Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by johnbarbw at 2015-03-28 21:04:12 Running from C:\Users\johnbarbw\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ability Office 5 (HKLM-x32\...\{D50EDFC1-82F3-4CD2-9583-868715CC3746}) (Version: 5 - Ability Software International) ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 4.0.0 - Atomi Systems, Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated) Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.310 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) Amazon Kindle (HKU\S-1-5-21-1547884887-3990002442-977762493-1001\...\Amazon Kindle) (Version: - Amazon) Bank2OFX (HKLM-x32\...\{43C203C6-6EF5-427A-957F-538520999F71}) (Version: 2.1.2.1 - ProperSoft) Bank2QIF (HKLM-x32\...\{17145F6F-0BFE-46E3-867A-D6EF0A54A9DE}) (Version: 2.2.1.9 - ProperSoft) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - ) Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - ) Canon MX860 series User Registration (HKLM-x32\...\Canon MX860 series User Registration) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated) CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION CSV2OFX (HKLM-x32\...\{0350FBB1-A96A-45A5-B4A6-C835E8522C22}) (Version: 2.3.0.2 - ProperSoft) CSV2QIF (HKLM-x32\...\{723CE9E7-6594-4D08-83DA-50F976B8D325}) (Version: 2.3.4.1 - ProperSoft) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.) Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell) Dell System Detect (HKU\S-1-5-21-1547884887-3990002442-977762493-1001\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) FixMyQIF (HKLM-x32\...\{6A74D44D-74A8-46A0-ABC1-9276DF509D7F}) (Version: 2.2.0.6 - ProperSoft) Free PDF to Word Converter (HKLM-x32\...\{348206A8-2688-4153-AF6A-E5D45E5AF563}) (Version: 1.0.0 - Free PDF Solutions) Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.) Google Chrome (HKU\S-1-5-21-1547884887-3990002442-977762493-1001\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Lightshot-5.2.0.17 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.0.17 - Skillbrains) Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team) Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Love of Quilting - July/August 2014 (HKLM-x32\...\cb68b7c98c8f16f5ea8b893bebfb04de) (Version: 1.0.1 - Nxtbook Media, LLC) Love of Quilting - July/August 2014 (x32 Version: 1.0.1 - Nxtbook Media, LLC) Hidden Love of Quilting - March/April 2015 (HKLM-x32\...\0864fa60a3bf4af559d90214831480ec) (Version: 1.0.5 - Nxtbook Media, LLC) Love of Quilting - March/April 2015 (x32 Version: 1.0.5 - Nxtbook Media, LLC) Hidden Love of Quilting - September/October 2014 (HKLM-x32\...\8a19ac20f67094034bfc00e611fac687) (Version: 1.0.2 - Nxtbook Media, LLC) Love of Quilting - September/October 2014 (x32 Version: 1.0.2 - Nxtbook Media, LLC) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft) Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla) MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz) Natural Color Pro (HKLM-x32\...\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.0.0.6 - SEC) Natural Color Pro (x32 Version: 1.0.0.6 - SEC) Hidden OFX2CSV (HKLM-x32\...\{7531536B-04DB-4610-93E5-A0B4CE8B4D2F}) (Version: 2.2.2.2 - ProperSoft) OFX2QIF (HKLM-x32\...\{0CDD6DE9-6274-4FC0-8DAE-9B1C80EBC1EF}) (Version: 2.1.2.4 - ProperSoft) Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA) P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis) PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) QFX2CSV (HKLM-x32\...\{AC4FE963-AEC1-4E8B-899E-223A0C3B142B}) (Version: 2.2.2.2 - ProperSoft) QIF2CSV (HKLM-x32\...\{C61CDD3E-1DBB-4F22-9970-61332F3ECF53}) (Version: 2.2.3.4 - ProperSoft) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION RoboForm 7-9-12-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems) Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.) Speed Fix Tool (HKLM-x32\...\{F555CDB2-BD0F-4776-8817-6CF3ABCBC1D1}) (Version: 2.5.7 - FixBliss) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) Unity Web Player (HKU\S-1-5-21-1547884887-3990002442-977762493-1001\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS) VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc) VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Password Recovery Standard (HKLM-x32\...\Windows Password Recovery Standard) (Version: - SmartKey, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1547884887-3990002442-977762493-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\johnbarbw\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1547884887-3990002442-977762493-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\johnbarbw\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1547884887-3990002442-977762493-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\johnbarbw\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1547884887-3990002442-977762493-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\johnbarbw\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1547884887-3990002442-977762493-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\johnbarbw\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 