Issue in DL: Base Filtering Engine not running. Wha?!

Hey,

Long story short, just uninstalled spybot due to a steam error that mentioned incompatibility and read avast! would be compatible so in attempting to download the free version I receive a message before it runs instillation

“Base Filtering Engine (bfe) service not running. Please ensure this service is enabled before installing avast”

Ive no idea really where to go from here or what I can do to fix any of the above, at the moment seems Im without spyware coverage. Help?

Precate it.

Open services and look for Base Filtering Engine and start the service if it is not running.

Should be set to automatic.

Alright,

So I checked “services” and its not even on the list.

Looks like theres something more sinister underlying to take care of?

Probably. From the BFE properties:
The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

If it’s not in the Services list, you almost certainly have a problem. In detail, what’s your OS?

Gordon.

Have you had AVG at some stage as that tends to remove BFE

Appreciate the responses,
can definitely understand the importance of having BFE running from that description.
My system is running win home 7.

Never downloaded AVG to my knowledge but it seems something has taken the BFE from “services” and now the question is how to get that set up again?

I have a reqistry fix that will set it up in windows 7 if you wish

First I will need to determine where the error is

Download and run farbar service scanner

https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

As far as Im concerned Essex, nothing isnt worth trying.

I just DL’d that link you sent and this was the log post

Looks like theres alot “jacked up” in my eyes:

Farbar Service Scanner Version: 21-07-2014
Ran by Di-Doh (administrator) on 03-12-2014 at 11:05:26
Running from “C:\Users\Di-Doh\Downloads”
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

“HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile” registry key does not exist.

System Restore:

System Restore Disabled Policy:

Action Center:

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM.…\ShellServiceObjects{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:

wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:

Windows Defender:

WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
“DisableAntiSpyware”=DWORD:1

Other Services:

Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open “SharedAccess\Defaults\FirewallPolicy\FirewallRules” registry key. The key does not exist.

File Check:

C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

OK a bit more than BFE is dead, first I will use a repair tool and see how much that recovers. Then if necessary go manual from there. Also I feel it would be advisable to check for any malware as well

Download Eset service repair to your desktop
Run the programme and accept the elevation request
Once it has completed it will ask for a reboot, allow it to do so
After the reboot there will be a CC Support folder on the desktop
Open that and go to the logs folder there will be a report please post that

THEN

Could you run a fresh FSS scan to see what is remaining to fix

FINALLY

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

OK Essex,

DL the Eset and knocked that first part out, these being the results below.

Im thinking the FSS is with the farbar service scanner so Im gonna do that once Im through here.

Preciate all the assistance so far.

Edit ADDED Fresh FSS LOG SCAN and 2 scan Results from Farbar RECOVERY TOOL

SORRY FOR THE AMT OF POSTS THE PROGRAM WONT LET OVER 20,000 CHARACTER GO UP SO I HAD TO ADJUST AND DO MULTIPLE.

Heres that Eset Log:

Log Opened: 2014-12-05 @ 12:35:29
12:35:29 - -----------------
12:35:29 - | Begin Logging |
12:35:29 - -----------------
12:35:29 - Fix started on a WIN_7 X64 computer
12:35:29 - Prep in progress. Please Wait.
12:35:31 - Prep complete
12:35:31 - Repairing Services Now. Please wait…
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\BFE.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\BITS.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\iphlpsvc.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\MpsSvc.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\SharedAccess.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\WinDefend.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\wscsvc.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: ‘.\Win7\wuauserv.sddl’
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
12:35:31 - Services Repair Complete.
12:35:34 - Reboot Initiated

FSS SCAN RESULTS:
Farbar Service Scanner Version: 21-07-2014
Ran by Di-Doh (administrator) on 05-12-2014 at 12:51:38
Running from “C:\Users\Di-Doh\Downloads”
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Action Center:

Action Center Notification Icon =====> Unable to open HKLM.…\ShellServiceObjects{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:

Windows Autoupdate Disabled Policy:

Windows Defender:

WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
“DisableAntiSpyware”=DWORD:1

Other Services:

File Check:

