[ncaa76]

Hi, I'm having a serious issue with my Windows 7 computer 64bit.  I can not open MS Essential or Malwarebytes. I noticed a program called., "winmgr.exe" is running in my task manger and my cpu and memory are running higher than normal. 

 

Till this point I have restarted in safe mode a ran a scan, but nothing shows up.  Rebooted from a antivirus recovery disk and ran a scan, again nothing showed up. 

 

I even tried following a thread that was posted on this site and realized that my problem was a little different than the what the other person was having (see link below).

 

http://www.geekstogo...nt-please-help/

 

However, I was able to download the app mentioned and did create some log files for someone to take a look at (attached). 

 

Please help le out, I'm really at a lost and have spent to many countless hours trying to resolve this annoying problem.

 

 

This shows the error message I get when opening MS Security Essentials and Malewarebyes.  Also you can see, "winmgr.exe*32" running in my task manager.

 

Thanks,

Attached Files

•  Addition.txt   41.84KB   208 downloads
•  FRST.txt   54.52KB   240 downloads
•  Shortcut.txt   109.45KB   3247 downloads

[Advertisements]

Hi. My name is Brian, and I would be happy to look into your issue.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Just wanted you to know that I'll be taking your post. I'll review the logs and have a plan for you tomorrow.

[BrianDrab]

Hi. My name is Brian, and I would be happy to look into your issue.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Just wanted you to know that I'll be taking your post. I'll review the logs and have a plan for you tomorrow.

[BrianDrab]

Step#1 - Warnings
 

Critical Malware Found!
 
WARNING!!! - One or more of the identified infections is known to use a backdoor.
 
This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

 

 

Illegal Software Identified

 

Unfortunately we can't proceed as there is illegal/cracked Adobe software on your machine. The Terms of Use that you agreed to when signing up for an account stipulates the following taken from bullet 3p.

 

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

 

 

If you would like us to continue please uninstall any illegal/cracked software from your system and follow the instructions below to post a fresh set of logs.

 

Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check this log will be created as well. Please copy and paste this log as well.

 

 

 

Items for your next Post

1. Fresh FRST & Addition logs

 

[ncaa76]

Thanks for helping me out, here is the updated log files.  I was not aware that I had pirated software on my computer, the person that built this computer most have put it on.  Please let me know what the next steps are.

 

Thanks

Attached Files

•  Addition.txt   42.4KB   208 downloads
•  FRST.txt   38.54KB   218 downloads

[BrianDrab]

It appears that Autodesk is still installed which appears to have been obtained illegally. Please uninstall this software and then provide fresh logs. Also please copy/paste the contents of the logs instead of attaching them as they are easier to review/research. If you don't feel Autodesk was obtained illegally, let me know. Also do you know if AutoCAD was installed at the same time as Autodesk? Thank you.

 

Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check this log will be created as well. Please copy and paste this log as well.

 

  

 

Items for your next post

1. Fresh FRST and Addition logs

[ncaa76]

Went ahead a deleted all the files in question and have re-run the scan tool. These all the updated findings.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 06-10-2014 22:13:38
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner & Darryl)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1320937888\ee\aolsoftware.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\Windows Manager\winmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Autodesk Inc.) C:\Users\Owner\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SearchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1320937888\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-20] (Autodesk Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ISLAlwaysOn: C:\Program Files (x86)\ISL Online\ISL AlwaysOn\aon_notify64.dll ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-09-12] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\RunOnce: [WindowsUpdate] => C:\Program Files (x86)\Windows Manager\winmgr.exe [26303488 2014-04-22] ()
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {252808db-d992-11e3-8f76-00038a000015} - F:\Setup.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {b0240b3e-00da-11e1-881b-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {d2917123-0bd5-11e1-bdb2-00038a000015} - E:\HPLauncher.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...U218DHP&pc=U218
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8DC01587C40BCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {2AFDC4CD-0115-4FA1-9672-6D359ECC9896} URL =
SearchScopes: HKCU - 9FC3F499D0BE429BB089348458577255 URL = http://search.condui...6243087029&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...n=1.1.3001.0(B)
SearchScopes: HKCU - {F83BCEDF-A200-4372-A91A-1CAF5B23CDAC} URL = http://search.yahoo....p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://energy.webex...ex/ieatgpc1.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} -  No File
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} -  No File
Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Address Bar Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-20] (Autodesk Inc.)
R2 BackupService; C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [248664 2013-09-12] (Garmin Ltd or its subsidiaries)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
S3 isl_always_on; C:\Program Files (x86)\ISL Online\ISL AlwaysOn\ISLAlwaysOnService.exe [67512 2010-03-23] (XLAB d.o.o.)
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] () [File not signed]
S2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S1 MpKsl1e0172ff; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{223F1FA8-1AC3-4535-8DBA-4873366C20EE}\MpKsl1e0172ff.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S1 tmkfmklt; \??\C:\Windows\system32\drivers\tmkfmklt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 17:58 - 2014-10-06 17:58 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-06 17:57 - 2014-10-06 17:57 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-06 17:36 - 2010-11-16 21:24 - 00750440 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2014-10-06 11:03 - 2014-10-06 11:04 - 00000000 ____D () C:\Users\Owner\Desktop\Alhambra Project
2014-10-06 11:01 - 2014-10-06 11:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\smkits
2014-10-05 12:53 - 2014-10-06 22:13 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-10-04 13:31 - 2014-10-04 13:32 - 00000179 _____ () C:\ProgramData\LockFilePath.ini
2014-09-30 16:48 - 2014-09-30 16:50 - 00000000 ____D () C:\Users\Owner\Downloads\Logs From Scan
2014-09-25 21:25 - 2014-09-25 23:48 - 00005575 _____ () C:\Users\Owner\Documents\aswMBR.txt
2014-09-25 21:25 - 2014-09-25 23:48 - 00000512 _____ () C:\Users\Owner\Documents\MBR.dat
2014-09-25 16:07 - 2014-09-25 16:07 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-25 16:02 - 2014-09-25 16:02 - 05579290 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2014-09-25 15:58 - 2014-09-25 15:58 - 05579290 _____ () C:\Users\Owner\Downloads\ComboFix.exe
2014-09-25 15:57 - 2014-09-25 15:57 - 05580995 _____ () C:\Users\Owner\Downloads\ComboFix.exe.part
2014-09-25 15:34 - 2014-09-25 15:34 - 00112072 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-09-25 15:31 - 2014-10-05 12:56 - 00043418 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-25 15:30 - 2014-10-06 22:15 - 00024833 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-25 15:30 - 2014-10-06 22:13 - 00000000 ____D () C:\FRST
2014-09-25 15:25 - 2014-10-06 22:13 - 02109952 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-25 03:06 - 2014-09-25 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:02 - 2014-09-24 18:02 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Darryl\Downloads\tdsskiller.exe
2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Macromedia
2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Macromedia
2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Mozilla
2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Mozilla
2014-09-24 17:52 - 2014-09-24 17:52 - 00000000 ____D () C:\Users\Darryl\Documents\Autodesk Application Manager
2014-09-24 17:51 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Adobe
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Real
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Logitech
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Autodesk
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Apple Computer
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Autodesk
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\AOL
2014-09-24 17:50 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Adobe
2014-09-24 17:50 - 2014-09-24 17:50 - 00001413 _____ () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 17:48 - 2014-09-24 17:50 - 00000000 ____D () C:\Users\Darryl
2014-09-24 17:48 - 2014-09-24 17:48 - 00000020 ___SH () C:\Users\Darryl\ntuser.ini
2014-09-24 17:48 - 2011-11-11 04:02 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Microsoft Help
2014-09-24 17:48 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 17:48 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 10:46 - 2014-09-24 10:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 09:41 - 2014-09-23 09:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-23 09:38 - 2014-09-23 09:40 - 158875752 _____ () C:\Users\Owner\Downloads\setup_11.0.3.7.x01_2014_09_23_18_27.exe
2014-09-22 19:51 - 2014-09-22 19:51 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\Hewlett-Packard
2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-22 19:32 - 2014-09-22 19:32 - 00002212 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001888 _____ () C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001217 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z Scan.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001180 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
2014-09-22 19:29 - 2014-09-22 19:29 - 00000000 ____D () C:\Program Files\HP
2014-09-22 17:28 - 2014-09-22 17:29 - 00000000 ____D () C:\Users\Owner\Documents\Seminary Application Information
2014-09-13 13:15 - 2014-10-06 17:56 - 00000376 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
2014-09-13 13:15 - 2014-10-06 13:37 - 00002960 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Owner
2014-09-13 13:15 - 2014-10-06 13:37 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job
2014-09-13 13:15 - 2014-10-05 03:25 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Owner
2014-09-13 13:15 - 2014-10-05 03:25 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job
2014-09-13 13:15 - 2014-09-13 13:15 - 00003612 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Owner
2014-09-13 13:15 - 2014-09-13 13:15 - 00002668 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Owner
2014-09-11 00:59 - 2014-09-20 15:37 - 00000000 ____D () C:\Users\Owner\Documents\Logos Log Files
2014-09-11 00:05 - 2014-09-11 00:05 - 00002277 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software 5.lnk
2014-09-11 00:05 - 2014-09-11 00:05 - 00002269 _____ () C:\Users\Owner\Desktop\Logos Bible Software 5.lnk
2014-09-11 00:02 - 2014-09-11 00:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Logos5
2014-09-10 00:28 - 2014-09-10 00:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 00:28 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 00:27 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-07 20:12 - 2014-10-05 20:12 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-09-07 20:12 - 2014-10-05 20:12 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 22:13 - 2011-11-14 16:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 21:51 - 2012-04-11 08:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 21:38 - 2011-10-27 13:34 - 01943524 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 18:06 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 18:06 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 17:59 - 2011-11-19 01:43 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-10-06 17:58 - 2011-11-19 01:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-06 17:56 - 2011-11-14 16:55 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 17:55 - 2013-03-22 09:07 - 00041180 _____ () C:\SUService.log
2014-10-06 17:55 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 17:55 - 2009-07-13 21:51 - 00004093 _____ () C:\Windows\setupact.log
2014-10-06 17:35 - 2011-11-09 16:40 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-06 17:30 - 2014-09-01 14:22 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-10-06 17:30 - 2014-09-01 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-10-06 17:30 - 2014-09-01 11:39 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-06 17:01 - 2011-10-27 15:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-06 16:57 - 2011-10-28 14:59 - 00157224 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 16:55 - 2010-11-20 20:47 - 00298638 _____ () C:\Windows\PFRO.log
2014-10-06 16:55 - 2009-07-13 21:45 - 00548416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 16:50 - 2014-09-01 11:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Autodesk
2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-05 12:50 - 2014-09-01 12:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-10-05 12:50 - 2014-05-11 22:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-01 07:10 - 2014-08-01 13:50 - 00000000 ____D () C:\Users\Owner\Desktop\Tremco Price List
2014-10-01 07:10 - 2011-11-10 18:11 - 00000000 ____D () C:\Users\Owner\Documents\Tremco Files
2014-10-01 06:54 - 2014-04-20 00:48 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-10-01 06:54 - 2013-10-05 07:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\575FBD5E-1C20-4307-967F-91631EBA51A1.aplzod
2014-09-30 14:25 - 2009-07-13 22:13 - 00852386 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 15:54 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-25 13:28 - 2013-03-04 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:28 - 2013-02-17 20:07 - 00489472 ___SH () C:\Users\Owner\Documents\Thumbs.db
2014-09-24 17:51 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-24 12:52 - 2012-04-11 08:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 12:51 - 2012-04-11 08:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 12:51 - 2011-10-27 14:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 09:10 - 2014-09-01 19:15 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-09-23 02:12 - 2014-06-05 03:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-09-22 21:36 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 21:21 - 2012-05-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-22 21:20 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-22 20:25 - 2011-11-25 20:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-22 19:26 - 2011-11-14 16:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 19:26 - 2011-10-27 15:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-22 18:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-22 17:42 - 2011-11-19 01:43 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2014-09-22 17:42 - 2011-11-19 01:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 14:56 - 2011-11-14 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\CutePDF Writer
2014-09-22 12:07 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-18 13:31 - 2013-03-22 09:33 - 00000529 _____ () C:\Users\Owner\Desktop\CRM - logon.website
2014-09-15 15:04 - 2011-11-10 14:18 - 00000000 ____D () C:\Tremspec

