Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
Ran by Arica (administrator) on LAPTOP (29-08-2015 07:46:17)
Running from C:\Users\Arica\Desktop
Loaded Profiles: Arica (Available Profiles: Arica)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\xtloowpkjv64.exe
(Mindspark) C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabarsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\First Verify\afirstsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Smart PC Cleaner) C:\Program Files (x86)\Smart PC Cleaner\SPCSchedule.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Desktop Dock) C:\Program Files (x86)\Desktop Dock\DesktopDock.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Mindspark) C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\AppIntegrator64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\Desktop Dock\DesktopDockApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.205.995.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Elite Unzip EPM Support] => C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aamedint.exe [12872 2014-11-16] (Mindspark)
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\AppIntegrator.exe [229960 2014-11-16] (Mindspark)
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\AppIntegrator64.exe [264264 2014-11-16] (Mindspark)
HKLM-x32\...\Run: [Elite Unzip Search Scope Monitor] => "C:\PROGRA~2\ELITEU~2\bar\1.bin\aasrchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-08-16] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2014-08-15]
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DesktopDock.lnk [2014-11-28]
ShortcutTarget: DesktopDock.lnk -> C:\Program Files (x86)\Desktop Dock\DesktopDock.exe (Desktop Dock)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fast Connect.lnk [2014-11-13]
ShortcutTarget: Fast Connect.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\Arica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopDockApp.lnk [2014-11-28]
ShortcutTarget: DesktopDockApp.lnk -> C:\Program Files (x86)\Desktop Dock\DesktopDockApp.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1884517766-957580978-2391730594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=780CE780&p2=^BDG^xdm037^YYA^us&ptb=D9DA62C8-381B-4524-9292-A1F12FD3ED9C&si=downloadzipfree
HKU\S-1-5-21-1884517766-957580978-2391730594-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
URLSearchHook: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 - (No Name) - {8358a5f6-e352-4677-8386-9704aa8ad899} - C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll (Mindspark)
SearchScopes: HKLM -> {AFE58BDA-3D6D-483E-80F6-042412CB8FF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AFE58BDA-3D6D-483E-80F6-042412CB8FF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> DefaultScope {AEF0AC13-0E69-4208-BDC4-C0A23FE12058} URL = hxxp://search.whiteskyservices.com/?wstoken=33023AAA-8A88-4496-9C5E-F9F350322093&dtid=1&pid=21&src=sgsearch&v=1.14.1112.9&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M9C001F6F-DB4B-46F5-80B1-CE995B612800&SearchSource=58&CUI=&UM=6&UP=SPC37ADA04-EBD8-4C94-A04E-3663579836D1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {34D23C57-1B75-4EDC-BF03-A149B6C75827} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141147,19890,0,31,0
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {AEF0AC13-0E69-4208-BDC4-C0A23FE12058} URL = hxxp://search.whiteskyservices.com/?wstoken=33023AAA-8A88-4496-9C5E-F9F350322093&dtid=1&pid=21&src=sgsearch&v=1.14.1112.9&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {AFE58BDA-3D6D-483E-80F6-042412CB8FF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
BHO-x32: Search Assistant BHO -> {1af33c13-6c63-488c-9dea-17b0e7829de5} -> C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll [2014-11-16] (Mindspark)
BHO-x32: ArcadeParlor Games -> {39AD0726-986D-40F9-972B-E3BFA24B7745} -> C:\Users\Arica\AppData\Local\ArcadeParlor\Arcadeparlor.dll [2014-11-16] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.414.3\NativeBHO.dll [2015-04-14] (WhiteSky)