C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Di-Doh (administrator) on CRMSNRAIDERS on 05-12-2014 12:50:01
Running from C:\Users\Di-Doh\Downloads
Loaded Profile: Di-Doh (Available profiles: Di-Doh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Comms\ChatApplet.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Comms\RzCommsInGameApplet\RzCommsInGameApplet.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Users\Di-Doh\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM.…\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM.…\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM.…\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32.…\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32.…\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32.…\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32.…\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32.…\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32.…\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32.…\Run: =>
HKLM-x32.…\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32.…\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32.…\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32.…\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32.…\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32.…\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32.…\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll
HKLM.…\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\Run: [Google Update] => C:\Users\Di-Doh\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2529088 2014-04-09] (IObit)
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\ChatApplet.exe [11238720 2014-09-02] (Razer Inc.)
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\MountPoints2: {e06e8dc8-f508-11e0-92e3-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Di-Doh\AppData\Local{6a83217e-12a7-61e3-e560-8cc0f95811e4}\n. ATTENTION! ====> ZeroAccess/Alureon?

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1211202266-4033383201-2736556778-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://netflix.com/
HKU\S-1-5-21-1211202266-4033383201-2736556778-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM → DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM → {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 → DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 → {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000 → DefaultScope {128FB100-C4D1-4869-88EA-C5E97535470D} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US105&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000 → {128FB100-C4D1-4869-88EA-C5E97535470D} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US105&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000 → {155276F4-D2A3-E016-B329-F646B1D9E78C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGAIDF&install_date=20120208&iesrc={referrer:source}
BHO: ExplorerWnd Helper → {10921475-03CE-4E04-90CE-E2E7EF20C814} → C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO → {B164E929-A1B6-4A06-B104-2CD0E90A88FF} → c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name → {10921475-03CE-4E04-90CE-E2E7EF20C814} → No File
BHO-x32: Adobe PDF Link Helper → {18DF081C-E8AD-4283-A596-FA578C2EBDC3} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO → {B164E929-A1B6-4A06-B104-2CD0E90A88FF} → c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Advanced SystemCare Browser Protection → {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} → C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\System32\mswsock.dll”
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\System32\mswsock.dll”
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

Chrome:

CHR HomePage: Default → hxxp://www.google.com
CHR StartupUrls: Default → “hxxp://www.google.com/”
CHR DefaultSuggestURL: Default → {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Di-Doh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Profile: C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-01]
CHR Extension: (Google Search) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-01]
CHR Extension: (SiteAdvisor) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-08-11]
CHR Extension: (AdBlock) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-03]
CHR Extension: (Crackle) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-07-21]
CHR Extension: (Google Wallet) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Di-Doh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-01]
CHR HKLM-x32.…\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-12-16] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [649024 2014-03-31] (IOBit)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-08-15] (Hi-Rez Studios) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152768 2014-04-08] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [241016 2012-12-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [218320 2012-12-26] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182312 2012-12-26] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-07] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 12:50 - 2014-12-05 12:50 - 00028978 _____ () C:\Users\Di-Doh\Downloads\FRST.txt
2014-12-05 12:48 - 2014-12-05 12:50 - 00000000 ____D () C:\FRST
2014-12-05 12:48 - 2014-12-05 12:48 - 02117632 _____ (Farbar) C:\Users\Di-Doh\Downloads\FRST64.exe
2014-12-05 12:46 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-05 12:46 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-05 12:46 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-05 12:46 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-05 12:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-05 12:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-05 12:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-05 12:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-05 12:43 - 2014-12-05 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-05 12:35 - 2014-12-05 12:35 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-12-05 12:34 - 2014-12-05 12:34 - 04009167 _____ () C:\Users\Di-Doh\Downloads\ServicesRepair.exe
2014-12-03 11:11 - 2014-12-03 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-03 11:10 - 2014-12-03 11:10 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-03 11:10 - 2014-12-03 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-03 11:10 - 2014-12-03 11:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-03 11:08 - 2014-12-03 11:08 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\Program Files\iTunes
2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-03 11:05 - 2014-12-03 11:05 - 00006171 _____ () C:\Users\Di-Doh\Downloads\FSS.txt
2014-12-03 11:04 - 2014-12-03 11:05 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-03 11:04 - 2014-12-03 11:05 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-03 11:04 - 2014-12-03 11:04 - 00415232 _____ (Farbar) C:\Users\Di-Doh\Downloads\FSS.exe
2014-12-01 20:28 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-01 20:28 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-01 20:28 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-01 20:28 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-01 20:28 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-01 20:28 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-01 20:28 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-01 20:28 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-01 20:27 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-01 20:27 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-01 20:27 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-01 20:27 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-12-01 20:27 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-12-01 20:27 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-01 20:27 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-01 20:27 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-12-01 20:27 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-01 20:27 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-01 20:27 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-01 20:27 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-01 20:27 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-01 20:27 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-01 20:27 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-01 20:27 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-01 20:27 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-01 20:27 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-01 20:27 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-01 20:27 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-01 20:27 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-01 20:27 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-12-01 20:27 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-12-01 20:27 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-12-01 20:27 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-12-01 20:27 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-12-01 20:27 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-12-01 20:27 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-12-01 20:27 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-12-01 20:27 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-12-01 20:27 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-12-01 20:27 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-12-01 20:27 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-12-01 20:27 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-12-01 20:27 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-12-01 20:27 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-12-01 20:27 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-12-01 20:27 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-12-01 20:27 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-12-01 20:27 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-12-01 20:27 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-12-01 20:27 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-12-01 20:27 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-12-01 20:27 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-12-01 20:27 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-12-01 20:27 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-12-01 20:27 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-12-01 20:26 - 2014-12-01 20:26 - 00000563 _____ () C:\Windows\wmsetup.log