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2281097704-164782711-356799163-1000\$e67713bd0b769398522382128486d6c3

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e67713bd0b769398522382128486d6c3

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\AcDeltree.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply3ggz.dll
C:\Users\Owner\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Owner\AppData\Local\Temp\GoogleEarthPRO7.1.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\_is8AB2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2014-10-06 00:29

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Owner at 2014-10-06 22:15:32
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version:  - ALOT)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)
AutoEdit (HKLM-x32\...\AutoEdit) (Version:  - )
Batch Update (x32 Version: 3.0 - Libronix Corporation) Hidden
Bible Data Type System Files (x32 Version: 3.0 - Libronix Corporation) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlackBerry Backup Extractor (HKCU\...\BlackBerry Backup Extractor) (Version: 2.0.1.0 - Reincubate Ltd)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.9.2809 - CDBurnerXP)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Clause Visualizer (x32 Version: 3.0 - Libronix Corporation) Hidden
Common System Files (x32 Version: 3.0 - Libronix Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7CBAE557-86B7-43DE-BF84-2FE9226E86C6}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Garmin Express (HKLM-x32\...\{ec281b79-20b1-4076-807d-b4a562eb13c5}) (Version: 2.3.12.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
Graphical Query Editor (x32 Version: 3.0 - Libronix Corporation) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iPod 2 iPod (HKLM-x32\...\iPod 2 iPod 5.0) (Version: 5.0 - THE BOYS DOWNUNDER)
ISL AlwaysOn 1.2.4 (HKLM-x32\...\ISL AlwaysOn_is1) (Version:  - Xlab d.o.o.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Libronix Digital Library System (HKLM-x32\...\Libronix DLS) (Version:  - Libronix Corporation)
Libronix Digital Library System (x32 Version: 3.0 - Libronix Corporation) Hidden
Libronix DLS Application (x32 Version: 3.0 - Libronix Corporation) Hidden
Libronix DLS Shortcuts (x32 Version: 3.0 - Libronix Corporation) Hidden
LibronixUpdate (x32 Version: 3.0 - Libronix Corporation) Hidden
LLS Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Logos 5 Prerequisites (HKLM-x32\...\{15203635-D281-4AE4-83B1-EA217B217E4D}) (Version: 5.33.0744 - Logos Bible Software)
Logos Bible Software (HKLM-x32\...\{2CBF05BA-9C5B-4954-8CB6-CEF46F83B5E8}) (Version: 5.34.1531 - Logos Bible Software)
Lotus Notes 8.5.3 (Basic) (HKLM-x32\...\{CD38D0D3-AF3F-4D6A-92C8-7C384EE5AEF3}) (Version: 8.53.11258 - IBM)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Masterworks 6.3 (HKLM-x32\...\Masterworks 6.3) (Version: 6.3.1.1 - ARCOM)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OEB Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM-x32\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version:  - Orban, Inc.)
PDF Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RMP Expiration Extension Update (HKLM-x32\...\{720A5A3F-6794-43BA-A667-6C7E728375F7}) (Version: 4.0.2 - Tremco Incorporated)
RMPNet (HKLM-x32\...\{EB7B194B-8609-4B9F-BD8C-607B20ACD996}) (Version: 1.1.5000 - Tremco Incorporated)
Sentence Diagramming (x32 Version: 3.0 - Libronix Corporation) Hidden
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tremco TremSpec Document (May 2011) Install/Update (HKLM-x32\...\Tremco TremSpec Document (May 2011) Install/Update) (Version:  - )
Tremco TremSpec Maseter Update 2012 (HKLM-x32\...\Tremco TremSpec Maseter Update 2012) (Version:  - )
TremcoPDF (HKLM\...\TremcoPDF) (Version:  - )
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual CADD 5.0 (HKLM-x32\...\Visual CADD 5.0) (Version:    by TriTools Partners - TriTools LLC)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
WordPerfect Office 12 (HKLM-x32\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)
YTD Toolbar v9.2 (HKLM-x32\...\{D0F57AAA-96F7-4210-B3A5-824DA82ABF45}) (Version: 9.2 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)
Z 39.50 Library (x32 Version: 3.0 - Libronix Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1216\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

25-09-2014 01:19:37 Removed HP Officejet 6500 E710n-z Basic Device Software
25-09-2014 01:23:55 Removed HP Officejet 6500 E710n-z Basic Device Software
25-09-2014 10:00:11 Windows Update
26-09-2014 10:00:11 Windows Update
27-09-2014 10:00:11 Windows Update
28-09-2014 10:00:11 Windows Update
29-09-2014 10:00:11 Windows Update
30-09-2014 10:00:12 Windows Update
01-10-2014 10:00:11 Windows Update
02-10-2014 10:00:11 Windows Update
03-10-2014 10:00:11 Windows Update
04-10-2014 10:00:11 Windows Update
05-10-2014 10:00:34 Windows Update
05-10-2014 19:47:22 Removed Adobe Acrobat XI Pro.
06-10-2014 10:00:19 Windows Update
07-10-2014 00:02:31 Removed Autodesk 360
07-10-2014 00:05:09 Removed Autodesk App Manager.
07-10-2014 00:06:45 Removed Autodesk AutoCAD Performance Feedback Tool Version 1.2.2
07-10-2014 00:07:34 Removed Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit
07-10-2014 00:08:22 Removed Autodesk Featured Apps.
07-10-2014 00:09:57 Removed Autodesk Material Library 2015.
07-10-2014 00:13:41 Removed Autodesk Material Library Base Resolution Image Library 2015.
07-10-2014 00:31:39 Removed HP Officejet 6500 E710n-z Basic Device Software
07-10-2014 00:35:31 Removed HP Officejet 6500 E710n-z Basic Device Software

