Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01 Ran by Owner at 2014-10-19 12:15:38 Running from C:\Users\Owner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.) Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}) (Version: 15.2.0.661 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation) Creative Live! Cam Sync (VF0520) Driver (1.01.04.00) (HKLM\...\Creative VF0520) (Version: - Creative Technology Ltd.) Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.) Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) NirSoft DownTester (HKLM-x32\...\NirSoft DownTester) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SW-Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}) (Version: - Genuine P Software) <==== ATTENTION TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual CertExam Suite (HKLM-x32\...\Visual CertExam Suite_is1) (Version: - Avanset) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wireshark 1.10.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.0 - The Wireshark developer community, http://www.wireshark.org) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-422040510-2405641811-1513485937-1000_Classes\CLSID\{b872b706-bd23-4354-85f8-40738499a6df}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-422040510-2405641811-1513485937-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\SHELL32.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-10-2014 05:15:06 Windows Update 14-10-2014 14:51:38 Windows Update 15-10-2014 04:35:56 Windows Update 16-10-2014 12:42:07 Windows Update 17-10-2014 05:22:32 Windows Update 17-10-2014 13:56:48 Windows Update 18-10-2014 00:48:06 Checkpoint by HitmanPro 18-10-2014 00:49:35 Checkpoint by HitmanPro 18-10-2014 01:08:00 Checkpoint by HitmanPro 18-10-2014 05:18:00 Checkpoint by HitmanPro 18-10-2014 13:03:55 Checkpoint by HitmanPro 19-10-2014 05:03:01 Removed Bonjour ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02B5FC29-381D-4DF0-B48B-E492AE557096} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {289FC2E0-CCCD-4786-A200-CB913FD4DDC0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-422040510-2405641811-1513485937-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {2D661324-0B50-4B75-81E0-D2C82D5892E4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-422040510-2405641811-1513485937-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {30CF69B8-4EB6-4659-81A3-DE43DEC6D093} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {37B36978-924D-468A-83B7-076F44A84544} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {4CCFDFDE-E1C7-4D68-A3E4-11EF99435E26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {574E3C1D-D003-418C-BF9E-9F41191959E2} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {5BED9DAD-C51B-4AE5-86B6-0592028E839B} - System32\Tasks\DSite => C:\Users\Owner\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {83BA9A6B-3222-4F50-AF23-C1C7160B39D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-22] (Adobe Systems Incorporated) Task: {8BB8359D-AB40-41DA-967B-EB3A5AD49B41} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-422040510-2405641811-1513485937-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {95FB3E03-CB04-46C6-B511-12C1B8BDEFD8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A1864E88-41F7-4584-9B04-E7E5F722418F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-422040510-2405641811-1513485937-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {C1A1448D-3C65-4E23-A599-3596DFD9C423} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {C2093CD6-827C-4FDE-9477-5E06829F6B25} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {CFCFED44-27A4-49F0-8BFE-C6058745F8FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {DE198027-CBC6-4E86-92D9-2F2A4BF3B67F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-422040510-2405641811-1513485937-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {FDF0FF26-993E-4D35-B1BB-AED6437B138F} - System32\Tasks\{BCE69167-E1B3-4074-A673-C86BA006401A} => C:\Users\Owner\Desktop\Ventrilo.exe [2011-02-25] (Flagship Industries, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-09 16:04 - 2014-10-09 16:04 - 00016384 ____N () C:\Users\Owner\AppData\Local\Apps\2.0\Y1RRBR7Y.797\BJMC19N9.W2P\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll 2014-10-09 16:04 - 2014-10-09 16:04 - 00035840 ____N () C:\Users\Owner\AppData\Local\Apps\2.0\Y1RRBR7Y.797\BJMC19N9.W2P\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll 2014-10-09 16:04 - 2014-10-09 16:04 - 00099840 ____N () C:\Users\Owner\AppData\Local\Apps\2.0\Y1RRBR7Y.797\BJMC19N9.W2P\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll 2014-02-02 00:48 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-02-02 00:48 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-02-02 00:48 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-02-02 00:48 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-02-02 00:48 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-09-24 21:33 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll 2014-09-24 21:33 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll 2014-09-24 21:33 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll 2014-09-24 21:33 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll 2014-09-24 21:33 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll 2010-05-21 07:41 - 2010-05-21 07:41 - 00431392 _____ () C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Draw\PsiClient.