2014-12-01 20:25 - 2014-12-01 20:25 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-12-01 20:25 - 2014-12-01 20:25 - 05006864 _____ (AVAST Software) C:\Users\Di-Doh\Downloads\avast_free_antivirus_setup_online.exe
2014-12-01 20:25 - 2014-12-01 20:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-25 03:11 - 2014-11-25 03:11 - 13087456 _____ (Microsoft Corporation) C:\Users\Di-Doh\Downloads\Silverlight_x64.exe
2014-11-20 03:23 - 2014-11-20 03:23 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-11-13 14:31 - 2014-11-13 14:31 - 00000000 ____D () C:\Users\Di-Doh\AppData\Local\SplitmediaLabs
2014-11-13 14:27 - 2014-11-13 14:27 - 00001220 _____ () C:\Users\Public\Desktop\XSplit Gamecaster.lnk
2014-11-13 14:27 - 2014-11-13 14:27 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-13 14:26 - 2014-11-13 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-11-13 14:26 - 2014-11-13 14:26 - 00000000 ____D () C:\Users\Di-Doh\AppData\Roaming\SplitmediaLabs
2014-11-13 14:26 - 2014-11-13 14:26 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-11-13 14:26 - 2014-11-13 14:26 - 00000000 ____D () C:\Program Files (x86)\SplitmediaLabs
2014-11-13 14:22 - 2014-11-13 14:24 - 51194616 _____ (SplitmediaLabs) C:\Users\Di-Doh\Downloads\xsplit_gc_installer.exe
2014-11-13 14:18 - 2014-11-13 14:21 - 00000000 ____D () C:\Users\Di-Doh\AppData\Roaming\OBS
2014-11-13 14:18 - 2014-11-13 14:18 - 07463237 _____ () C:\Users\Di-Doh\Downloads\OBS_0_637b_Installer.exe
2014-11-13 14:18 - 2014-11-13 14:18 - 00000941 _____ () C:\Users\Di-Doh\Desktop\Open Broadcaster Software.lnk
2014-11-13 14:18 - 2014-11-13 14:18 - 00000000 ____D () C:\Users\Di-Doh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-11-13 14:18 - 2014-11-13 14:18 - 00000000 ____D () C:\Program Files\OBS
2014-11-13 14:18 - 2014-11-13 14:18 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-11-10 12:51 - 2014-11-10 12:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 12:48 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 12:48 - 2009-07-13 23:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 12:47 - 2011-10-12 12:37 - 01747498 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 12:40 - 2014-05-13 13:01 - 00000000 ____D () C:\Users\Di-Doh\AppData\Local\Razer
2014-12-05 12:39 - 2014-06-05 08:31 - 00100254 _____ () C:\Windows\SysWOW64\out.log
2014-12-05 12:39 - 2014-05-24 21:14 - 00066560 _____ () C:\Users\Di-Doh\AppData\Roaming\RZR_0060036148dd956071f5bdd5aace.db
2014-12-05 12:38 - 2011-10-12 13:07 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-05 12:38 - 2011-10-12 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-05 12:38 - 2011-10-12 12:50 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-05 12:37 - 2011-12-31 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 12:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 12:37 - 2009-07-13 23:51 - 00056327 _____ () C:\Windows\setupact.log
2014-12-05 12:37 - 2009-07-13 23:45 - 00350688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-05 12:36 - 2010-11-20 22:47 - 00295088 _____ () C:\Windows\PFRO.log
2014-12-05 12:35 - 2011-12-31 20:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 12:34 - 2012-04-13 18:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-05 12:22 - 2013-10-23 18:40 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000UA.job
2014-12-05 11:37 - 2012-04-04 15:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 03:22 - 2013-10-23 18:40 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000Core.job
2014-12-04 19:00 - 2013-05-21 14:05 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-03 11:08 - 2014-02-23 01:23 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-03 11:08 - 2012-03-10 13:37 - 00000000 ____D () C:\Program Files\iPod
2014-12-03 11:08 - 2012-02-12 01:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-02 13:45 - 2011-12-31 19:51 - 00077200 _____ () C:\Users\Di-Doh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-02 11:45 - 2014-05-21 18:46 - 00228514 _____ () C:\Windows\DPINST.LOG
2014-12-02 11:45 - 2014-05-13 12:58 - 00000000 ____D () C:\ProgramData\Razer
2014-12-02 00:00 - 2012-01-07 19:44 - 00000000 ____D () C:\Windows\Sun
2014-12-01 21:43 - 2012-09-02 15:42 - 00000000 ____D () C:\Users\Di-Doh\Documents\Telltale Games
2014-12-01 20:54 - 2014-08-09 00:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 20:54 - 2014-08-09 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-01 20:54 - 2014-08-09 00:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-01 20:27 - 2011-10-12 12:57 - 00328760 _____ () C:\Windows\DirectX.log
2014-12-01 20:20 - 2014-05-13 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 20:19 - 2014-05-13 12:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-01 18:39 - 2014-05-13 13:05 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-01 18:37 - 2012-05-14 02:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-01 18:37 - 2011-10-12 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-26 16:32 - 2014-01-16 17:30 - 00000000 ____D () C:\Users\Di-Doh\AppData\Local\Battle.net
2014-11-26 00:37 - 2012-04-04 15:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 00:37 - 2012-04-04 15:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 00:37 - 2011-10-12 12:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 18:57 - 2014-07-22 10:50 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2014-11-25 03:12 - 2014-03-02 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-24 15:06 - 2009-07-14 00:13 - 00794726 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 15:00 - 2012-08-13 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-24 14:57 - 2014-01-16 17:30 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-17 16:37 - 2014-05-24 21:08 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-11-15 02:54 - 2014-04-21 10:13 - 00000000 ____D () C:\Users\Di-Doh\AppData\Local\Deployment
2014-11-13 12:54 - 2014-10-01 16:57 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Beta
2014-11-13 04:20 - 2013-05-12 14:08 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-11-13 03:17 - 2013-10-23 18:40 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000UA
2014-11-13 03:17 - 2013-10-23 18:40 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000Core
2014-11-13 02:46 - 2012-08-18 16:06 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-11-13 02:45 - 2014-01-16 17:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-12 17:30 - 2011-12-31 20:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 17:30 - 2011-12-31 20:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-11 01:17 - 2012-01-01 03:44 - 00000000 ____D () C:\Users\Di-Doh\AppData\Roaming\Mozilla