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-05-11 22:09 - 00000963 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {34508CF1-89C0-45CB-B092-2500628B572E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A2D19C5-1FE9-43D9-8A3C-D93700A7EDA5} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {488F2C9F-F9D9-4859-AFA9-7031A98A4470} - System32\Tasks\ReclaimerUpdateFiles_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {59868DBA-CE38-4BAE-B18B-1B4C3079F673} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {89D820F1-4C55-4DFC-A4B2-2DB74186F133} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {8D0F15FF-18AA-423D-AFA2-632206255D6C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {8E5CAC52-5A4C-4042-B20A-7AB794D72B0C} - System32\Tasks\ReclaimerUpdateXML_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {8E77689F-1188-4736-BEE6-E899FF72768E} - System32\Tasks\hpUrlLauncher.exe => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\utils\hpUrlLauncher.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {94B889D8-B0EB-433E-88C6-0AFBEA9884C3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {A0EDC2ED-ED4A-4D1C-9ADF-024BE1DF0E2C} - System32\Tasks\RNUpgradeHelperResumePrompt_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {A87D0AB8-DAA8-4855-956B-B1D1301EF030} - System32\Tasks\RNUpgradeHelperLogonPrompt_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {B115D89A-7A35-4CCE-B456-1486416CB5AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {B78CD7D6-492A-4550-86EE-A467B860CF24} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {B7B3B9F4-0587-4682-8408-623351A470F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {DE79F0F7-BC23-4BCB-8ABD-0FA45E4B54E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {FBD9A38D-86D7-4C14-9ED6-95529BB1359C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2011-11-10 14:20 - 2008-07-19 18:26 - 00087040 _____ () C:\Windows\System32\custmon64.dll
2011-11-10 21:40 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-07 02:39 - 2011-10-07 02:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-11-10 14:37 - 2011-05-26 15:14 - 00685976 _____ () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
2014-09-01 19:15 - 2014-04-22 17:51 - 26303488 _____ () C:\Program Files (x86)\Windows Manager\winmgr.exe
2014-09-01 14:42 - 2014-06-20 23:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-01 14:42 - 2014-06-20 23:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 10:07 - 2014-04-25 10:07 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-06 17:57 - 2014-10-06 17:57 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmply3ggz.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2011-11-10 14:37 - 2010-04-26 15:30 - 00090112 _____ () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\FileMapInfoDB.dll
2014-10-06 17:57 - 2014-06-20 23:19 - 00104328 _____ () C:\Users\Owner\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 01777664 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 01224192 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00290816 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGUtils.DLL
2013-10-07 12:24 - 2013-10-07 12:24 - 00631808 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 01393664 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00751104 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 03105280 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00059392 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00519168 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
2013-10-07 12:52 - 2014-09-01 19:20 - 17652224 _____ () C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00726016 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 01050624 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll
2013-10-07 12:32 - 2013-10-07 12:32 - 00015872 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 07877632 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 06174208 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 00518656 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll
2013-10-07 12:28 - 2013-10-07 12:28 - 00086528 _____ () C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 00018944 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 00158208 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00145408 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
2012-07-27 13:51 - 2012-07-27 13:51 - 06549432 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
2014-09-04 05:50 - 2014-09-04 05:50 - 00305544 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-08-26 15:16 - 2012-08-26 15:16 - 00196208 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
2014-09-25 03:06 - 2014-09-25 03:06 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2281097704-164782711-356799163-500 - Administrator - Disabled)
Darryl (S-1-5-21-2281097704-164782711-356799163-1006 - Administrator - Enabled) => C:\Users\Darryl
Guest (S-1-5-21-2281097704-164782711-356799163-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2281097704-164782711-356799163-1002 - Limited - Enabled)
Owner (S-1-5-21-2281097704-164782711-356799163-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: MpKsl1e0172ff
Description: MpKsl1e0172ff
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl1e0172ff
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2014 05:57:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 05:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xf28
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/06/2014 05:20:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 05:18:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/06/2014 05:18:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/06/2014 05:18:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 04:57:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/06/2014 10:13:10 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/06/2014 06:00:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%5

Error: (10/06/2014 05:55:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :20" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/06/2014 05:55:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/06/2014 05:55:38 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{10D6E3BF-62E8-4CD1-9521-10F52F0C2A51} because another computer on the network has the same name.  The server could not start.

Error: (10/06/2014 05:55:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2

Error: (10/06/2014 05:21:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%5

Error: (10/06/2014 05:18:50 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :20" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/06/2014 05:18:49 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/06/2014 05:18:50 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{10D6E3BF-62E8-4CD1-9521-10F52F0C2A51} because another computer on the network has the same name.  The server could not start.


Microsoft Office Sessions:
=========================
Error: (10/06/2014 05:57:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 05:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102f2801cfe1c4a6d84f56C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll6b16a2ba-4db8-11e4-98f2-00038a000015

Error: (10/06/2014 05:20:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 05:18:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/06/2014 05:18:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/06/2014 05:18:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 04:57:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 70%
Total physical RAM: 4007.94 MB
Available physical RAM: 1174.78 MB
Total Pagefile: 10016.12 MB
Available Pagefile: 7010.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:215.95 GB) NTFS
Drive g: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:658.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B7B35B8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0004B0A5)
Partition 1: (Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[BrianDrab]

Thank you. Let's get you cleaned up. Because of the type of infection you have we'll likely need at least a couple rounds of fixes before you see an improvement. Please stick with me until I declare you clean.

 

Step#1 - Create Restore Point
1. Please click your start button, right-click on the Computer menu item and select Properties as show below.

 

2. Click on the Advanced system settings link.

 

3. Click the System Protection tab and then click the Create button.

 

 

4. You will be asked to provide a description. Please type G2G and click Create. 

 

 

5. You will get a message telling you when it's complete. Click Close on the message.

 

 

Step#2 - FRST Fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   2.88KB   184 downloads

Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check this log will be created as well. Please copy and paste this log as well.

 

    

 

Items for your Next Post

1. FRST Fix Log

3. Fresh FRST and Addition logs

[ncaa76]

Here is the results for the fixlog.txt:

Content of fixlist:
*****************
CloseProcesses:
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
C:\Program Files (x86)\Windows Manager
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\RunOnce: [WindowsUpdate] => C:\Program Files (x86)\Windows Manager\winmgr.exe [26303488 2014-04-22] ()
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com
2014-09-01 19:15 - 2014-04-22 17:51 - 26303488 __RSH () C:\Windows\SysWOW64\Microsoft.com
C:\$Recycle.Bin\S-1-5-21-2281097704-164782711-356799163-1000\$e67713bd0b769398522382128486d6c3
C:\$Recycle.Bin\S-1-5-18\$e67713bd0b769398522382128486d6c3
Reboot:

*****************

Processes closed successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
C:\Program Files (x86)\Windows Manager => Moved successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-2281097704-164782711-356799163-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WindowsUpdate => value deleted successfully.
HKU\S-1-5-21-2281097704-164782711-356799163-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Key deleted successfully.
C:\Windows\SysWOW64\Microsoft.com => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-2281097704-164782711-356799163-1000\$e67713bd0b769398522382128486d6c3 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e67713bd0b769398522382128486d6c3 => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

Please note, I got a error code upon restarting my computer.  (See screenshot)

 

 