BHO-x32: Toolbar BHO -> {da5d70b2-0a92-4b43-b068-a0dd02898c56} -> C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabar.dll [2014-11-16] (Mindspark)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Elite Unzip - {ef55cb9f-2729-4bff-afe5-ee59593b16e8} - C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabar.dll [2014-11-16] (Mindspark)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5646BBA6-9AD4-4ACE-B3EF-0D9026EB3554}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{842276DC-6932-4188-B756-F70477C82D17}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-15]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240208 2015-08-16] (Client Connect LTD)
R2 CouponarificService64; C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 EliteUnzip_aaService; C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabarsvc.exe [90696 2014-11-16] (Mindspark)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
R2 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [100768 2015-04-20] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-16] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-29 07:44 - 2015-08-29 07:45 - 00033234 _____ C:\Users\Arica\Desktop\Addition.txt
2015-08-29 07:41 - 2015-08-29 07:46 - 00021840 _____ C:\Users\Arica\Desktop\FRST.txt
2015-08-29 07:40 - 2015-08-29 07:46 - 00000000 ____D C:\FRST
2015-08-29 07:40 - 2015-08-29 07:33 - 02186752 _____ (Farbar) C:\Users\Arica\Desktop\FRST64.exe
2015-08-29 07:17 - 2015-08-29 07:17 - 00000000 ____D C:\Users\Arica\AppData\Roaming\Sun
2015-08-29 07:17 - 2015-08-29 07:17 - 00000000 ____D C:\Users\Arica\.oracle_jre_usage
2015-08-29 02:09 - 2015-08-29 07:15 - 00003450 _____ C:\Windows\System32\Tasks\bvxvbxvd
2015-08-29 02:08 - 2015-08-29 02:09 - 00000000 ____D C:\Users\Arica\AppData\Local\bvxvbxvd
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-29 07:42 - 2013-08-26 01:09 - 00974516 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-29 07:41 - 2014-11-28 10:41 - 00000000 ____D C:\Users\Arica\AppData\Roaming\Dock
2015-08-29 07:41 - 2014-08-15 09:27 - 01099573 _____ C:\Windows\WindowsUpdate.log
2015-08-29 07:41 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-29 07:39 - 2014-11-28 10:42 - 00000000 ____D C:\Program Files\Couponarific
2015-08-29 07:39 - 2013-08-22 09:46 - 00026037 _____ C:\Windows\setupact.log
2015-08-29 07:23 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-29 07:22 - 2014-08-15 09:36 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1884517766-957580978-2391730594-1001
2015-08-29 07:18 - 2014-10-25 09:56 - 00000000 ____D C:\ProgramData\Oracle
2015-08-29 07:18 - 2014-10-25 09:55 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-29 07:17 - 2014-10-25 09:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-29 07:17 - 2014-10-25 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-29 07:17 - 2014-08-15 09:29 - 00000000 ____D C:\Users\Arica
2015-08-29 07:15 - 2014-11-28 10:40 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-29 07:14 - 2014-02-15 20:22 - 00001867 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-08-29 07:14 - 2013-11-09 14:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-29 07:12 - 2015-06-24 11:25 - 00003456 _____ C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-08-29 07:12 - 2014-11-28 10:42 - 00000000 ____D C:\Users\Arica\Documents\ProPCCleaner
2015-08-29 07:11 - 2014-08-15 09:39 - 00000000 ____D C:\Users\Arica\AppData\Roaming\ID Vault
2015-08-29 07:11 - 2014-08-15 09:31 - 00000000 ____D C:\Users\Arica\Documents\Youcam
2015-08-29 07:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-29 07:10 - 2014-08-15 09:32 - 00000000 ___DO C:\Users\Arica\SkyDrive
2015-08-29 02:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-29 02:20 - 2013-08-22 09:44 - 00337920 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-29 02:19 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-08-29 02:14 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-29 02:10 - 2013-08-26 01:01 - 00041204 _____ C:\Windows\PFRO.log
==================== Files in the root of some directories =======
2015-06-29 22:18 - 2015-06-29 22:45 - 0000112 _____ () C:\ProgramData\O3F008.dat