ZeroAccess:
C:\Windows\Installer{6a83217e-12a7-61e3-e560-8cc0f95811e4}
C:\Windows\Installer{6a83217e-12a7-61e3-e560-8cc0f95811e4}\L\00000004.@
C:\Windows\Installer{6a83217e-12a7-61e3-e560-8cc0f95811e4}\L\201d3dde

ZeroAccess:
C:\Users\Di-Doh\AppData\Local{6a83217e-12a7-61e3-e560-8cc0f95811e4}

Some content of TEMP:

C:\Users\Di-Doh\AppData\Local\Temp\rootsupd.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2011-02-10 11:02

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Di-Doh at 2014-12-05 12:51:15
Running from C:\Users\Di-Doh\Downloads
Boot Mode: Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Advanced SystemCare Ultimate (Disabled - Out of date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with “hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32.…\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32.…\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) MUI (HKLM-x32.…{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 7 (HKLM-x32.…\Advanced SystemCare Ultimate_is1) (Version: 7.1.0 - IObit)
Age of Empires Online (HKLM-x32.…\GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}) (Version: 1.0.0000.129 - Microsoft Studios)
Age of Empires Online (x32 Version: 1.0.0000.129 - Microsoft Studios) Hidden
AMD Catalyst Install Manager (HKLM.…{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia: The Dark Descent (HKLM-x32.…\Steam App 57300) (Version: - )
Apple Application Support (HKLM-x32.…{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM.…{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32.…{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Athena ASEDrive x64 4.0.0.3 (HKLM.…{B786A0E9-D6DD-4931-8C3D-F250D35FD00B}) (Version: 4.0.0.3 - Athena Smartcard Solutions)
ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
Battle.net (HKLM-x32.…\Battle.net) (Version: - Blizzard Entertainment)
Big Fish Games: Game Manager (HKLM-x32.…\BFGC) (Version: 3.0.1.60 - )
Bing Bar (HKLM-x32.…{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bloody Good Time (HKLM-x32.…\Steam App 2450) (Version: - Outerlight)
Bonjour (HKLM.…{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cozi (HKLM-x32.…{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
Curse Client (HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32.…{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32.…{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell Edoc Viewer (HKLM.…{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32.…{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32.…{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32.…{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Product Registration (HKLM-x32.…{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Stage (HKLM-x32.…{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell VideoStage (HKLM-x32.…\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Deus Ex: Game of the Year Edition (HKLM-x32.…\Steam App 6910) (Version: - Eidos)
Deus Ex: Human Revolution - The Missing Link (HKLM-x32.…\Steam App 201280) (Version: - Eidos Montreal)
Deus Ex: Human Revolution (HKLM-x32.…\Steam App 28050) (Version: - Eidos Montreal)
Deus Ex: Invisible War (HKLM-x32.…\Steam App 6920) (Version: - Eidos)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dota 2 (HKLM-x32.…\Steam App 570) (Version: - )
DW WLAN Card (HKLM.…\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\EA SPORTS Game Face Browser Plugin) (Version: 1.5.3.0 - Electronic Arts)
Google Chrome (HKLM-x32.…\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32.…{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32.…{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life (HKLM-x32.…\Steam App 70) (Version: - Valve)
Hearthstone (HKLM-x32.…\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32.…{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hublot_User_Windows_18/03/2010 (HKLM-x32.…{67E22312-BEAF-408D-966A-DFEA2971558B}) (Version: 2.1.2 - Hublot)
I Am Alive (HKLM-x32.…\Steam App 214250) (Version: - )
iCloud (HKLM.…{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Infestation: Survivor Stories (HKLM-x32.…\Steam App 226700) (Version: - Hammerpoint Interactive)
Intel(R) Rapid Storage Technology (HKLM-x32.…{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IObit Uninstaller (HKLM-x32.…\IObitUninstall) (Version: 3.0.5.1172 - IObit)
iTunes (HKLM.…{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 24 (64-bit) (HKLM.…{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32.…{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32.…{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32.…\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Marvel Heroes 2015 (HKLM-x32.…\Steam App 226320) (Version: - Gazillion Entertainment)
Marvel Heroes Game (HKLM-x32.…{ca6069b5-fc6b-4ce8-a03e-2304143706b7}is1) (Version: 1.0 - Gazillion Entertainment)
McAfee SecurityCenter (HKLM-x32.…\MSC) (Version: 11.6.477 - McAfee, Inc.)