Here is the fresh set of logs

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 08-10-2014 00:03:17
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner & Darryl)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1320937888\ee\aolsoftware.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Autodesk Inc.) C:\Users\Owner\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SearchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1320937888\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-20] (Autodesk Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ISLAlwaysOn: C:\Program Files (x86)\ISL Online\ISL AlwaysOn\aon_notify64.dll ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-09-12] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {252808db-d992-11e3-8f76-00038a000015} - F:\Setup.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {b0240b3e-00da-11e1-881b-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {d2917123-0bd5-11e1-bdb2-00038a000015} - E:\HPLauncher.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...U218DHP&pc=U218
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8DC01587C40BCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {2AFDC4CD-0115-4FA1-9672-6D359ECC9896} URL =
SearchScopes: HKCU - 9FC3F499D0BE429BB089348458577255 URL = http://search.condui...6243087029&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...n=1.1.3001.0(B)
SearchScopes: HKCU - {F83BCEDF-A200-4372-A91A-1CAF5B23CDAC} URL = http://search.yahoo....p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://energy.webex...ex/ieatgpc1.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} -  No File
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} -  No File
Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Address Bar Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-20] (Autodesk Inc.)
R2 BackupService; C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [248664 2013-09-12] (Garmin Ltd or its subsidiaries)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
S3 isl_always_on; C:\Program Files (x86)\ISL Online\ISL AlwaysOn\ISLAlwaysOnService.exe [67512 2010-03-23] (XLAB d.o.o.)
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S1 MpKsl1e0172ff; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{223F1FA8-1AC3-4535-8DBA-4873366C20EE}\MpKsl1e0172ff.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S1 tmkfmklt; \??\C:\Windows\system32\drivers\tmkfmklt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 14:21 - 2014-10-07 14:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\smkits
2014-10-07 01:55 - 2014-10-07 01:55 - 00000000 ____D () C:\Users\Owner\Desktop\Desk Top Folder Tremco
2014-10-06 17:58 - 2014-10-06 17:58 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-06 17:57 - 2014-10-06 17:57 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-06 17:36 - 2010-11-16 21:24 - 00750440 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2014-10-06 11:03 - 2014-10-07 15:08 - 00000000 ____D () C:\Users\Owner\Desktop\Alhambra Project
2014-10-05 12:53 - 2014-10-06 22:13 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-10-04 13:31 - 2014-10-04 13:32 - 00000179 _____ () C:\ProgramData\LockFilePath.ini
2014-09-30 16:48 - 2014-09-30 16:50 - 00000000 ____D () C:\Users\Owner\Downloads\Logs From Scan
2014-09-25 21:25 - 2014-09-25 23:48 - 00005575 _____ () C:\Users\Owner\Documents\aswMBR.txt
2014-09-25 21:25 - 2014-09-25 23:48 - 00000512 _____ () C:\Users\Owner\Documents\MBR.dat
2014-09-25 16:07 - 2014-09-25 16:07 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-25 16:02 - 2014-09-25 16:02 - 05579290 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2014-09-25 15:58 - 2014-09-25 15:58 - 05579290 _____ () C:\Users\Owner\Downloads\ComboFix.exe
2014-09-25 15:34 - 2014-09-25 15:34 - 00112072 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-09-25 15:31 - 2014-10-06 22:16 - 00045318 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-25 15:30 - 2014-10-08 00:05 - 00022226 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-25 15:30 - 2014-10-08 00:03 - 00000000 ____D () C:\FRST
2014-09-25 15:25 - 2014-10-06 22:13 - 02109952 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-25 03:06 - 2014-09-25 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:02 - 2014-09-24 18:02 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Darryl\Downloads\tdsskiller.exe
2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Macromedia
2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Macromedia
2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Mozilla
2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Mozilla
2014-09-24 17:52 - 2014-09-24 17:52 - 00000000 ____D () C:\Users\Darryl\Documents\Autodesk Application Manager
2014-09-24 17:51 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Adobe
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Real
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Logitech
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Autodesk
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Apple Computer
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Autodesk
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\AOL
2014-09-24 17:50 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Adobe
2014-09-24 17:50 - 2014-09-24 17:50 - 00001413 _____ () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 17:48 - 2014-09-24 17:50 - 00000000 ____D () C:\Users\Darryl
2014-09-24 17:48 - 2014-09-24 17:48 - 00000020 ___SH () C:\Users\Darryl\ntuser.ini
2014-09-24 17:48 - 2011-11-11 04:02 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Microsoft Help
2014-09-24 17:48 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 17:48 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 10:46 - 2014-09-24 10:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 09:41 - 2014-09-23 09:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-23 09:38 - 2014-09-23 09:40 - 158875752 _____ () C:\Users\Owner\Downloads\setup_11.0.3.7.x01_2014_09_23_18_27.exe
2014-09-22 19:51 - 2014-09-22 19:51 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\Hewlett-Packard
2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-22 19:32 - 2014-09-22 19:32 - 00002212 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001888 _____ () C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001217 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z Scan.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001180 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
2014-09-22 19:29 - 2014-09-22 19:29 - 00000000 ____D () C:\Program Files\HP
2014-09-22 17:28 - 2014-09-22 17:29 - 00000000 ____D () C:\Users\Owner\Documents\Seminary Application Information
2014-09-13 13:15 - 2014-10-07 23:51 - 00000376 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
2014-09-13 13:15 - 2014-10-07 13:38 - 00002960 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Owner
2014-09-13 13:15 - 2014-10-07 13:38 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job
2014-09-13 13:15 - 2014-10-07 02:26 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Owner
2014-09-13 13:15 - 2014-10-07 02:26 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job
2014-09-13 13:15 - 2014-09-13 13:15 - 00003612 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Owner
2014-09-13 13:15 - 2014-09-13 13:15 - 00002668 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Owner
2014-09-11 00:59 - 2014-09-20 15:37 - 00000000 ____D () C:\Users\Owner\Documents\Logos Log Files
2014-09-11 00:05 - 2014-09-11 00:05 - 00002277 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software 5.lnk
2014-09-11 00:05 - 2014-09-11 00:05 - 00002269 _____ () C:\Users\Owner\Desktop\Logos Bible Software 5.lnk
2014-09-11 00:02 - 2014-09-11 00:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Logos5
2014-09-10 00:28 - 2014-09-10 00:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 00:28 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 00:27 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 00:01 - 2014-09-07 20:12 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-08 00:01 - 2014-09-07 20:12 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-08 00:00 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 00:00 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 23:59 - 2011-10-27 13:34 - 01098202 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 23:56 - 2011-11-19 01:43 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-10-07 23:55 - 2011-11-19 01:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-07 23:52 - 2011-11-14 16:55 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 23:51 - 2013-03-22 09:07 - 00041514 _____ () C:\SUService.log
2014-10-07 23:51 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 23:51 - 2009-07-13 21:51 - 00004149 _____ () C:\Windows\setupact.log
2014-10-07 23:13 - 2011-11-14 16:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 22:51 - 2012-04-11 08:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 14:34 - 2011-11-10 18:11 - 00000000 ____D () C:\Users\Owner\Documents\Tremco Files
2014-10-07 02:41 - 2014-08-01 13:50 - 00000000 ____D () C:\Users\Owner\Desktop\Tremco Price List
2014-10-07 00:21 - 2009-07-13 22:13 - 00852386 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 17:35 - 2011-11-09 16:40 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-06 17:30 - 2014-09-01 14:22 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-10-06 17:30 - 2014-09-01 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-10-06 17:30 - 2014-09-01 11:39 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-06 17:01 - 2011-10-27 15:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-06 16:57 - 2011-10-28 14:59 - 00157224 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 16:55 - 2010-11-20 20:47 - 00298638 _____ () C:\Windows\PFRO.log
2014-10-06 16:55 - 2009-07-13 21:45 - 00548416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 16:50 - 2014-09-01 11:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Autodesk
2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-05 12:50 - 2014-09-01 12:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-10-05 12:50 - 2014-05-11 22:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-01 06:54 - 2014-04-20 00:48 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-10-01 06:54 - 2013-10-05 07:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\575FBD5E-1C20-4307-967F-91631EBA51A1.aplzod
2014-09-25 15:54 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-25 13:28 - 2013-03-04 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:28 - 2013-02-17 20:07 - 00489472 ___SH () C:\Users\Owner\Documents\Thumbs.db
2014-09-24 17:51 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-24 12:52 - 2012-04-11 08:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 12:51 - 2012-04-11 08:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 12:51 - 2011-10-27 14:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 02:12 - 2014-06-05 03:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-09-22 21:36 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 21:21 - 2012-05-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-22 21:20 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-22 20:25 - 2011-11-25 20:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-22 19:26 - 2011-11-14 16:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 19:26 - 2011-10-27 15:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-22 18:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-22 17:42 - 2011-11-19 01:43 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2014-09-22 17:42 - 2011-11-19 01:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 14:56 - 2011-11-14 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\CutePDF Writer
2014-09-22 12:07 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-21 23:42 - 2010-11-20 20:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 13:31 - 2013-03-22 09:33 - 00000529 _____ () C:\Users\Owner\Desktop\CRM - logon.website
2014-09-15 15:04 - 2011-11-10 14:18 - 00000000 ____D () C:\Tremspec

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\AcDeltree.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpictns2.dll
C:\Users\Owner\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Owner\AppData\Local\Temp\GoogleEarthPRO7.1.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\_is8AB2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 00:29

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Owner at 2014-10-08 00:06:07
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version:  - ALOT)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)
AutoEdit (HKLM-x32\...\AutoEdit) (Version:  - )
Batch Update (x32 Version: 3.0 - Libronix Corporation) Hidden
Bible Data Type System Files (x32 Version: 3.0 - Libronix Corporation) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlackBerry Backup Extractor (HKCU\...\BlackBerry Backup Extractor) (Version: 2.0.1.0 - Reincubate Ltd)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.9.2809 - CDBurnerXP)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Clause Visualizer (x32 Version: 3.0 - Libronix Corporation) Hidden
Common System Files (x32 Version: 3.0 - Libronix Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7CBAE557-86B7-43DE-BF84-2FE9226E86C6}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Garmin Express (HKLM-x32\...\{ec281b79-20b1-4076-807d-b4a562eb13c5}) (Version: 2.3.12.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
Graphical Query Editor (x32 Version: 3.0 - Libronix Corporation) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iPod 2 iPod (HKLM-x32\...\iPod 2 iPod 5.0) (Version: 5.0 - THE BOYS DOWNUNDER)
ISL AlwaysOn 1.2.4 (HKLM-x32\...\ISL AlwaysOn_is1) (Version:  - Xlab d.o.o.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Libronix Digital Library System (HKLM-x32\...\Libronix DLS) (Version:  - Libronix Corporation)
Libronix Digital Library System (x32 Version: 3.0 - Libronix Corporation) Hidden
Libronix DLS Application (x32 Version: 3.0 - Libronix Corporation) Hidden
Libronix DLS Shortcuts (x32 Version: 3.0 - Libronix Corporation) Hidden
LibronixUpdate (x32 Version: 3.0 - Libronix Corporation) Hidden
LLS Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Logos 5 Prerequisites (HKLM-x32\...\{15203635-D281-4AE4-83B1-EA217B217E4D}) (Version: 5.33.0744 - Logos Bible Software)
Logos Bible Software (HKLM-x32\...\{2CBF05BA-9C5B-4954-8CB6-CEF46F83B5E8}) (Version: 5.34.1531 - Logos Bible Software)
Lotus Notes 8.5.3 (Basic) (HKLM-x32\...\{CD38D0D3-AF3F-4D6A-92C8-7C384EE5AEF3}) (Version: 8.53.11258 - IBM)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Masterworks 6.3 (HKLM-x32\...\Masterworks 6.3) (Version: 6.3.1.1 - ARCOM)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OEB Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM-x32\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version:  - Orban, Inc.)
PDF Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RMP Expiration Extension Update (HKLM-x32\...\{720A5A3F-6794-43BA-A667-6C7E728375F7}) (Version: 4.0.2 - Tremco Incorporated)
RMPNet (HKLM-x32\...\{EB7B194B-8609-4B9F-BD8C-607B20ACD996}) (Version: 1.1.5000 - Tremco Incorporated)
Sentence Diagramming (x32 Version: 3.0 - Libronix Corporation) Hidden
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tremco TremSpec Document (May 2011) Install/Update (HKLM-x32\...\Tremco TremSpec Document (May 2011) Install/Update) (Version:  - )
Tremco TremSpec Maseter Update 2012 (HKLM-x32\...\Tremco TremSpec Maseter Update 2012) (Version:  - )
TremcoPDF (HKLM\...\TremcoPDF) (Version:  - )
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual CADD 5.0 (HKLM-x32\...\Visual CADD 5.0) (Version:    by TriTools Partners - TriTools LLC)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
WordPerfect Office 12 (HKLM-x32\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)
YTD Toolbar v9.2 (HKLM-x32\...\{D0F57AAA-96F7-4210-B3A5-824DA82ABF45}) (Version: 9.2 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)
Z 39.50 Library (x32 Version: 3.0 - Libronix Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1216\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-09-2014 10:00:11 Windows Update
30-09-2014 10:00:12 Windows Update
01-10-2014 10:00:11 Windows Update
02-10-2014 10:00:11 Windows Update
03-10-2014 10:00:11 Windows Update
04-10-2014 10:00:11 Windows Update
05-10-2014 10:00:34 Windows Update
05-10-2014 19:47:22 Removed Adobe Acrobat XI Pro.
06-10-2014 10:00:19 Windows Update
07-10-2014 00:02:31 Removed Autodesk 360
07-10-2014 00:05:09 Removed Autodesk App Manager.
07-10-2014 00:06:45 Removed Autodesk AutoCAD Performance Feedback Tool Version 1.2.2
07-10-2014 00:07:34 Removed Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit
07-10-2014 00:08:22 Removed Autodesk Featured Apps.
07-10-2014 00:09:57 Removed Autodesk Material Library 2015.
07-10-2014 00:13:41 Removed Autodesk Material Library Base Resolution Image Library 2015.
07-10-2014 00:31:39 Removed HP Officejet 6500 E710n-z Basic Device Software
07-10-2014 00:35:31 Removed HP Officejet 6500 E710n-z Basic Device Software
07-10-2014 10:00:19 Windows Update
08-10-2014 06:48:17 G2G