Files to move or delete:
====================
C:\ProgramData\O3F008.dat
Some files in TEMP:
====================
C:\Users\Arica\AppData\Local\Temp\bbcicabecadh.exe
C:\Users\Arica\AppData\Local\Temp\Installation.exe
C:\Users\Arica\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Arica\AppData\Local\Temp\SCC.dll
C:\Users\Arica\AppData\Local\Temp\Setup.exe
C:\Users\Arica\AppData\Local\Temp\sp64126.exe
C:\Users\Arica\AppData\Local\Temp\SPSetup.exe
C:\Users\Arica\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-17 12:16
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by Arica (2015-08-29 07:47:55)
Running from C:\Users\Arica\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1884517766-957580978-2391730594-500 - Administrator - Disabled)
Arica (S-1-5-21-1884517766-957580978-2391730594-1001 - Administrator - Enabled) => C:\Users\Arica
Guest (S-1-5-21-1884517766-957580978-2391730594-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1884517766-957580978-2391730594-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ArcadeParlor (HKU\S-1-5-21-1884517766-957580978-2391730594-1001\...\{B74443DB-5A88-4583-860A-F0D06EF399E3}) (Version: - ArcadeParlor)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
couponarific (HKLM\...\740E97DF-6426-4A2A-ABEF-5C33040EFEE1) (Version: 2.0.1 - couponarific) <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DesktopDock (HKU\S-1-5-21-1884517766-957580978-2391730594-1001\...\DesktopDock) (Version: 1.0.1.32 - DesktopDock)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elite Unzip Internet Explorer Toolbar (HKLM-x32\...\EliteUnzip_aabar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.414.3 - White Sky)
FileWhiz (HKU\S-1-5-21-1884517766-957580978-2391730594-1001\...\a09f74853525d3f9) (Version: 1.0.0.70 - FileWhiz by InstallX)
First Verify version 2.0 (HKLM-x32\...\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1) (Version: 2.0 - AF, INC)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Game Downloader (HKLM-x32\...\Game Downloader) (Version: 3.9 - Dev-Fire)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.31 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner) <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.30.5 - Client Connect LTD) <==== ATTENTION
Smart PC Cleaner v4.0 (HKLM-x32\...\Smart PC Cleaner_is1) (Version: 4.0 - Smart PC Cleaner) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
16-11-2014 15:46:16 Windows Update
29-11-2014 14:06:12 Windows Update
17-06-2015 12:17:01 Windows Update
23-07-2015 13:19:12 Windows Update
29-07-2015 10:57:08 Windows Modules Installer
29-08-2015 07:25:19 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1219185B-7D4A-4E06-BD1C-E4E4568EAB74} - System32\Tasks\Smart PC Cleaner Schedule => C:\Program Files (x86)\Smart PC Cleaner\SPCSchedule.exe [2014-10-24] (Smart PC Cleaner)
Task: {1C03E647-8CA8-457E-9716-CD564C309A66} - System32\Tasks\bvxvbxvd => C:\Users\Arica\AppData\Local\bvxvbxvd\bvxvbxvd.exe [2015-08-16] () <==== ATTENTION
Task: {2CC7E7CE-FCC2-4B74-B1E6-B4BEF7DADA61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-06-17] (Microsoft)
Task: {3595F18C-201A-468E-A580-3EA0D469FC5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {397D7BE4-E20E-480F-8C9A-7C3B1FFA1D6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {406C66CD-A41D-4CCA-BE7B-24D1D004CA30} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {5E02945B-9D1C-4451-8A4F-45D44059189A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner) <==== ATTENTION
Task: {634F8D78-82EF-4F55-9BE0-C03D5682E22A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-06-17] (Hewlett-Packard)
Task: {7B6B7E09-849C-4328-9EC8-D36C1CCD8FF8} - System32\Tasks\ArcadeParlor => C:\Users\Arica\AppData\Local\ArcadeParlor\versioncheck.exe [2014-11-16] ()
Task: {8CACDD91-13DC-4D6F-A83D-D3F482D95588} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {9500C9DB-F2B3-418F-84E8-4804FFFC904B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {B22E1D04-6542-4226-8F7A-864D09F1BA1F} - System32\Tasks\Norton Security Scan for Arica => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.31\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {DA523A66-AC96-4110-A584-9B15A6B983D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E14A3E5D-6D99-4CE2-8651-4C0EB92ACF18} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-20] (Synaptics Incorporated)