MechWarrior Online (HKLM-x32.…{73bcb521-8936-42d7-ad00-ec2bb399e26c}) (Version: 1.4.3.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.3.0 - Piranha Games Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32.…{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM.…{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Age of Empires Gold (HKLM-x32.…\Age of Empires Gold 1.0) (Version: - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32.…{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32.…{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32.…{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM.…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32.…{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32.…{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32.…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32.…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32.…{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32.…{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32.…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32.…{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32.…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM.…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32.…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32.…{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32.…{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Monaco (HKLM-x32.…\Steam App 113020) (Version: - )
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32.…\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32.…\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32.…{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32.…{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32.…\InstallShield
{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM.…\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Myst III: Exile (HKLM-x32.…\Myst III: Exile) (Version: - )
Myst: Masterpiece Edition (HKLM-x32.…\Steam App 63660) (Version: - )
NVIDIA PhysX (HKLM-x32.…{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32.…\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32.…\OpenAL) (Version: - )
Origin (HKLM-x32.…\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32.…{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PunkBuster Services (HKLM-x32.…\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32.…{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Comms (HKLM-x32.…\Razer Comms) (Version: 2.1 - Razer Inc.)
Razer Core (HKLM-x32.…\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Game Booster (HKLM-x32.…\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Surround (HKLM-x32.…\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32.…{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32.…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32.…{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32.…{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scratches Director’s Cut (HKLM-x32.…\BFG-Scratches Director’s Cut) (Version: - )
Shared C Run-time for x64 (HKLM.…{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier’s Civilization V (HKLM-x32.…\steam app 8930) (Version: - 2K Games, Inc.)
SimCity™ (HKLM-x32.…{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype Toolbars (HKLM-x32.…{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32.…{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Star Wars - Battlefront II (HKLM-x32.…\Steam App 6060) (Version: - Pandemic Studios)
Star Wars: The Old Republic (HKLM-x32.…{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starcraft (HKLM-x32.…\Starcraft) (Version: - )
StarCraft II (HKLM-x32.…\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32.…{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surfing Protection (HKLM-x32.…\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Syberia (HKLM-x32.…\Steam App 46500) (Version: - )
Syberia 2 (HKLM-x32.…\Steam App 46510) (Version: - )
The Elder Scrolls Online (HKLM-x32.…\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Evil Within (HKLM-x32.…\Steam App 268050) (Version: - Tango Gameworks)
The Walking Dead (HKLM-x32.…\Steam App 207610) (Version: - )
The Wolf Among Us (HKLM-x32.…\Steam App 250320) (Version: - Telltale Games)
THX TruStudio PC (HKLM-x32.…{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
To the Moon (HKLM-x32.…\Steam App 206440) (Version: - )
Torchlight II Demo (HKLM-x32.…\Steam App 219850) (Version: - )
Tribes 2 (HKLM-x32.…\Tribes 2) (Version: 1.0.0.0 - Sierra On-Line)
Tribes Ascend Closed Beta (HKLM-x32.…{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.980.1 - Hi-Rez Studios)
Trine (HKLM-x32.…\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM-x32.…\Steam App 35720) (Version: - )
Unity Web Player (HKU\S-1-5-21-1211202266-4033383201-2736556778-1000.…\UnityWebPlayer) (Version: - Unity Technologies ApS)
Vanguard: Saga of Heroes F2P (HKLM-x32.…\Steam App 218210) (Version: - )
Ventrilo Client (HKLM-x32.…{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Windows Driver Package - Athena Smartcard Solutions (ASEDRV3) SmartCardReader (07/18/2011 1.5.2.0) (HKLM.…\508F84EFC3F3D1FD902256379F31509134A0F434) (Version: 07/18/2011 1.5.2.0 - Athena Smartcard Solutions)