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-05-11 22:09 - 00000963 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {28D4A8DA-61E4-4DD2-B581-01D1347014DD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {34508CF1-89C0-45CB-B092-2500628B572E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A2D19C5-1FE9-43D9-8A3C-D93700A7EDA5} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {488F2C9F-F9D9-4859-AFA9-7031A98A4470} - System32\Tasks\ReclaimerUpdateFiles_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {7101673B-58B4-476B-B7EF-BB68DE909684} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {89D820F1-4C55-4DFC-A4B2-2DB74186F133} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {8D0F15FF-18AA-423D-AFA2-632206255D6C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {8E5CAC52-5A4C-4042-B20A-7AB794D72B0C} - System32\Tasks\ReclaimerUpdateXML_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {8E77689F-1188-4736-BEE6-E899FF72768E} - System32\Tasks\hpUrlLauncher.exe => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\utils\hpUrlLauncher.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A0EDC2ED-ED4A-4D1C-9ADF-024BE1DF0E2C} - System32\Tasks\RNUpgradeHelperResumePrompt_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {A87D0AB8-DAA8-4855-956B-B1D1301EF030} - System32\Tasks\RNUpgradeHelperLogonPrompt_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {B115D89A-7A35-4CCE-B456-1486416CB5AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {B78CD7D6-492A-4550-86EE-A467B860CF24} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {B7B3B9F4-0587-4682-8408-623351A470F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {DE79F0F7-BC23-4BCB-8ABD-0FA45E4B54E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {FBD9A38D-86D7-4C14-9ED6-95529BB1359C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2011-11-10 14:20 - 2008-07-19 18:26 - 00087040 _____ () C:\Windows\System32\custmon64.dll
2011-11-10 21:40 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-07 02:39 - 2011-10-07 02:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-11-10 14:37 - 2011-05-26 15:14 - 00685976 _____ () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
2014-09-01 14:42 - 2014-06-20 23:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-01 14:42 - 2014-06-20 23:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 10:07 - 2014-04-25 10:07 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-07 23:53 - 2014-10-07 23:53 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpictns2.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2011-11-10 14:37 - 2010-04-26 15:30 - 00090112 _____ () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\FileMapInfoDB.dll
2014-10-07 23:53 - 2014-06-20 23:19 - 00104328 _____ () C:\Users\Owner\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2014-09-25 03:06 - 2014-09-25 03:06 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-09 23:51 - 2014-09-09 23:51 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2281097704-164782711-356799163-500 - Administrator - Disabled)
Darryl (S-1-5-21-2281097704-164782711-356799163-1006 - Administrator - Enabled) => C:\Users\Darryl
Guest (S-1-5-21-2281097704-164782711-356799163-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2281097704-164782711-356799163-1002 - Limited - Enabled)
Owner (S-1-5-21-2281097704-164782711-356799163-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: MpKsl1e0172ff
Description: MpKsl1e0172ff
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl1e0172ff
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 11:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 11:51:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/07/2014 11:51:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/07/2014 11:51:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 05:57:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 05:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xf28
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/06/2014 05:20:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/08/2014 00:00:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (10/07/2014 11:57:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.

Error: (10/07/2014 11:51:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :20" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/07/2014 11:51:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/07/2014 11:51:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{10D6E3BF-62E8-4CD1-9521-10F52F0C2A51} because another computer on the network has the same name.  The server could not start.

Error: (10/07/2014 11:50:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/07/2014 11:50:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/07/2014 11:50:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHA_MessageCenter service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/07/2014 11:50:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/07/2014 11:50:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (10/07/2014 11:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 11:51:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/07/2014 11:51:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/07/2014 11:51:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 05:57:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/06/2014 05:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/06/2014 05:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102f2801cfe1c4a6d84f56C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll6b16a2ba-4db8-11e4-98f2-00038a000015

Error: (10/06/2014 05:20:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 4007.94 MB
Available physical RAM: 1608.27 MB
Total Pagefile: 10016.12 MB
Available Pagefile: 7534.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:216.03 GB) NTFS
Drive g: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:658.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B7B35B8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0004B0A5)
Partition 1: (Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by ncaa76, 08 October 2014 - 01:12 AM.

[BrianDrab]

We'll address the Microsoft Security Essentials error shortly. We need to get rid of some other junkware and check to ensure there isn't still an infection first. Please follow the instructions below.

 

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. If you do use any of the programs then feel free to re-install them once I declare you clean. Most of the time they are foistware (software installed without your knowledge when installing other software).

 

 -ALOT Appbar
-YTD Toolbar v9.2
-Viewpoint Media Player

-Java 6 Update 29

 

 

Step#2 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   2.99KB   251 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - JRT
 
Note: Please disable your Antivirus Software before doing going on. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#5 - Rootkit Scan
2. Right-click on aswMBR.exe from your desktop and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#6 - Service Scanner

 
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.

 

 
 
Things For Your Next Post:
Please post the logs in the order requested.
1. FRST fix log

2. JRT log

3. AdwCleaner log

4. Rootkit Scan log

5. Service Scanner log

[ncaa76]

During the uninstall; the YTD Toolbar v9.2 would not properly uninstalled...

 

 

As requested here are the logs:

 

FRST FIX LOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Owner at 2014-10-08 16:25:28 Run:6
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner & Darryl)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [SearchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {252808db-d992-11e3-8f76-00038a000015} - F:\Setup.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {b0240b3e-00da-11e1-881b-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {d2917123-0bd5-11e1-bdb2-00038a000015} - E:\HPLauncher.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
SearchScopes: HKLM-x32 - DefaultScope {2AFDC4CD-0115-4FA1-9672-6D359ECC9896} URL =
SearchScopes: HKCU - 9FC3F499D0BE429BB089348458577255 URL = http://search.condui...6243087029&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...n=1.1.3001.0(B)
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Extension: Address Bar Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25]
S2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X]
S1 MpKsl1e0172ff; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{223F1FA8-1AC3-4535-8DBA-4873366C20EE}\MpKsl1e0172ff.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S1 tmkfmklt; \??\C:\Windows\system32\drivers\tmkfmklt.sys [X]
Task: {3A2D19C5-1FE9-43D9-8A3C-D93700A7EDA5} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe No File
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll No File
Hosts:
EmptyTemp:

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings => value deleted successfully.
HKU\S-1-5-21-2281097704-164782711-356799163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKU\S-1-5-21-2281097704-164782711-356799163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-2281097704-164782711-356799163-1000" => Key not found.
"HKU\S-1-5-21-2281097704-164782711-356799163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{252808db-d992-11e3-8f76-00038a000015}" => Key deleted successfully.
"HKCR\CLSID\{252808db-d992-11e3-8f76-00038a000015}" => Key not found.
"HKU\S-1-5-21-2281097704-164782711-356799163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0240b3e-00da-11e1-881b-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{b0240b3e-00da-11e1-881b-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-2281097704-164782711-356799163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2917123-0bd5-11e1-bdb2-00038a000015}" => Key deleted successfully.
"HKCR\CLSID\{d2917123-0bd5-11e1-bdb2-00038a000015}" => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\9FC3F499D0BE429BB089348458577255" => Key deleted successfully.
"HKCR\CLSID\9FC3F499D0BE429BB089348458577255" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key deleted successfully.
"HKCR\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}" => Key not found.
"HKCR\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP" => Key not found.
C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi => Moved successfully.
Application Updater => Service deleted successfully.
MpKsl1e0172ff => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
tmkfmklt => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A2D19C5-1FE9-43D9-8A3C-D93700A7EDA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A2D19C5-1FE9-43D9-8A3C-D93700A7EDA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} => Value not found.
"HKCR\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
"HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}" => Key deleted successfully.
"HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}" => Key deleted successfully.
"HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 3.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