Task: {E2EAED97-CB7B-4944-8D8B-AABF8B924221} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-08-21] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\ArcadeParlor.job => C:\Users\Arica\AppData\Local\ArcadeParlor\versioncheck.exe
Task: C:\Windows\Tasks\Norton Security Scan for Arica.job => C:\PROGRA~2\NORTON~2\Engine\410~1.31\Nss.exe
==================== Loaded Modules (Whitelisted) ==============
2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-11-19 10:38 - 2014-11-19 10:38 - 00186368 _____ () C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\xtloowpkjv64.exe
2014-11-19 10:38 - 2014-11-19 10:38 - 00110080 _____ () C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\nfapi.dll
2014-11-19 10:38 - 2014-11-19 10:38 - 00471040 _____ () C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\ProtocolFilters.dll
2015-06-29 22:16 - 2015-04-20 20:13 - 00100768 _____ () C:\Windows\SysWOW64\First Verify\afirstsvc.exe
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 01448472 _____ () C:\Program Files (x86)\Desktop Dock\DesktopDockApp.exe
2014-11-01 10:26 - 2014-11-01 10:26 - 03530752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2014-11-01 10:26 - 2014-11-01 10:26 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-11-28 10:41 - 2012-04-11 06:31 - 00337920 _____ () C:\Program Files (x86)\Desktop Dock\sqlite3.DLL
2014-02-15 20:17 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-16 15:21 - 2014-11-16 15:21 - 00188536 _____ () C:\Users\Arica\AppData\Local\ArcadeParlor\Arcadeparlor.dll
2015-08-29 07:16 - 2015-08-29 07:16 - 00204384 _____ () C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2iexp.dll
2015-08-29 07:16 - 2015-08-29 07:16 - 00019040 _____ () C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2native.dll
Ran by Arica (administrator) on LAPTOP (29-08-2015 07:46:17)
Running from C:\Users\Arica\Desktop
Loaded Profiles: Arica (Available Profiles: Arica)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\xtloowpkjv64.exe
(Mindspark) C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabarsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\First Verify\afirstsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Smart PC Cleaner) C:\Program Files (x86)\Smart PC Cleaner\SPCSchedule.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Desktop Dock) C:\Program Files (x86)\Desktop Dock\DesktopDock.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Mindspark) C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\AppIntegrator64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\Desktop Dock\DesktopDockApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.205.995.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Elite Unzip EPM Support] => C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aamedint.exe [12872 2014-11-16] (Mindspark)
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\AppIntegrator.exe [229960 2014-11-16] (Mindspark)
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\AppIntegrator64.exe [264264 2014-11-16] (Mindspark)
HKLM-x32\...\Run: [Elite Unzip Search Scope Monitor] => "C:\PROGRA~2\ELITEU~2\bar\1.bin\aasrchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-08-16] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2014-08-15]
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DesktopDock.lnk [2014-11-28]
ShortcutTarget: DesktopDock.lnk -> C:\Program Files (x86)\Desktop Dock\DesktopDock.exe (Desktop Dock)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fast Connect.lnk [2014-11-13]
ShortcutTarget: Fast Connect.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\Arica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopDockApp.lnk [2014-11-28]
ShortcutTarget: DesktopDockApp.lnk -> C:\Program Files (x86)\Desktop Dock\DesktopDockApp.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1884517766-957580978-2391730594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=780CE780&p2=^BDG^xdm037^YYA^us&ptb=D9DA62C8-381B-4524-9292-A1F12FD3ED9C&si=downloadzipfree