11-03-2015 18:30:52 Windows Update 19-03-2015 09:56:02 Scheduled Checkpoint 25-03-2015 11:47:44 Windows Update 27-03-2015 15:08:43 Removed SUPERAntiSpyware Free Edition 28-03-2015 18:24:12 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03B6EB8C-211F-4443-A9F6-26FBF6307A26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.) Task: {03BF40CA-C7C5-4192-8697-C48C470BB4A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.) Task: {09B122B4-3577-4F1F-A898-B01104263283} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files (x86)\Speed Fix Tool\Splash.exe [2014-09-17] () Task: {0CE0945A-36B2-4FC0-91EA-E620AC51686B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-02-28] (Siber Systems) Task: {12CBF792-1109-4532-A317-6A09C25FDEAE} - \RocketTab No Task File <==== ATTENTION Task: {1A102D90-ACF4-45CC-BD2E-9580E7544869} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {1DDA4731-C96B-4BC1-B245-286830309D6E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {1E510E55-45D7-4B4A-9F4A-4260DDB8FC86} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOJOMLMNJNMOJLJOJCNOJOJOMHMCNLMKMMMHMCNNJPMOJKMCNPMMJPMOMNJMMKJNJIMNJHMKJJNJICMIMCNGMCNOMNMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMMMLMHMJNHICMOMNMKJPMOMJNBJCMFJAJHJBJNJOJNINJIIJNKJCMJNNICMJNDJCMKJBJJNMJCMJMFMKMHMKMFMLMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ" Task: {20B45B3A-8C67-426D-BA0B-808A03203EE0} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] () Task: {3513FDFC-C361-4514-A788-8B35D650F337} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {3EB05719-8438-4E75-BEA5-88754B93AB5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1547884887-3990002442-977762493-1001Core => C:\Users\johnbarbw\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {5B994FF4-BF03-478B-85E0-E0382ADF7D77} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {60FCFA0D-B35C-4E59-A326-4291E40CA5BF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {7578026A-6E85-4419-A0EE-B6D1E74BF16D} - System32\Tasks\johnbarbw DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC) Task: {76D274DC-3DAA-4B74-925B-89E2D56493F1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.) Task: {7FB1070A-D0CF-437D-A78B-2786B71C98E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation) Task: {952293AB-BAD7-492F-8F13-E68A1F2B559F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {9CF0BE78-88CF-4760-9C81-4E583675802F} - System32\Tasks\Opera scheduled Autoupdate 1425097586 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software) Task: {A4B3D5C4-1F8E-459F-B8CE-CC67AAFC699B} - System32\Tasks\update-S-1-5-21-1547884887-3990002442-977762493-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {B1D5289B-108B-4CA6-AEC8-4521346124F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1547884887-3990002442-977762493-1001UA => C:\Users\johnbarbw\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {B4F7F3B5-E0C8-4E2F-8CD4-446258AE9C0D} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] () Task: {B6632D6F-687A-4D59-978B-54F6BDF9F76E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {B98F759B-16BA-4026-B47F-AE0A017CB5A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-18] (Adobe Systems Incorporated) Task: {BBDB33A0-AD63-4E23-8D2D-9D670C074537} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.) Task: {BE08C67C-2A66-463B-8DA2-DBE81706C2D2} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-11] (Microsoft Corporation) Task: {C337A68E-4001-494F-AE43-D84C879705F8} - System32\Tasks\PocketCloudUpdater => C:\Program Task: {CE01B7AA-66C6-41C9-8F1E-141F5D22921E} - \RocketTab Update Task No Task File <==== ATTENTION Task: {CF187F31-4168-49D5-92CD-A1043D736CDA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.) Task: {E028A524-55A8-419E-A028-5314FA5B5E23} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC) Task: {E8024409-14E8-47CC-A5CC-71E511DA7487} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {FD63DC99-079A-454E-9B4A-FA3400A05C6A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547884887-3990002442-977762493-1001Core.job => C:\Users\johnbarbw\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547884887-3990002442-977762493-1001UA.job => C:\Users\johnbarbw\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\update-S-1-5-21-1547884887-3990002442-977762493-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-27 08:50 - 2013-08-19 13:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2013-12-27 08:50 - 2013-08-19 13:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2013-12-27 08:50 - 2013-08-19 13:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe 2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll 2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll 2013-09-04 23:20 - 2013-09-04 23:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-04 23:24 - 2013-09-04 23:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-03-28 15:10 - 2015-03-28 15:10 - 00210944 _____ () C:\ProgramData\eazyzoom\1.1.0.30\Uninstaller.exe 2015-02-06 19:40 - 2015-02-06 19:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll 2013-12-27 08:39 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-03-26 21:13 - 2013-09-03 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\johnbarbw\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1547884887-3990002442-977762493-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= admin (S-1-5-21-1547884887-3990002442-977762493-1005 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-1547884887-3990002442-977762493-500 - Administrator - Disabled) Guest (S-1-5-21-1547884887-3990002442-977762493-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1547884887-3990002442-977762493-1003 - Limited - Enabled) johnbarbw (S-1-5-21-1547884887-3990002442-977762493-1001 - Administrator - Enabled) => C:\Users\johnbarbw ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/28/2015 06:28:04 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Removed SUPERAntiSpyware Free Edition). Additional information: 0x80070057. Error: (03/28/2015 06:24:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service. System Error: Access is denied. . Error: (03/28/2015 06:24:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service. System Error: Access is denied. . Error: (03/28/2015 06:16:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883 Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82 Exception code: 0x80000003 Fault offset: 0x00001e02 Faulting process id: 0xe40 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1018) (User: ) Description: VMware Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1022) (User: ) Description: VMware4 Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (03/21/2015 01:21:12 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 System errors: ============= Error: (03/28/2015 08:19:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Realtek Audio Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/28/2015 08:19:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (03/28/2015 08:19:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/28/2015 07:53:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ezwdg service failed to start due to the following error: %%1053 Error: (03/28/2015 07:53:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the ezwdg service to connect. Error: (03/28/2015 10:00:58 AM) (Source: DCOM) (EventID: 10010) (User: johnbarbw-dell) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/28/2015 09:46:17 AM) (Source: DCOM) (EventID: 10010) (User: johnbarbw-dell) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/28/2015 09:45:47 AM) (Source: DCOM) (EventID: 10010) (User: johnbarbw-dell) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/28/2015 09:41:42 AM) (Source: DCOM) (EventID: 10010) (User: johnbarbw-dell) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/28/2015 09:41:12 AM) (Source: DCOM) (EventID: 10010) (User: johnbarbw-dell) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions: ========================= Error: (03/28/2015 06:28:04 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Removed SUPERAntiSpyware Free Edition0x80070057 Error: (03/28/2015 06:24:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service. System Error: Access is denied. Error: (03/28/2015 06:24:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service. System Error: Access is denied. Error: (03/28/2015 06:16:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02e4001d0697e2611633fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7d49aeca-d5a0-11e4-82b6-3423873261d8 Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1018) (User: ) Description: VMware Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1022) (User: ) Description: VMware4 Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (03/21/2015 01:21:12 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (03/21/2015 01:21:12 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 CodeIntegrity Errors: =================================== Date: 2015-03-27 15:11:09.608 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Config.Msi\4db472e3.rbf because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-15 18:15:07.466 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:07.341 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:07.231 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:07.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:06.981 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:06.872 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:06.747 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:06.622 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-15 18:15:06.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentage of memory in use: 20% Total physical RAM: 8108.94 MB Available physical RAM: 6444.47 MB Total Pagefile: 9388.94 MB Available Pagefile: 7789.6 MB Total Virtual: 131072 MB Available Virtual: 131071.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.83 GB) (Free:812.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 3D63A6F8) Partition: GPT Partition Type. ==================== End Of Log ============================