Windows Live Essentials (HKLM-x32.…\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32.…{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Warcraft (HKLM-x32.…\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32.…\World of Warcraft Beta) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32.…\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32.…{CD5D1B7C-E018-4F6A-92BD-6BB998CCC82D}) (Version: 1.9.1409.2316 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 → C:\Users\Di-Doh\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 → C:\Users\Di-Doh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 → C:\Users\Di-Doh\AppData\Local{6a83217e-12a7-61e3-e560-8cc0f95811e4}\n. No File
CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 → C:\Users\Di-Doh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 → C:\Users\Di-Doh\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{e1f8c1b3-a578-496c-86dd-bfbcd66f2efc}\InprocServer32 → C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\Di-Doh\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1211202266-4033383201-2736556778-1000_Classes\CLSID{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 → C:\Users\Di-Doh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0781F962-AA77-4468-A5A9-5C7773E91398} - System32\Tasks\ASC7U_SkipUac_Di-Doh => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2014-04-01] (IObit)
Task: {0955DE24-D52E-4C5E-9506-5979DEC04E8A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1211202266-4033383201-2736556778-1000
Task: {0E165FAB-0792-4D4B-8C38-00628F90EA90} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1CFD1579-7AEA-42E8-9E14-DA5298450F5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {3B306C77-934B-450E-A146-5681C52B3028} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {79174944-4D06-4EAF-BE3F-7D526FDFBAC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {86914D51-914A-46CA-B3D5-31AF7BF8DDF8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000UA => C:\Users\Di-Doh\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {9D58A453-39EB-4615-B9ED-41FA7EC25045} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A75F31DF-B89F-417E-ACDE-6EEC6E4F02C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000Core => C:\Users\Di-Doh\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {B859AE3F-5FBB-4E47-8C96-C8D8C61F346A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BA018213-9E45-4CBA-86FE-509C0F4102D5} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {C69F280B-ABF4-4EB3-8D68-B2E86BC481DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {E3989376-7FB4-414B-9571-6145E2D957BA} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {E8927BD2-C7FE-4451-B1B0-7430AFFDBA5D} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe [2014-02-24] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000Core.job => C:\Users\Di-Doh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1211202266-4033383201-2736556778-1000UA.job => C:\Users\Di-Doh\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-07 14:35 - 2013-07-07 14:35 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-31 18:27 - 2014-10-31 18:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2011-10-12 12:50 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-09-02 20:20 - 2014-09-02 20:20 - 00028496 _____ () C:\Program Files (x86)\Razer\Comms\RzCommsInGameApplet\RzCommsInGameApplet.exe
2014-11-20 03:23 - 2014-11-20 03:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-05-13 13:05 - 2013-01-15 17:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
2014-05-13 13:05 - 2013-11-14 15:02 - 00218944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
2014-05-13 13:05 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madExcept_.bpl
2014-05-13 13:05 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madBasic_.bpl
2014-05-13 13:05 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madDisAsm_.bpl
2014-05-13 13:05 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-23 05:15 - 2012-03-23 05:15 - 00988160 _____ () C:\Program Files (x86)\Razer\Comms\libssh2.dll
2012-03-02 03:23 - 2012-03-02 03:23 - 00577621 _____ () C:\Program Files (x86)\Razer\Comms\sqlite3.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-01-06 17:19 - 2014-01-06 17:19 - 34755072 _____ () C:\Program Files (x86)\Razer\InGameEngine\32bit\libcef.dll
2014-08-26 20:31 - 2014-08-26 20:31 - 00366592 _____ () C:\Program Files (x86)\Razer\Comms\RzCommsInGameApplet\RzCommsInGameApplet.dll
2014-12-05 12:40 - 2014-01-03 19:20 - 34755072 _____ () C:\Users\Di-Doh\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-20 01:02 - 2014-11-20 01:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-01-06 17:19 - 2014-01-06 17:19 - 00970240 _____ () C:\Program Files (x86)\Razer\InGameEngine\32bit\ffmpegsumo.dll
2014-11-25 20:35 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 20:35 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 20:35 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 20:35 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-12-05 12:40 - 2014-01-03 19:20 - 00970240 _____ () C:\Users\Di-Doh\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2014-11-25 20:35 - 2014-11-25 01:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
2013-02-04 20:23 - 2013-02-04 20:23 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\005e39dd4fc7c1bda871002fd7d32f4b\IsdiInterop.ni.dll
2011-10-12 12:45 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-11-10 12:51 - 2014-11-10 12:51 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB299F13