HKU\S-1-5-21-1884517766-957580978-2391730594-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
URLSearchHook: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 - (No Name) - {8358a5f6-e352-4677-8386-9704aa8ad899} - C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll (Mindspark)
SearchScopes: HKLM -> {AFE58BDA-3D6D-483E-80F6-042412CB8FF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AFE58BDA-3D6D-483E-80F6-042412CB8FF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> DefaultScope {AEF0AC13-0E69-4208-BDC4-C0A23FE12058} URL = hxxp://search.whiteskyservices.com/?wstoken=33023AAA-8A88-4496-9C5E-F9F350322093&dtid=1&pid=21&src=sgsearch&v=1.14.1112.9&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M9C001F6F-DB4B-46F5-80B1-CE995B612800&SearchSource=58&CUI=&UM=6&UP=SPC37ADA04-EBD8-4C94-A04E-3663579836D1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {34D23C57-1B75-4EDC-BF03-A149B6C75827} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141147,19890,0,31,0
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {AEF0AC13-0E69-4208-BDC4-C0A23FE12058} URL = hxxp://search.whiteskyservices.com/?wstoken=33023AAA-8A88-4496-9C5E-F9F350322093&dtid=1&pid=21&src=sgsearch&v=1.14.1112.9&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {AFE58BDA-3D6D-483E-80F6-042412CB8FF8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1884517766-957580978-2391730594-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
BHO-x32: Search Assistant BHO -> {1af33c13-6c63-488c-9dea-17b0e7829de5} -> C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aaSrcAs.dll [2014-11-16] (Mindspark)
BHO-x32: ArcadeParlor Games -> {39AD0726-986D-40F9-972B-E3BFA24B7745} -> C:\Users\Arica\AppData\Local\ArcadeParlor\Arcadeparlor.dll [2014-11-16] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.414.3\NativeBHO.dll [2015-04-14] (WhiteSky)
BHO-x32: Toolbar BHO -> {da5d70b2-0a92-4b43-b068-a0dd02898c56} -> C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabar.dll [2014-11-16] (Mindspark)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Elite Unzip - {ef55cb9f-2729-4bff-afe5-ee59593b16e8} - C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabar.dll [2014-11-16] (Mindspark)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5646BBA6-9AD4-4ACE-B3EF-0D9026EB3554}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{842276DC-6932-4188-B756-F70477C82D17}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-15]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240208 2015-08-16] (Client Connect LTD)
R2 CouponarificService64; C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 EliteUnzip_aaService; C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin\aabarsvc.exe [90696 2014-11-16] (Mindspark)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
R2 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [100768 2015-04-20] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-16] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-29 07:44 - 2015-08-29 07:45 - 00033234 _____ C:\Users\Arica\Desktop\Addition.txt
2015-08-29 07:41 - 2015-08-29 07:46 - 00021840 _____ C:\Users\Arica\Desktop\FRST.txt
2015-08-29 07:40 - 2015-08-29 07:46 - 00000000 ____D C:\FRST
2015-08-29 07:40 - 2015-08-29 07:33 - 02186752 _____ (Farbar) C:\Users\Arica\Desktop\FRST64.exe
2015-08-29 07:17 - 2015-08-29 07:17 - 00000000 ____D C:\Users\Arica\AppData\Roaming\Sun
2015-08-29 07:17 - 2015-08-29 07:17 - 00000000 ____D C:\Users\Arica\.oracle_jre_usage
2015-08-29 02:09 - 2015-08-29 07:15 - 00003450 _____ C:\Windows\System32\Tasks\bvxvbxvd
2015-08-29 02:08 - 2015-08-29 02:09 - 00000000 ____D C:\Users\Arica\AppData\Local\bvxvbxvd
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-29 07:42 - 2013-08-26 01:09 - 00974516 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-29 07:41 - 2014-11-28 10:41 - 00000000 ____D C:\Users\Arica\AppData\Roaming\Dock
2015-08-29 07:41 - 2014-08-15 09:27 - 01099573 _____ C:\Windows\WindowsUpdate.log