JRT LOG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Professional x64
Ran by Owner on Wed 10/08/2014 at 16:55:52.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Failed to delete: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ozpw4nhr.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ozpw4nhr.default\prefs.js

user_pref("CT3315827.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
user_pref("browser.search.defaultthis.engineName", "InternetHelper3.6 Customized Web Search");
user_pref("browser.search.useDBForOrder", true);
user_pref("smartbar.addressBarOwnerCTID", "CT3315827");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3315827&CUI=UN24456116919369104&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3315827&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315827&SearchSource=2&CUI=UN24456116919369104&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3315827");
user_pref("smartbar.homePageOwnerCTID", "CT3315827");
user_pref("smartbar.machineId", "ON+MOH4IWYB5KR5SA6ENRYQLM4KQTO7JTCZ22D8H0HCMKRMA1ZDREK8PJYJMVMUNKOLWGPM+HLD6HO7KJQJ95W");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3315827&CUI=UN24456116919369104&UM=2&SearchSource=13");
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ozpw4nhr.default\minidumps [20 files]



~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/08/2014 at 16:58:36.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ADWCLEANER LOG

 

# AdwCleaner v3.311 - Report created 08/10/2014 at 17:20:02
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\InternetHelper3.6
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Owner\AppData\LocalLow\InternetHelper3.6
File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40B1DE34-8AA4-41E7-9114-0AC90FB7A434}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B780671-89E2-4244-A83D-96CCEAF20741}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.6
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\InternetHelper3.6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Darryl\AppData\Roaming\Mozilla\Firefox\Profiles\qc5vli35.default\prefs.js ]


[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default\prefs.js ]

Line Deleted : user_pref("CT3315827.FF19Solved", "true");
Line Deleted : user_pref("CT3315827.UserID", "UN24456116919369104");
Line Deleted : user_pref("CT3315827.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3315827.fullUserID", "UN24456116919369104.IN.20140101231243");
Line Deleted : user_pref("CT3315827.installDate", "01/01/2014 23:12:44");
Line Deleted : user_pref("CT3315827.installSessionId", "{05FFBE61-65E9-4A46-BEB7-AD663B39F23A}");
Line Deleted : user_pref("CT3315827.installSp", "TRUE");
Line Deleted : user_pref("CT3315827.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3315827.keyword", "true");
Line Deleted : user_pref("CT3315827.originalHomepage", "hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3315827.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("CT3315827.originalSearchEngine", "Bing");
Line Deleted : user_pref("CT3315827.originalSearchEngineName", "Bing");
Line Deleted : user_pref("CT3315827.searchRevert", "false");
Line Deleted : user_pref("CT3315827.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3315827.searchUserMode", "2");
Line Deleted : user_pref("CT3315827.toolbarInstallDate", "01-01-2014 23:12:43");
Line Deleted : user_pref("CT3315827.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3315827.xpeMode", "0");
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[R0].txt - [4977 octets] - [08/10/2014 17:17:36]
AdwCleaner[S0].txt - [4912 octets] - [08/10/2014 17:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4972 octets] ##########
 

 

 

ROOKIT LOG

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-08 17:30:07
-----------------------------
17:30:07.310    OS Version: Windows x64 6.1.7601 Service Pack 1
17:30:07.310    Number of processors: 4 586 0x2A07
17:30:07.310    ComputerName: OWNER-PC  UserName: Owner
17:30:19.291    Initialize success
17:30:19.353    VM: initialized successfully
17:30:19.384    VM: Intel CPU BiosDisabled
17:30:26.582    VM: supported disk I/O ataport.SYS
17:31:16.094    AVAST engine defs: 14100802
17:31:34.768    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:34.768    Disk 0 Vendor: WDC_WD5000AAKX-603CA0 16.01H16 Size: 476940MB BusType: 3
17:31:35.579    Disk 0 MBR read successfully
17:31:35.579    Disk 0 MBR scan
17:31:35.610    Disk 0 Windows 7 default MBR code
17:31:35.657    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:31:35.688    Disk 0 default boot code
17:31:35.735    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
17:31:36.374    Disk 0 scanning C:\Windows\system32\drivers
17:32:48.290    Service scanning
17:35:00.064    Modules scanning
17:35:00.064    Disk 0 trace - called modules:
17:35:00.111    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
17:35:00.111    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d38060]
17:35:00.126    3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> [0xfffffa8004744580]
17:35:00.126    5 ACPI.sys[fffff88000efb7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004746060]
17:35:55.491    AVAST engine scan C:\Windows
17:36:50.138    AVAST engine scan C:\Windows\system32
17:54:24.169    AVAST engine scan C:\Windows\system32\drivers
17:55:22.732    AVAST engine scan C:\Users\Owner
20:52:40.658    AVAST engine scan C:\ProgramData
21:15:08.935    Scan finished successfully
22:00:01.500    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
22:00:01.532    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


SERVICE SCANNER LOG

 

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 08-10-2014 at 22:01:43
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Edited by ncaa76, 09 October 2014 - 12:16 AM.

[BrianDrab]

Important: Disable your antivirus so it doesn't interfere with the fix! Instructions for doing so are here.
 
Step#1 - Repair Services

1. Please download the ESET services repair tool to your desktop.
2. Right-click on the ServicesRepair.exe file and choose Run as administrator.
3. If security notifications appear, click Allow and then click Yes when asked if you want to proceed.
4. Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
5. A log named SvcRepair.log will be saved in the CCSupport\Logs folder the tool created on your desktop, please post the content in your next reply

Step#2 - Verify

1. Open up FarBar Service Scanner (FSS.exe) from your desktop.
2. Ensure all options are checked and click Scan.
3. It will create a log (FSS.txt) in the same directory the tool is run.
4. Please copy and paste the log to your reply.

 

Step#3 - FRST Scan
 

1. Right click on FRST64 to run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form (if it's not already) before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The tool will generate another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

Step#4 - Re-Enable AV

1. Re-enable the real-time protection of your Antivirus.
2. Reboot and let me know if you still are getting the Microsoft Security Client error during the reboot cycle.

 
  

Items For Your Next Post:
Please post the logs in the order requested.
1. Contents of SvcRepair.log
2. Contents of FSS.txt

3. New FRST and Addition logs

4. Are you getting the Microsoft Security Client error?

[ncaa76]

As requested;

 

SvcRepair.log

 

Log Opened: 2014-10-09 @ 19:05:19
19:05:19 - -----------------
19:05:19 - | Begin Logging |
19:05:19 - -----------------
19:05:19 - Fix started on a WIN_7 X64 computer
19:05:19 - Prep in progress.  Please Wait.
19:05:21 - Prep complete
19:05:21 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
19:05:23 - Services Repair Complete.
19:05:29 - Reboot Initiated
 

 

 

FSS.txt  log

 