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => “”=“Driver”

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: Desktop Disc Tool => “C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe”
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: mcui_exe => “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
MSCONFIG\startupreg: QuickTime Task => “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
MSCONFIG\startupreg: StartCCC => “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe” MSRun
MSCONFIG\startupreg: Steam => “C:\Program Files (x86)\Steam\Steam.exe” -silent

========================= Accounts: ==========================

Administrator (S-1-5-21-1211202266-4033383201-2736556778-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1211202266-4033383201-2736556778-1004 - Limited - Enabled)
Di-Doh (S-1-5-21-1211202266-4033383201-2736556778-1000 - Administrator - Enabled) => C:\Users\Di-Doh
Guest (S-1-5-21-1211202266-4033383201-2736556778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1211202266-4033383201-2736556778-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

Error: (12/05/2014 00:38:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 00:02:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2014 08:28:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program main.exe version 4.2.45.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: db4

Start Time: 01d00dbfeb68bd55

Termination Time: 25

Application Path: C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Report Id:

Error: (12/01/2014 08:26:53 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details GetSnapshotProperties({169502e5-074e-4083-ab4b-6127a0efbef3}) [hr = 0x800706b5, The interface is unknown.
].

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (12/01/2014 06:39:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 03:02:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 03:27:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program main.exe version 4.2.45.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f04

Start Time: 01d000ad20245440

Termination Time: 29

Application Path: C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Report Id:

Error: (11/15/2014 03:22:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 09:13:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program main.exe version 4.2.45.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 58ac

Start Time: 01cfff245f56f18c

Termination Time: 84

Application Path: C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Report Id:

Error: (11/13/2014 04:29:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program main.exe version 4.2.45.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5e54

Start Time: 01cfff1540101db8

Termination Time: 13

Application Path: C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Report Id:

System errors:

Error: (12/05/2014 00:50:10 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (12/02/2014 11:45:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/02/2014 00:03:35 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (12/02/2014 00:03:35 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (12/02/2014 00:02:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/02/2014 00:02:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/02/2014 00:00:53 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/02/2014 00:00:52 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (12/02/2014 00:00:51 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/02/2014 00:00:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Microsoft Office Sessions:

Error: (12/05/2014 00:38:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 00:02:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2014 08:28:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: main.exe4.2.45.0db401d00dbfeb68bd5525C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Error: (12/01/2014 08:26:53 PM) (Source: VSS) (EventID: 12293) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshotProperties({169502e5-074e-4083-ab4b-6127a0efbef3})0x800706b5, The interface is unknown.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (12/01/2014 06:39:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 03:02:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 03:27:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: main.exe4.2.45.0f0401d000ad2024544029C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Error: (11/15/2014 03:22:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 09:13:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: main.exe4.2.45.058ac01cfff245f56f18c84C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Error: (11/13/2014 04:29:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: main.exe4.2.45.05e5401cfff1540101db813C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

CodeIntegrity Errors:

Date: 2014-08-18 08:06:47.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-18 08:06:47.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-18 08:06:47.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-18 08:06:47.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-22 12:27:32.384
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-22 12:27:32.382
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-22 12:27:32.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-09 12:22:40.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-09 12:22:40.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-09 12:22:40.433
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8174.45 MB
Available physical RAM: 5046.62 MB
Total Pagefile: 16347.08 MB
Available Pagefile: 12333.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:965.1 GB) NTFS
Drive d: (SIMCITY) (CDROM) (Total:1.85 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: 93D8918E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1384 GB) - (Type=07 NTFS)

==================== End Of Log ============================

So thats all the info I could gather atm, Ive saved all the tools if theyll come in handy to figure this out.

You could have attached the logs it would have been easier for you :slight_smile:

You had zero access hence all the damage

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" C:\Windows\Installer\{6a83217e-12a7-61e3-e560-8cc0f95811e4} C:\Users\Di-Doh\AppData\Local\{6a83217e-12a7-61e3-e560-8cc0f95811e4} EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Could you install Avast and run a scan please