core.job => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2586556045-1720471783-4283924833-1001UA.job => C:\Users\reina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-09-26 14:26 - 2013-09-26 14:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 14:32 - 2013-09-26 14:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 14:28 - 2013-09-26 14:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 14:25 - 2013-09-26 14:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 14:39 - 2013-09-26 14:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-10-29 17:15 - 2014-12-17 09:07 - 00123680 _____ () C:\ProgramData\602bb5c5-64ca-4d9f-8688-8581d865cedf\maintainer.exe
2014-12-01 19:40 - 2014-12-01 19:40 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-26 14:34 - 2013-09-26 14:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-12-17 09:08 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2014-01-05 17:45 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-05 17:40 - 2013-08-08 16:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-31 16:15 - 2015-01-23 05:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\reina\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2586556045-1720471783-4283924833-500 - Administrator - Disabled)
Guest (S-1-5-21-2586556045-1720471783-4283924833-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586556045-1720471783-4283924833-1003 - Limited - Enabled)
reina (S-1-5-21-2586556045-1720471783-4283924833-1001 - Administrator - Enabled) => C:\Users\reina
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/subscription namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/subscription namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root namespace does not exist. The query will be ignored.
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
System errors:
=============
Error: (01/31/2015 04:08:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053
Error: (01/31/2015 04:08:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
Error: (01/31/2015 04:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error:
%%1053
Error: (01/31/2015 04:07:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSService service.
Error: (01/31/2015 04:07:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.
Error: (01/31/2015 04:07:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error:
%%1053
Error: (01/31/2015 04:07:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSService service.
Error: (01/31/2015 04:06:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error:
%%1053
Error: (01/31/2015 04:06:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSService service.
Error: (01/31/2015 04:03:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Inc. mfeapfk service failed to start due to the following error:
%%1243
Microsoft Office Sessions:
=========================
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/subscription
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root/subscription
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root/CIMV2
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/subscription
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root
Error: (01/31/2015 03:47:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/CIMV2
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 40%
Total physical RAM: 8082.61 MB
Available physical RAM: 4815.56 MB
Total Pagefile: 9362.61 MB
Available Pagefile: 6487.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1845.85 GB) (Free:1804.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.69 GB) (Free:1.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: BFCBAF59)
Partition: GPT Partition Type.
==================== End Of Log ============================