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 09-10-2014 at 19:21:25
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 09-10-2014 19:24:42
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner & Darryl)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1320937888\ee\aolsoftware.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Autodesk Inc.) C:\Users\Owner\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1320937888\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-04-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-20] (Autodesk Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ISLAlwaysOn: C:\Program Files (x86)\ISL Online\ISL AlwaysOn\aon_notify64.dll ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-09-12] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: D - D:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...U218DHP&pc=U218
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8DC01587C40BCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {F83BCEDF-A200-4372-A91A-1CAF5B23CDAC} URL = http://search.yahoo....p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://energy.webex...ex/ieatgpc1.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} -  No File
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} -  No File
Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-20] (Autodesk Inc.)
R2 BackupService; C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [248664 2013-09-12] (Garmin Ltd or its subsidiaries)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
S3 isl_always_on; C:\Program Files (x86)\ISL Online\ISL AlwaysOn\ISLAlwaysOnService.exe [67512 2010-03-23] (XLAB d.o.o.)
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 19:17 - 2014-10-09 19:17 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-09 19:17 - 2014-10-09 19:17 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-09 19:05 - 2014-10-09 19:05 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-10-09 19:04 - 2014-10-09 19:04 - 04009167 _____ () C:\Users\Owner\Desktop\ServicesRepair.exe
2014-10-09 03:00 - 2014-10-09 03:00 - 00000000 ____D () C:\Windows\TempDCBDAA2C-00C3-F6C2-3813-E38C4A519AE9-Signatures
2014-10-09 00:18 - 2010-11-16 21:24 - 00750440 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2014-10-08 22:01 - 2014-10-09 19:21 - 00002911 _____ () C:\Users\Owner\Desktop\FSS.txt
2014-10-08 22:00 - 2014-10-08 22:00 - 00415232 _____ (Farbar) C:\Users\Owner\Desktop\FSS.exe
2014-10-08 22:00 - 2014-10-08 22:00 - 00002109 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-10-08 22:00 - 2014-10-08 22:00 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-10-08 17:28 - 2014-10-08 17:28 - 00005060 _____ () C:\Users\Owner\Desktop\AdwCleaner[S0].txt
2014-10-08 17:23 - 2014-10-08 17:23 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-08 17:17 - 2014-10-08 17:20 - 00000000 ____D () C:\AdwCleaner
2014-10-08 17:16 - 2014-10-08 17:16 - 01375089 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-10-08 16:58 - 2014-10-08 16:58 - 00004449 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-10-08 16:55 - 2014-10-08 16:55 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 16:53 - 2014-10-08 16:55 - 01705141 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-10-08 16:36 - 2014-10-08 17:23 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000
2014-10-07 01:55 - 2014-10-07 01:55 - 00000000 ____D () C:\Users\Owner\Desktop\Desk Top Folder Tremco
2014-10-06 11:03 - 2014-10-07 15:08 - 00000000 ____D () C:\Users\Owner\Desktop\Alhambra Project
2014-10-05 12:53 - 2014-10-06 22:13 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-10-04 13:31 - 2014-10-08 17:38 - 00000179 _____ () C:\ProgramData\LockFilePath.ini
2014-09-30 16:48 - 2014-09-30 16:50 - 00000000 ____D () C:\Users\Owner\Downloads\Logs From Scan
2014-09-25 21:25 - 2014-09-25 23:48 - 00005575 _____ () C:\Users\Owner\Documents\aswMBR.txt
2014-09-25 21:25 - 2014-09-25 23:48 - 00000512 _____ () C:\Users\Owner\Documents\MBR.dat
2014-09-25 16:07 - 2014-09-25 16:07 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-09-25 16:02 - 2014-09-25 16:02 - 05579290 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2014-09-25 15:58 - 2014-09-25 15:58 - 05579290 _____ () C:\Users\Owner\Downloads\ComboFix.exe
2014-09-25 15:34 - 2014-09-25 15:34 - 00112072 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-09-25 15:31 - 2014-10-08 00:08 - 00041909 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-09-25 15:30 - 2014-10-09 19:26 - 00018772 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-09-25 15:30 - 2014-10-09 19:24 - 00000000 ____D () C:\FRST
2014-09-25 15:25 - 2014-10-06 22:13 - 02109952 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-09-25 03:06 - 2014-10-08 16:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:02 - 2014-09-24 18:02 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Darryl\Downloads\tdsskiller.exe
2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Macromedia
2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Macromedia
2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Mozilla
2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Mozilla
2014-09-24 17:52 - 2014-09-24 17:52 - 00000000 ____D () C:\Users\Darryl\Documents\Autodesk Application Manager
2014-09-24 17:51 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Adobe
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Real
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Logitech
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Autodesk
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Apple Computer
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Autodesk
2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\AOL
2014-09-24 17:50 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Adobe
2014-09-24 17:50 - 2014-09-24 17:50 - 00001413 _____ () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 17:48 - 2014-09-24 17:50 - 00000000 ____D () C:\Users\Darryl
2014-09-24 17:48 - 2014-09-24 17:48 - 00000020 ___SH () C:\Users\Darryl\ntuser.ini
2014-09-24 17:48 - 2011-11-11 04:02 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Microsoft Help
2014-09-24 17:48 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 17:48 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 10:46 - 2014-09-24 10:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 09:41 - 2014-09-23 09:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-23 09:38 - 2014-09-23 09:40 - 158875752 _____ () C:\Users\Owner\Downloads\setup_11.0.3.7.x01_2014_09_23_18_27.exe
2014-09-22 19:51 - 2014-09-22 19:51 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\Hewlett-Packard
2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-22 19:32 - 2014-09-22 19:32 - 00002212 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001888 _____ () C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001217 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z Scan.lnk
2014-09-22 19:32 - 2014-09-22 19:32 - 00001180 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
2014-09-22 19:29 - 2014-09-22 19:29 - 00000000 ____D () C:\Program Files\HP
2014-09-22 17:28 - 2014-09-22 17:29 - 00000000 ____D () C:\Users\Owner\Documents\Seminary Application Information
2014-09-13 13:15 - 2014-10-09 19:15 - 00000376 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
2014-09-13 13:15 - 2014-10-09 13:40 - 00002960 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Owner
2014-09-13 13:15 - 2014-10-09 13:40 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job
2014-09-13 13:15 - 2014-10-09 01:27 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Owner
2014-09-13 13:15 - 2014-10-09 01:27 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job
2014-09-13 13:15 - 2014-09-13 13:15 - 00003612 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Owner
2014-09-13 13:15 - 2014-09-13 13:15 - 00002668 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Owner
2014-09-11 00:59 - 2014-09-20 15:37 - 00000000 ____D () C:\Users\Owner\Documents\Logos Log Files
2014-09-11 00:05 - 2014-09-11 00:05 - 00002277 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software 5.lnk
2014-09-11 00:05 - 2014-09-11 00:05 - 00002269 _____ () C:\Users\Owner\Desktop\Logos Bible Software 5.lnk
2014-09-11 00:02 - 2014-09-11 00:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Logos5
2014-09-10 00:28 - 2014-09-10 00:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 00:28 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 00:27 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 19:16 - 2011-11-19 01:43 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-10-09 19:16 - 2011-11-19 01:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-09 19:16 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 19:16 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 19:15 - 2011-10-27 13:34 - 01707263 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 19:14 - 2011-11-14 16:55 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 19:13 - 2011-11-14 16:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 19:07 - 2013-03-22 09:07 - 00043274 _____ () C:\SUService.log
2014-10-09 19:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 19:07 - 2009-07-13 21:51 - 00004373 _____ () C:\Windows\setupact.log
2014-10-09 19:06 - 2010-11-20 20:47 - 00393970 _____ () C:\Windows\PFRO.log
2014-10-09 18:51 - 2012-04-11 08:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 03:01 - 2014-06-09 17:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-09 03:01 - 2011-10-27 15:17 - 00002148 _____ () C:\Windows\epplauncher.mif
2014-10-09 03:01 - 2011-10-27 15:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-09 00:18 - 2011-11-09 16:40 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-08 23:59 - 2014-04-20 00:48 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-10-08 23:59 - 2013-10-05 07:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\575FBD5E-1C20-4307-967F-91631EBA51A1.aplzod
2014-10-08 23:44 - 2013-02-17 20:07 - 00489472 ___SH () C:\Users\Owner\Documents\Thumbs.db
2014-10-08 16:06 - 2011-10-27 15:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-08 16:02 - 2011-11-10 18:11 - 00000000 ____D () C:\Users\Owner\Documents\Tremco Files
2014-10-08 15:48 - 2014-08-01 13:50 - 00000000 ____D () C:\Users\Owner\Desktop\Tremco Price List
2014-10-07 00:21 - 2009-07-13 22:13 - 00852386 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 17:30 - 2014-09-01 14:22 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-10-06 17:30 - 2014-09-01 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-10-06 17:30 - 2014-09-01 11:39 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-06 17:01 - 2011-10-27 15:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-06 16:57 - 2011-10-28 14:59 - 00157224 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 16:55 - 2009-07-13 21:45 - 00548416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 16:50 - 2014-09-01 11:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Autodesk
2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-05 12:50 - 2014-09-01 12:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-10-05 12:50 - 2014-05-11 22:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-25 15:54 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-25 13:28 - 2013-03-04 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 17:51 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-24 12:52 - 2012-04-11 08:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 12:51 - 2012-04-11 08:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 12:51 - 2011-10-27 14:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 02:12 - 2014-06-05 03:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-09-22 21:36 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 21:21 - 2012-05-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-22 21:20 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-22 20:25 - 2011-11-25 20:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-22 19:26 - 2011-11-14 16:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 19:26 - 2011-10-27 15:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-09-22 18:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-22 17:42 - 2011-11-19 01:43 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2014-09-22 17:42 - 2011-11-19 01:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 14:56 - 2011-11-14 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\CutePDF Writer
2014-09-22 12:07 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-21 23:42 - 2010-11-20 20:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 13:31 - 2013-03-22 09:33 - 00000529 _____ () C:\Users\Owner\Desktop\CRM - logon.website
2014-09-15 15:04 - 2011-11-10 14:18 - 00000000 ____D () C:\Tremspec

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkaaavi.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 00:29