2015-08-29 07:41 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-29 07:39 - 2014-11-28 10:42 - 00000000 ____D C:\Program Files\Couponarific
2015-08-29 07:39 - 2013-08-22 09:46 - 00026037 _____ C:\Windows\setupact.log
2015-08-29 07:23 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-29 07:22 - 2014-08-15 09:36 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1884517766-957580978-2391730594-1001
2015-08-29 07:18 - 2014-10-25 09:56 - 00000000 ____D C:\ProgramData\Oracle
2015-08-29 07:18 - 2014-10-25 09:55 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-29 07:17 - 2014-10-25 09:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-29 07:17 - 2014-10-25 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-29 07:17 - 2014-08-15 09:29 - 00000000 ____D C:\Users\Arica
2015-08-29 07:15 - 2014-11-28 10:40 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-29 07:14 - 2014-02-15 20:22 - 00001867 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-08-29 07:14 - 2013-11-09 14:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-29 07:12 - 2015-06-24 11:25 - 00003456 _____ C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-08-29 07:12 - 2014-11-28 10:42 - 00000000 ____D C:\Users\Arica\Documents\ProPCCleaner
2015-08-29 07:11 - 2014-08-15 09:39 - 00000000 ____D C:\Users\Arica\AppData\Roaming\ID Vault
2015-08-29 07:11 - 2014-08-15 09:31 - 00000000 ____D C:\Users\Arica\Documents\Youcam
2015-08-29 07:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-29 07:10 - 2014-08-15 09:32 - 00000000 ___DO C:\Users\Arica\SkyDrive
2015-08-29 02:27 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-29 02:20 - 2013-08-22 09:44 - 00337920 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-29 02:19 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-08-29 02:14 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-29 02:10 - 2013-08-26 01:01 - 00041204 _____ C:\Windows\PFRO.log
==================== Files in the root of some directories =======
2015-06-29 22:18 - 2015-06-29 22:45 - 0000112 _____ () C:\ProgramData\O3F008.dat
Files to move or delete:
====================
C:\ProgramData\O3F008.dat
Some files in TEMP:
====================
C:\Users\Arica\AppData\Local\Temp\bbcicabecadh.exe
C:\Users\Arica\AppData\Local\Temp\Installation.exe
C:\Users\Arica\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Arica\AppData\Local\Temp\SCC.dll
C:\Users\Arica\AppData\Local\Temp\Setup.exe
C:\Users\Arica\AppData\Local\Temp\sp64126.exe
C:\Users\Arica\AppData\Local\Temp\SPSetup.exe
C:\Users\Arica\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-17 12:16
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by Arica (2015-08-29 07:47:55)
Running from C:\Users\Arica\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1884517766-957580978-2391730594-500 - Administrator - Disabled)
Arica (S-1-5-21-1884517766-957580978-2391730594-1001 - Administrator - Enabled) => C:\Users\Arica
Guest (S-1-5-21-1884517766-957580978-2391730594-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1884517766-957580978-2391730594-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ArcadeParlor (HKU\S-1-5-21-1884517766-957580978-2391730594-1001\...\{B74443DB-5A88-4583-860A-F0D06EF399E3}) (Version: - ArcadeParlor)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
couponarific (HKLM\...\740E97DF-6426-4A2A-ABEF-5C33040EFEE1) (Version: 2.0.1 - couponarific) <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DesktopDock (HKU\S-1-5-21-1884517766-957580978-2391730594-1001\...\DesktopDock) (Version: 1.0.1.32 - DesktopDock)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elite Unzip Internet Explorer Toolbar (HKLM-x32\...\EliteUnzip_aabar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.414.3 - White Sky)
FileWhiz (HKU\S-1-5-21-1884517766-957580978-2391730594-1001\...\a09f74853525d3f9) (Version: 1.0.0.70 - FileWhiz by InstallX)
First Verify version 2.0 (HKLM-x32\...\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1) (Version: 2.0 - AF, INC)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Game Downloader (HKLM-x32\...\Game Downloader) (Version: 3.9 - Dev-Fire)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.31 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner) <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.30.5 - Client Connect LTD) <==== ATTENTION