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: FLEXnet Licensing Service 64 => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: PSI_SVC_2 => 2 MSCONFIG\Services: rpcapd => 3 MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ========================= Accounts: ========================== Administrator (S-1-5-21-422040510-2405641811-1513485937-500 - Administrator - Disabled) Guest (S-1-5-21-422040510-2405641811-1513485937-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-422040510-2405641811-1513485937-1007 - Limited - Enabled) Owner (S-1-5-21-422040510-2405641811-1513485937-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/18/2014 04:47:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDTray.exe, version: 2.1.21.129, time stamp: 0x51f0ed9e Faulting module name: dhcpcsvc6.DLL, version: 6.1.7601.17970, time stamp: 0x50745f7c Exception code: 0xc0000005 Fault offset: 0x00001414 Faulting process id: 0x9e8 Faulting application start time: 0xSDTray.exe0 Faulting application path: SDTray.exe1 Faulting module path: SDTray.exe2 Report Id: SDTray.exe3 Error: (10/17/2014 08:52:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SDUpdate.exe, version: 2.2.18.91, time stamp: 0x51949fc0 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86 Exception code: 0x0eedfade Fault offset: 0x0000c42d Faulting process id: 0x14ec Faulting application start time: 0xSDUpdate.exe0 Faulting application path: SDUpdate.exe1 Faulting module path: SDUpdate.exe2 Report Id: SDUpdate.exe3 Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002D4EB10.72). hr = 0x80070005, Access is denied. . Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000304,(null),0,REG_BINARY,00000000079EDF90.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {a35a2db7-924d-469c-97ad-6b318e0d0819} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008c0,(null),0,REG_BINARY,000000000A4AE000.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {0f7df197-d101-414f-b955-515ea5cc92bd} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009d8,(null),0,REG_BINARY,000000000321E290.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {0aedc34b-dd4c-440d-92d2-211c19c553f9} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,(null),0,REG_BINARY,0000000002F1E860.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {9d4cbb65-62cc-462c-8605-f98b77a1f649} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000304,(null),0,REG_BINARY,00000000079EDF90.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {a35a2db7-924d-469c-97ad-6b318e0d0819} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008c0,(null),0,REG_BINARY,000000000A4AE000.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {0f7df197-d101-414f-b955-515ea5cc92bd} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009d8,(null),0,REG_BINARY,000000000321E290.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {0aedc34b-dd4c-440d-92d2-211c19c553f9} System errors: ============= Error: (10/19/2014 10:34:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WinDefend service terminated with the following error: %%126 Error: (10/19/2014 10:34:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/19/2014 10:32:54 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (10/19/2014 10:30:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SW-Sustainer service to connect. Error: (10/19/2014 10:29:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Firewall service terminated with service-specific error %%5. Error: (10/19/2014 01:04:59 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/18/2014 04:50:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WinDefend service terminated with the following error: %%126 Error: (10/18/2014 04:50:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (10/18/2014 04:48:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (10/18/2014 04:47:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SW-Sustainer service to connect. Microsoft Office Sessions: ========================= Error: (10/18/2014 04:47:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDTray.exe2.1.21.12951f0ed9edhcpcsvc6.DLL6.1.7601.1797050745f7cc0000005000014149e801cfeb14ad0df6baC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Windows\system32\dhcpcsvc6.DLLff2ba6f9-5707-11e4-b0e4-bcaec5e0107d Error: (10/17/2014 08:52:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SDUpdate.exe2.2.18.9151949fc0KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d14ec01cfea6db38888d4C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dllf88b845b-5660-11e4-bb37-bcaec5e0107d Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000002e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002D4EB10.72)0x80070005, Access is denied. Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000304,(null),0,REG_BINARY,00000000079EDF90.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {a35a2db7-924d-469c-97ad-6b318e0d0819} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000008c0,(null),0,REG_BINARY,000000000A4AE000.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {0f7df197-d101-414f-b955-515ea5cc92bd} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000009d8,(null),0,REG_BINARY,000000000321E290.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {0aedc34b-dd4c-440d-92d2-211c19c553f9} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001f8,(null),0,REG_BINARY,0000000002F1E860.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {9d4cbb65-62cc-462c-8605-f98b77a1f649} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000304,(null),0,REG_BINARY,00000000079EDF90.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {a35a2db7-924d-469c-97ad-6b318e0d0819} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000008c0,(null),0,REG_BINARY,000000000A4AE000.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {0f7df197-d101-414f-b955-515ea5cc92bd} Error: (10/17/2014 08:50:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000009d8,(null),0,REG_BINARY,000000000321E290.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {0aedc34b-dd4c-440d-92d2-211c19c553f9} ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 965 Processor Percentage of memory in use: 35% Total physical RAM: 7934.05 MB Available physical RAM: 5147.2 MB Total Pagefile: 15866.29 MB Available Pagefile: 12533.02 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:768.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BA252DA4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================