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Owner at 2014-10-09 19:27:36
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)
AutoEdit (HKLM-x32\...\AutoEdit) (Version:  - )
Batch Update (x32 Version: 3.0 - Libronix Corporation) Hidden
Bible Data Type System Files (x32 Version: 3.0 - Libronix Corporation) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlackBerry Backup Extractor (HKCU\...\BlackBerry Backup Extractor) (Version: 2.0.1.0 - Reincubate Ltd)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.9.2809 - CDBurnerXP)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Clause Visualizer (x32 Version: 3.0 - Libronix Corporation) Hidden
Common System Files (x32 Version: 3.0 - Libronix Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7CBAE557-86B7-43DE-BF84-2FE9226E86C6}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Garmin Express (HKLM-x32\...\{ec281b79-20b1-4076-807d-b4a562eb13c5}) (Version: 2.3.12.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.12.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
Graphical Query Editor (x32 Version: 3.0 - Libronix Corporation) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iPod 2 iPod (HKLM-x32\...\iPod 2 iPod 5.0) (Version: 5.0 - THE BOYS DOWNUNDER)
ISL AlwaysOn 1.2.4 (HKLM-x32\...\ISL AlwaysOn_is1) (Version:  - Xlab d.o.o.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Libronix Digital Library System (HKLM-x32\...\Libronix DLS) (Version:  - Libronix Corporation)
Libronix Digital Library System (x32 Version: 3.0 - Libronix Corporation) Hidden
Libronix DLS Application (x32 Version: 3.0 - Libronix Corporation) Hidden
Libronix DLS Shortcuts (x32 Version: 3.0 - Libronix Corporation) Hidden
LibronixUpdate (x32 Version: 3.0 - Libronix Corporation) Hidden
LLS Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Logos 5 Prerequisites (HKLM-x32\...\{15203635-D281-4AE4-83B1-EA217B217E4D}) (Version: 5.33.0744 - Logos Bible Software)
Logos Bible Software (HKLM-x32\...\{2CBF05BA-9C5B-4954-8CB6-CEF46F83B5E8}) (Version: 5.34.1531 - Logos Bible Software)
Lotus Notes 8.5.3 (Basic) (HKLM-x32\...\{CD38D0D3-AF3F-4D6A-92C8-7C384EE5AEF3}) (Version: 8.53.11258 - IBM)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Masterworks 6.3 (HKLM-x32\...\Masterworks 6.3) (Version: 6.3.1.1 - ARCOM)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OEB Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM-x32\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version:  - Orban, Inc.)
PDF Resource Driver (x32 Version: 3.0 - Libronix Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RMP Expiration Extension Update (HKLM-x32\...\{720A5A3F-6794-43BA-A667-6C7E728375F7}) (Version: 4.0.2 - Tremco Incorporated)
RMPNet (HKLM-x32\...\{EB7B194B-8609-4B9F-BD8C-607B20ACD996}) (Version: 1.1.5000 - Tremco Incorporated)
Sentence Diagramming (x32 Version: 3.0 - Libronix Corporation) Hidden
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tremco TremSpec Document (May 2011) Install/Update (HKLM-x32\...\Tremco TremSpec Document (May 2011) Install/Update) (Version:  - )
Tremco TremSpec Maseter Update 2012 (HKLM-x32\...\Tremco TremSpec Maseter Update 2012) (Version:  - )
TremcoPDF (HKLM\...\TremcoPDF) (Version:  - )
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual CADD 5.0 (HKLM-x32\...\Visual CADD 5.0) (Version:    by TriTools Partners - TriTools LLC)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
WordPerfect Office 12 (HKLM-x32\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)
YTD Toolbar v9.2 (HKLM-x32\...\{D0F57AAA-96F7-4210-B3A5-824DA82ABF45}) (Version: 9.2 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)
Z 39.50 Library (x32 Version: 3.0 - Libronix Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1216\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2281097704-164782711-356799163-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-10-2014 10:00:19 Windows Update
08-10-2014 06:48:17 G2G
08-10-2014 10:00:11 Windows Update
08-10-2014 23:05:32 Removed Java™ 6 Update 29
09-10-2014 07:17:49 Removed HP Officejet 6500 E710n-z Basic Device Software
09-10-2014 10:00:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-08 16:26 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {23A18154-5202-49A4-8A11-539F3422C7BD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {34508CF1-89C0-45CB-B092-2500628B572E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {488F2C9F-F9D9-4859-AFA9-7031A98A4470} - System32\Tasks\ReclaimerUpdateFiles_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {8E5CAC52-5A4C-4042-B20A-7AB794D72B0C} - System32\Tasks\ReclaimerUpdateXML_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {8E77689F-1188-4736-BEE6-E899FF72768E} - System32\Tasks\hpUrlLauncher.exe => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\utils\hpUrlLauncher.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {9565AA1C-0179-4BDE-93B8-9705BD1C2093} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A0EDC2ED-ED4A-4D1C-9ADF-024BE1DF0E2C} - System32\Tasks\RNUpgradeHelperResumePrompt_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {A87D0AB8-DAA8-4855-956B-B1D1301EF030} - System32\Tasks\RNUpgradeHelperLogonPrompt_Owner => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {B115D89A-7A35-4CCE-B456-1486416CB5AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {B78CD7D6-492A-4550-86EE-A467B860CF24} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {B7B3B9F4-0587-4682-8408-623351A470F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {B96301AA-5C00-430D-8EA1-FA9045919756} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {DE79F0F7-BC23-4BCB-8ABD-0FA45E4B54E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {E1C008B0-BA0A-4568-BE72-10941B0E2C14} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {FBD9A38D-86D7-4C14-9ED6-95529BB1359C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job => C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2011-11-10 14:20 - 2008-07-19 18:26 - 00087040 _____ () C:\Windows\System32\custmon64.dll
2011-11-10 21:40 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-07 02:39 - 2011-10-07 02:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-11-10 14:37 - 2011-05-26 15:14 - 00685976 _____ () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
2014-09-01 14:42 - 2014-06-20 23:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-01 14:42 - 2014-06-20 23:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 10:07 - 2014-04-25 10:07 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-09 19:15 - 2014-10-09 19:15 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkaaavi.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2011-11-10 14:37 - 2010-04-26 15:30 - 00090112 _____ () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\FileMapInfoDB.dll
2014-09-25 03:06 - 2014-09-25 03:06 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-09 19:15 - 2014-06-20 23:19 - 00104328 _____ () C:\Users\Owner\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2281097704-164782711-356799163-500 - Administrator - Disabled)
Darryl (S-1-5-21-2281097704-164782711-356799163-1006 - Administrator - Enabled) => C:\Users\Darryl
Guest (S-1-5-21-2281097704-164782711-356799163-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2281097704-164782711-356799163-1002 - Limited - Enabled)
Owner (S-1-5-21-2281097704-164782711-356799163-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2014 07:24:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/09/2014 07:08:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:07:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/09/2014 07:07:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/09/2014 07:07:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/09/2014 03:01:09 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (10/09/2014 03:01:05 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\Microsoft Security Client\en-US\MpAsDesc.dll.mui.

Error: (10/09/2014 00:19:44 AM) (Source: MsiInstaller) (EventID: 11706) (User: Owner-PC)
Description: Product: HP Officejet 6500 E710n-z Basic Device Software -- Error 1706. An installation package for the product HP Officejet 6500 E710n-z Basic Device Software cannot be found. Try the installation again using a valid copy of the installation package 'E710nx64.msi'.

Error: (10/08/2014 10:05:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/08/2014 10:05:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/09/2014 07:07:20 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :20" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 07:07:20 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{10D6E3BF-62E8-4CD1-9521-10F52F0C2A51} because another computer on the network has the same name.  The server could not start.

Error: (10/09/2014 07:07:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 07:05:01 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 07:04:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 07:04:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 07:04:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 07:01:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 07:01:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.

Error: (10/09/2014 05:25:03 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "OWNER-PC       :0" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.12 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (10/09/2014 07:24:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (10/09/2014 07:08:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:07:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (10/09/2014 07:07:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Owner-PC.local. Addr 192.168.1.2

Error: (10/09/2014 07:07:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.12:5353    4 owner-PC.local. Addr 192.168.1.12

Error: (10/09/2014 03:01:09 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

Error: (10/09/2014 03:01:05 AM) (Source: MsiInstaller) (EventID: 11321) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\Microsoft Security Client\en-US\MpAsDesc.dll.mui.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/09/2014 00:19:44 AM) (Source: MsiInstaller) (EventID: 11706) (User: Owner-PC)
Description: Product: HP Officejet 6500 E710n-z Basic Device Software -- Error 1706. An installation package for the product HP Officejet 6500 E710n-z Basic Device Software cannot be found. Try the installation again using a valid copy of the installation package 'E710nx64.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/08/2014 10:05:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (10/08/2014 10:05:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 4007.94 MB
Available physical RAM: 1895.41 MB
Total Pagefile: 10016.12 MB
Available Pagefile: 7776.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:221.95 GB) NTFS
Drive g: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:658.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B7B35B8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0004B0A5)
Partition 1: (Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Are you getting the Microsoft Security Client error? Yes still getting error message and Malwarebytes doesnt work either

 

[BrianDrab]

Step#1 - Registry Fix
1. Click the Windows Start Orb in the bottom-left
2. In the search box, type notepad, then click on Notepad to open it
3. Copy and paste the following text into the notepad document:
 

 Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}] 
"AutoStart"="" 

4. Click on File, then Save As...

5. Click on your Desktop as the save location, then in the file name box type: fix.reg

6. Click save and close the notepad document

7. Double-click the file fix.reg on your desktop
    note: if prompted by User Account Control, select Yes or Allow so the fix can continue

8. A message will appear about adding information into the registry, click Yes when prompted

9. A prompt should appear that the information was added successfully
    note: if not, please note the error message and post it in your next reply

10. Right-click on fix.reg and click Delete, then click Yes to confirm.

 

 

Step#2 - Fix Permissions

 

1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...

3.  Keep the defaults and click the Extract button.
4.  A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5.  Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder by double-clicking.

 
6. Right-click on Repair_Windows.exe and select Run as administrator. Click Yes to Allow if prompted.
7. When the program opens, click the Repairs tab and click the Open Repairs button..

8. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
9. Please click the Unselect All button and then click to enable only the following ones:
      02 - Reset File Permissions (1)
      03 - Reset Service Permissions

      08 - Repair MDAC/MS Jet

      10 - Remove Policies Set By Infections
      13 - Repair Winsock and DNS Cache
      21 - Repair MSI (Windows Installer)

      

Ensure the following are checked so the system restarts when complete.

 

 

      
10. Click the Start Repairs button in the lower right of the screen. This can take quite some time to run so be patient.
11. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.

12. Let me know if you get the error upon boot again.

 

Step#3 - Verify

1. Open up FarBar Service Scanner (FSS.exe) from your desktop.
2. Ensure all options are checked and click Scan.
3. It will create a log (FSS.txt) in the same directory the tool is run.
4. Please copy and paste the log to your reply.

  

 

Items for your next post

1. Still get the error upon boot?

2. FSS log

[ncaa76]

Still getting error when I boot computer.  Essentials will not work but Malware bytes is working. Here is the log requested.

 

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 10-10-2014 at 17:43:34
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

[ncaa76]

Additional follow up....

 

I reinstalled Essentials and it is working....all programs seems to be up and running...Let me know if I need to do another scan.