Smart PC Cleaner v4.0 (HKLM-x32\...\Smart PC Cleaner_is1) (Version: 4.0 - Smart PC Cleaner) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
16-11-2014 15:46:16 Windows Update
29-11-2014 14:06:12 Windows Update
17-06-2015 12:17:01 Windows Update
23-07-2015 13:19:12 Windows Update
29-07-2015 10:57:08 Windows Modules Installer
29-08-2015 07:25:19 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1219185B-7D4A-4E06-BD1C-E4E4568EAB74} - System32\Tasks\Smart PC Cleaner Schedule => C:\Program Files (x86)\Smart PC Cleaner\SPCSchedule.exe [2014-10-24] (Smart PC Cleaner)
Task: {1C03E647-8CA8-457E-9716-CD564C309A66} - System32\Tasks\bvxvbxvd => C:\Users\Arica\AppData\Local\bvxvbxvd\bvxvbxvd.exe [2015-08-16] () <==== ATTENTION
Task: {2CC7E7CE-FCC2-4B74-B1E6-B4BEF7DADA61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-06-17] (Microsoft)
Task: {3595F18C-201A-468E-A580-3EA0D469FC5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {397D7BE4-E20E-480F-8C9A-7C3B1FFA1D6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {406C66CD-A41D-4CCA-BE7B-24D1D004CA30} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {5E02945B-9D1C-4451-8A4F-45D44059189A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner) <==== ATTENTION
Task: {634F8D78-82EF-4F55-9BE0-C03D5682E22A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-06-17] (Hewlett-Packard)
Task: {7B6B7E09-849C-4328-9EC8-D36C1CCD8FF8} - System32\Tasks\ArcadeParlor => C:\Users\Arica\AppData\Local\ArcadeParlor\versioncheck.exe [2014-11-16] ()
Task: {8CACDD91-13DC-4D6F-A83D-D3F482D95588} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {9500C9DB-F2B3-418F-84E8-4804FFFC904B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {B22E1D04-6542-4226-8F7A-864D09F1BA1F} - System32\Tasks\Norton Security Scan for Arica => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.31\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {DA523A66-AC96-4110-A584-9B15A6B983D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E14A3E5D-6D99-4CE2-8651-4C0EB92ACF18} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-20] (Synaptics Incorporated)
Task: {E2EAED97-CB7B-4944-8D8B-AABF8B924221} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-08-21] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\ArcadeParlor.job => C:\Users\Arica\AppData\Local\ArcadeParlor\versioncheck.exe
Task: C:\Windows\Tasks\Norton Security Scan for Arica.job => C:\PROGRA~2\NORTON~2\Engine\410~1.31\Nss.exe
==================== Loaded Modules (Whitelisted) ==============
2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-11-19 10:38 - 2014-11-19 10:38 - 00186368 _____ () C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\xtloowpkjv64.exe
2014-11-19 10:38 - 2014-11-19 10:38 - 00110080 _____ () C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\nfapi.dll
2014-11-19 10:38 - 2014-11-19 10:38 - 00471040 _____ () C:\Program Files (x86)\740E97DF-6426-4A2A-ABEF-5C33040EFEE1\ProtocolFilters.dll
2015-06-29 22:16 - 2015-04-20 20:13 - 00100768 _____ () C:\Windows\SysWOW64\First Verify\afirstsvc.exe
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 01448472 _____ () C:\Program Files (x86)\Desktop Dock\DesktopDockApp.exe
2014-11-01 10:26 - 2014-11-01 10:26 - 03530752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2014-11-01 10:26 - 2014-11-01 10:26 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-11-28 10:41 - 2012-04-11 06:31 - 00337920 _____ () C:\Program Files (x86)\Desktop Dock\sqlite3.DLL
2014-02-15 20:17 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-16 15:21 - 2014-11-16 15:21 - 00188536 _____ () C:\Users\Arica\AppData\Local\ArcadeParlor\Arcadeparlor.dll
2015-08-29 07:16 - 2015-08-29 07:16 - 00204384 _____ () C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2iexp.dll
2015-08-29 07:16 - 2015-08-29 07:16 - 00019040 _____ () C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2native.dll